---
name: vulnhunter
description: Security vulnerability detection and variant analysis skill. Use when hunting for dangerous APIs, footgun patterns, error-prone configurations, and vulnerability variants across codebases. Combines sharp edges detection with variant hunting methodology.
---
VulnHunter - Security Vulnerability Detection & Analysis
A comprehensive security audit skill for identifying dangerous APIs, footgun patterns, error-prone configurations, and hunting for vulnerability variants across codebases. Inspired by Trail of Bits' sharp-edges and variant-analysis methodologies.
Overview
VulnHunter combines two powerful security analysis techniques:
Sharp Edges Detection - Identify error-prone APIs, dangerous defaults, and footgun designs
Variant Analysis - Find similar vulnerabilities across codebases using pattern-based analysisWhen to Use VulnHunter
Activate this skill when:
Conducting security code reviews or audits
Reviewing third-party dependencies for dangerous patterns
Hunting for variants of known vulnerabilities
Assessing API design for security footguns
Pre-audit reconnaissance of unfamiliar codebasesSharp Edges Detection
Categories of Sharp Edges
1. Dangerous Default Configurations
Look for configurations that are insecure by default:
- CORS: Access-Control-Allow-Origin: *
Debug modes enabled in production
Default credentials or API keys
Permissive file permissions (777, 666)
SSL/TLS verification disabled
Insecure deserialization settings
2. Error-Prone APIs
Memory Safety:
// Dangerous: No bounds checking
strcpy(), strcat(), sprintf(), gets()
memcpy() without size validation// Safer alternatives
strncpy(), strncat(), snprintf(), fgets()
memcpy_s() with explicit size
Cryptography Footguns:
```
ECB mode encryption
MD5/SHA1 for security purposes
Hardcoded IVs or salts
Custom crypto implementations
Random without CSPRNG (Math.random f