跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

Zeroize Audit

技能 已验证 活跃
属于:Zeroize Audit

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

目的

To enhance security reviews by automatically detecting and verifying vulnerabilities related to sensitive data handling and zeroization in compiled languages.

功能

  • Detects missing zeroization in C/C++/Rust
  • Identifies compiler optimizations removing zeroization
  • Performs assembly-level analysis
  • Verifies zeroization across control-flow paths
  • Generates proof-of-concept exploit examples

使用场景

  • Auditing cryptographic implementations for secure key handling
  • Reviewing authentication systems for exposed credentials
  • Verifying secure cleanup in security-critical codebases
  • Investigating memory safety of sensitive data handling

非目标

  • General code review without a security focus
  • Performance optimization unrelated to secure wiping
  • Refactoring tasks not related to sensitive data
  • Code without identifiable secrets or sensitive values

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills
/plugin install zeroize-audit@trailofbits

质量评分

已验证
95 /100
1 day ago 分析

信任信号

最近提交3 days ago
GitHub 所有者 trailofbits (opens in new tab)
星标5.2k
许可证CC-BY-SA-4.0
状态
查看源代码

类似扩展

调试代码

99

交互式调试源代码 — 设置断点、逐行单步执行、检查实时变量状态、针对正在运行的程序评估表达式,以及导航调用堆栈以追溯根本原因。当程序崩溃、引发意外异常、产生错误输出、需要理解执行如何达到某个状态,或打印语句调试不足以揭示问题时使用。

技能
AlmogBaku

Janitor Usage

100

显示您使用的技能以及从未使用过的技能

技能
khendzel

Lean Ctx

100

AI 代理的上下文运行时 — 包含 59 个 MCP 工具、10 种读取模式、95+ 种 shell 模式、支持 18 种语言的 tree-sitter AST。将 LLM 上下文压缩高达 99%。用于读取文件、运行 shell 命令、搜索代码或探索目录。如果不存在,则自动安装。

技能
yvgude

Cleanup Cycles

100

Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".

技能
raintree-technology

Running Tend

100

Worktrunk 专用指南,用于 tend CI 工作流。在通用 tend-* 技能之上添加了 Codecov 轮询、Rust 测试命令、标签和审查标准。在 CI 环境中运行时使用。

技能
max-sixty

Secrets Management

100

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

技能
wshobson