此内容尚未提供您的语言版本,正在以英文显示。

C Review

技能已验证活跃

Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when auditing native C/C++ applications, reviewing daemons or services for memory safety, or hunting integer overflow / use-after-free / race conditions in userspace code.

目的

To provide a comprehensive and automated security review for C/C++ codebases, helping developers find and fix critical vulnerabilities like memory corruption and integer overflows.

功能

Comprehensive C/C++ security review
Detection of memory corruption, integer overflows, race conditions
Platform-specific vulnerability analysis
Multi-agent architecture (worker, dedup, FP judge)
SARIF output for structured reporting

使用场景

Auditing native C/C++ applications for security flaws
Reviewing daemons or services for memory safety issues
Hunting for integer overflow, use-after-free, or race conditions in userspace code
Integrating automated security analysis into CI/CD pipelines

非目标

Reviewing kernel drivers or modules
Analyzing code in managed languages (Java, C#, Python, Go, Rust)
Auditing embedded/bare-metal code without libc
Performing dynamic analysis or fuzzing

Trust

info:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a closure rate below 50% and a moderate level of engagement.

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills

/plugin install c-review@trailofbits

质量评分

已验证

99 /100

1 day ago 分析

信任信号

最近提交3 days ago

GitHub 所有者 trailofbits

星标5.2k

许可证CC-BY-SA-4.0

状态

查看源代码

类似扩展

Codex PR Review

100

Revisa pull requests en proyectos Drupal 11 (u otro) siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "revisión Codex", "revisión de PR", "revisar PR", "revisar PR"

技能

j4rk0r

Codex Diff Develop

100

Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.

技能

j4rk0r

Clawsec Scanner

100

Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.

技能

prompt-security

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

技能

trailofbits

Review Pull Request

100

Review a pull request end-to-end using GitHub CLI. Covers diff analysis, commit history review, CI/CD check verification, severity-leveled feedback (blocking/suggestion/nit/praise), and gh pr review submission. Use when a pull request is assigned for review, performing a self-review before requesting others' input, conducting a second review after feedback is addressed, or auditing a merged PR for post-merge quality assessment.

技能

pjt222

Oh My Claudecode

100

Process-first advisor routing for Claude, Codex, or Gemini via `omc ask`, with artifact capture and no raw CLI assembly

技能

Yeachan-Heo