C Review
Skill Verifiziert AktivPerforms comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when auditing native C/C++ applications, reviewing daemons or services for memory safety, or hunting integer overflow / use-after-free / race conditions in userspace code.
To provide a comprehensive and automated security review for C/C++ codebases, helping developers find and fix critical vulnerabilities like memory corruption and integer overflows.
Funktionen
- Comprehensive C/C++ security review
- Detection of memory corruption, integer overflows, race conditions
- Platform-specific vulnerability analysis
- Multi-agent architecture (worker, dedup, FP judge)
- SARIF output for structured reporting
Anwendungsfälle
- Auditing native C/C++ applications for security flaws
- Reviewing daemons or services for memory safety issues
- Hunting for integer overflow, use-after-free, or race conditions in userspace code
- Integrating automated security analysis into CI/CD pipelines
Nicht-Ziele
- Reviewing kernel drivers or modules
- Analyzing code in managed languages (Java, C#, Python, Go, Rust)
- Auditing embedded/bare-metal code without libc
- Performing dynamic analysis or fuzzing
Trust
- info:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a closure rate below 50% and a moderate level of engagement.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install c-review@trailofbitsQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Codex PR Review
100Überprüft Pull Requests in Drupal 11 (oder anderen) Projekten gemäß der Codex-Methodik (Geschäftslogik, Edge Cases von Hooks/Queries, Sicherheit, Performance, Vollständigkeit). Generiert einen .md-Bericht im erkannten IDE-Ordner (.antigravity/, .cursor/, .vscode/ oder docs/) mit Befunden nach Schweregrad und umsetzbaren Lösungen. Verwenden Sie dies, wenn der Benutzer "Codex-Überprüfung", "PR-Überprüfung", "PR überprüfen", "PR überprüfen" anfordert.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Review Pull Request
100Review a pull request end-to-end using GitHub CLI. Covers diff analysis, commit history review, CI/CD check verification, severity-leveled feedback (blocking/suggestion/nit/praise), and gh pr review submission. Use when a pull request is assigned for review, performing a self-review before requesting others' input, conducting a second review after feedback is addressed, or auditing a merged PR for post-merge quality assessment.
Oh My Claudecode
100Process-first advisor routing for Claude, Codex, or Gemini via `omc ask`, with artifact capture and no raw CLI assembly