C Review

Skill Verified Active

Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when auditing native C/C++ applications, reviewing daemons or services for memory safety, or hunting integer overflow / use-after-free / race conditions in userspace code.

Purpose

To provide a comprehensive and automated security review for C/C++ codebases, helping developers find and fix critical vulnerabilities like memory corruption and integer overflows.

Features

Comprehensive C/C++ security review
Detection of memory corruption, integer overflows, race conditions
Platform-specific vulnerability analysis
Multi-agent architecture (worker, dedup, FP judge)
SARIF output for structured reporting

Use Cases

Auditing native C/C++ applications for security flaws
Reviewing daemons or services for memory safety issues
Hunting for integer overflow, use-after-free, or race conditions in userspace code
Integrating automated security analysis into CI/CD pipelines

Non-Goals

Reviewing kernel drivers or modules
Analyzing code in managed languages (Java, C#, Python, Go, Rust)
Auditing embedded/bare-metal code without libc
Performing dynamic analysis or fuzzing

Trust

info:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a closure rate below 50% and a moderate level of engagement.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills

/plugin install c-review@trailofbits

Quality Score

Verified

99 /100

Analyzed about 17 hours ago

Trust Signals

Last commit3 days ago

GitHub owner trailofbits

Stars5.2k

LicenseCC-BY-SA-4.0

Status

View Source

Similar Extensions

Codex PR Review

100

Revisa pull requests en proyectos Drupal 11 (u otro) siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "revisión Codex", "revisión de PR", "revisar PR", "revisar PR

Skill

j4rk0r

Codex Diff Develop

100

Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.

Skill

j4rk0r

Clawsec Scanner

100

Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.

Skill

prompt-security

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Skill

trailofbits

Review Pull Request

100

Review a pull request end-to-end using GitHub CLI. Covers diff analysis, commit history review, CI/CD check verification, severity-leveled feedback (blocking/suggestion/nit/praise), and gh pr review submission. Use when a pull request is assigned for review, performing a self-review before requesting others' input, conducting a second review after feedback is addressed, or auditing a merged PR for post-merge quality assessment.

Skill

pjt222

Oh My Claudecode

100

Process-first advisor routing for Claude, Codex, or Gemini via `omc ask`, with artifact capture and no raw CLI assembly

Skill

Yeachan-Heo