What kind of security reports does it generate?

It provides structured findings including severity levels, CWE categories, file locations, impact descriptions, and clear remediation guidance.

Can it help with dependency vulnerabilities?

Yes, it guides the use of tools like cargo-audit to detect and report known security flaws within your project's dependency tree.

Is it effective for WebAssembly development?

Yes, it specifically targets WASM-related risks such as FFI boundary validation, integer overflow in memory allocation, and sandboxing constraints.

Does it follow industry security standards?

Absolutely. The skill is designed to align with OWASP guidelines and Rust-specific security best practices to ensure defense-in-depth.

How does this skill handle unsafe Rust code?

It identifies all 'unsafe' blocks and audits them for safety invariants, specifically checking for use-after-free, double-frees, and invalid pointer arithmetic.

Rust & WASM Security Audit

Name: Rust & WASM Security Audit
Author: terraphim

byterraphim

0•

Seguridad y Pruebas

Audits Rust and WebAssembly applications for vulnerabilities, unsafe code usage, and adherence to security best practices.

The security-audit skill transforms Claude into a specialized security engineer dedicated to hardening Rust and WebAssembly ecosystems. It provides a systematic framework for identifying common vulnerability patterns, auditing 'unsafe' blocks for memory safety violations, and validating input handling logic against OWASP guidelines. By emphasizing defense-in-depth and least privilege, the skill helps developers secure FFI boundaries, prevent integer overflows, and ensure cryptographic implementations utilize audited libraries, ultimately producing production-ready code with clear remediation guidance for every finding.

Características Principales

01Verification of FFI boundaries and secure pointer arithmetic

02Cryptographic usage review for industry-standard library compliance

030 GitHub stars

04Comprehensive audit of 'unsafe' blocks and memory safety invariants

05Automated identification of injection, path traversal, and DoS vectors

06Standardized security reporting with severity levels and remediation steps

Casos de Uso

01Conducting pre-release security reviews for high-stakes Rust backend services

02Hardening WebAssembly modules against sandbox escapes and input manipulation

03Auditing legacy codebases for memory safety vulnerabilities and logic flaws

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add terraphim/codex-skills security-audit

For use in Claude.ai and ChatGPT

Download Skill