Can Sharp Edges help with cryptographic implementations?

Yes, it specifically looks for common crypto pitfalls like algorithm selection footguns, nonce reuse risks, and primitive vs. semantic type confusion where raw bytes are used for distinct security concepts.

What is a 'sharp edge' in software security?

A sharp edge is a design choice or API that makes it easy for a developer to accidentally introduce a security vulnerability, such as an insecure default value or a confusing parameter that requires deep domain knowledge to use safely.

How does this skill differ from a standard linter?

While linters find syntax or style errors, Sharp Edges analyzes the logic and design patterns of your APIs and configurations to identify structural risks that documentation alone cannot fix.

Is this skill useful for configuration management?

Absolutely. It identifies 'configuration cliffs' where a single typo, a negative value, or an unvalidated environment variable could silently disable critical security features like SSL verification or session timeouts.

Sharp Edges Security Auditor

Name: Sharp Edges Security Auditor
Author: fjor1025

byfjor1025

0•

セキュリティとテスト

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

Sharp Edges is a specialized security analysis skill designed to evaluate whether software interfaces, libraries, and configurations are resistant to developer misuse. Rather than just finding implementation bugs, it analyzes the architectural ergonomics of a system to identify 'footguns'—patterns where the easiest path for a developer leads to a security vulnerability. It is particularly effective for auditing cryptographic library usage, authentication interfaces, and complex configuration schemas, helping teams build a 'pit of success' where secure behavior is the natural and default outcome.

主な機能

01Analyzes cryptographic APIs for algorithm selection footguns and type confusion.

02Identifies stringly-typed security patterns that enable injection and privilege escalation.

03Detects dangerous configuration defaults and magic values that silently disable security.

04Evaluates API ergonomics to ensure the path of least resistance is the most secure.

050 GitHub stars

06Surfaces silent failure modes where security checks are bypassed without explicit errors.

ユースケース

01Auditing complex configuration schemas for settings that could lead to catastrophic failure.

02Conducting security-focused design reviews for new internal libraries and shared APIs.

03Evaluating third-party integrations for common cryptographic and authentication implementation pitfalls.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fjor1025/infosec-framework sharp-edges

For use in Claude.ai and ChatGPT

Download Skill