vulnerability-pattern-matcher
Matches code against Project CodeGuard's catalog of known-dangerous patterns — banned C functions, weak crypto primitives, hardcoded credentials, deprecated APIs. Use when grepping for low-hanging security fruit, when enforcing a ban-list in CI, or when the user asks to check for known-bad patterns.
89
86%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Vulnerability Pattern Matcher
This skill delegates to Project CodeGuard for its pattern catalog. Where static-vulnerability-detector traces data flow, this skill does lexical/syntactic matching against CodeGuard's ban-lists — faster, higher recall, more false positives.
Upstream: https://github.com/cosai-oasis/project-codeguard/tree/main/skills/software-security
Dispatch
| Pattern class | CodeGuard rule |
|---|---|
Banned C/C++ functions (strcpy, gets, sprintf, …) | codeguard-0-safe-c-functions |
| Weak crypto (MD5, SHA-1, DES, ECB, static IV) | codeguard-1-crypto-algorithms, codeguard-0-additional-cryptography |
| Hardcoded secrets (key prefixes, entropy, connection strings) | codeguard-1-hardcoded-credentials |
| Certificate handling (PEM blocks, weak sigs) | codeguard-1-digital-certificates |
| Deprecated OpenSSL/SSL APIs | codeguard-1-crypto-algorithms §"Deprecated SSL/Crypto APIs" |
Workflow
- grep/AST-match for the pattern classes above.
- For each hit, emit: file:line, matched pattern, the CodeGuard rule it violates, and that rule's prescribed replacement.
- Do not suppress matches based on context — that's
static-vulnerability-detector's job. This skill reports every hit; a human or a downstream flow triages.
- Commit
47d56bb
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.