此内容尚未提供您的语言版本,正在以英文显示。

Zeroize Audit

插件活跃

Detects missing or compiler-optimized zeroization of sensitive data with assembly and control-flow analysis

1 个 Skill 0 个 MCP

目的

To provide developers and security auditors with a robust tool for identifying and verifying vulnerabilities related to the improper handling and zeroization of sensitive data in code.

功能

Detects missing zeroization in source code
Identifies zeroization removed by compiler optimizations
Performs assembly-level analysis for stack/register security
Generates proof-of-concept exploits for verified findings
Analyzes C, C++, and Rust codebases

使用场景

Auditing cryptographic implementations for secure data handling
Reviewing authentication systems for secrets management flaws
Verifying secure cleanup procedures in security-critical code
Investigating memory safety issues concerning sensitive data

非目标

General code review or performance optimization outside of security
Refactoring code unrelated to sensitive data handling
Replacing a full static analysis suite for non-security-related bugs

Trust

warning:Issues Attention13 issues opened and 4 closed in the last 90 days suggests slow maintainer response to open issues (closure rate < 10%).

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills

/plugin install zeroize-audit@trailofbits

包含 1 个扩展

Skill (1)

Zeroize Audit 技能

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

质量评分

93 /100

1 day ago 分析

信任信号

最近提交3 days ago

GitHub 所有者 trailofbits

星标5.2k

许可证CC-BY-SA-4.0

状态

查看源代码

类似扩展

Arm Cortex Microcontrollers

100

ARM Cortex-M firmware development for Teensy, STM32, nRF52, and SAMD with peripheral drivers and memory safety patterns

插件

wshobson

C4 Architecture

Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation

插件

wshobson

Dimensional Analysis

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

插件

trailofbits

Ruflo Knowledge Graph

Knowledge graph construction — entity extraction, relation mapping, and pathfinder graph traversal

插件

ruvnet

Ruflo Ruvector

Self-learning vector database via npx ruvector@0.2.25 — HNSW, adaptive LoRA embeddings, code-graph clustering, hooks routing, brain/SONA, 103 MCP tools

插件

ruvnet

Everything Claude Code

Battle-tested Claude Code plugin for engineering teams — 60 agents, 228 skills, 75 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use

插件

affaan-m