{"id":"b30dfafe-b8b3-4b26-854f-abb6464c3697","shortId":"tjfAEY","kind":"skill","title":"zeroize-audit","tagline":"Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.","description":"# zeroize-audit — Claude Skill\n\n## When to Use\n- Auditing cryptographic implementations (keys, seeds, nonces, secrets)\n- Reviewing authentication systems (passwords, tokens, session data)\n- Analyzing code that handles PII or sensitive credentials\n- Verifying secure cleanup in security-critical codebases\n- Investigating memory safety of sensitive data handling\n\n## When NOT to Use\n- General code review without security focus\n- Performance optimization (unless related to secure wiping)\n- Refactoring tasks not related to sensitive data\n- Code without identifiable secrets or sensitive values\n\n---\n\n## Purpose\nDetect missing zeroization of sensitive data in source code and identify zeroization that is removed or weakened by compiler optimizations (e.g., dead-store elimination), with mandatory LLVM IR/asm evidence. Capabilities include:\n- Assembly-level analysis for register spills and stack retention\n- Data-flow tracking for secret copies\n- Heap allocator security warnings\n- Semantic IR analysis for loop unrolling and SSA form\n- Control-flow graph analysis for path coverage verification\n- Runtime validation test generation\n\n## Scope\n- Read-only against the target codebase (does not modify audited code; writes analysis artifacts to a temporary working directory).\n- Produces a structured report (JSON).\n- Requires valid build context (`compile_commands.json`) and compilable translation units.\n- \"Optimized away\" findings only allowed with compiler evidence (IR/asm diff).\n\n---\n\n## Inputs\n\nSee `{baseDir}/schemas/input.json` for the full schema. Key fields:\n\n| Field | Required | Default | Description |\n|---|---|---|---|\n| `path` | yes | — | Repo root |\n| `compile_db` | no | `null` | Path to `compile_commands.json` for C/C++ analysis. Required if `cargo_manifest` is not set. |\n| `cargo_manifest` | no | `null` | Path to `Cargo.toml` for Rust crate analysis. Required if `compile_db` is not set. |\n| `config` | no | — | YAML defining heuristics and approved wipes |\n| `opt_levels` | no | `[\"O0\",\"O1\",\"O2\"]` | Optimization levels for IR comparison. O1 is the diagnostic level: if a wipe disappears at O1 it is simple DSE; O2 catches more aggressive eliminations. |\n| `languages` | no | `[\"c\",\"cpp\",\"rust\"]` | Languages to analyze |\n| `max_tus` | no | — | Limit on translation units processed from compile DB |\n| `mcp_mode` | no | `prefer` | `off`, `prefer`, or `require` — controls Serena MCP usage |\n| `mcp_required_for_advanced` | no | `true` | Downgrade `SECRET_COPY`, `MISSING_ON_ERROR_PATH`, and `NOT_DOMINATING_EXITS` to `needs_review` when MCP is unavailable |\n| `mcp_timeout_ms` | no | — | Timeout budget for MCP semantic queries |\n| `poc_categories` | no | all 11 exploitable | Finding categories for which to generate PoCs. C/C++ findings: all 11 categories supported. Rust findings: only `MISSING_SOURCE_ZEROIZE`, `SECRET_COPY`, and `PARTIAL_WIPE` are supported; other Rust categories are marked `poc_supported=false`. |\n| `poc_output_dir` | no | `generated_pocs/` | Output directory for generated PoCs |\n| `enable_asm` | no | `true` | Enable assembly emission and analysis (Step 8); produces `STACK_RETENTION`, `REGISTER_SPILL`. Auto-disabled if `emit_asm.sh` is missing. |\n| `enable_semantic_ir` | no | `false` | Enable semantic LLVM IR analysis (Step 9); produces `LOOP_UNROLLED_INCOMPLETE` |\n| `enable_cfg` | no | `false` | Enable control-flow graph analysis (Step 10); produces `MISSING_ON_ERROR_PATH`, `NOT_DOMINATING_EXITS` |\n| `enable_runtime_tests` | no | `false` | Enable runtime test harness generation (Step 11) |\n\n---\n\n## Prerequisites\n\nBefore running, verify the following. Each has a defined failure mode.\n\n**C/C++ prerequisites:**\n\n| Prerequisite | Failure mode if missing |\n|---|---|\n| `compile_commands.json` at `compile_db` path | Fail fast — do not proceed |\n| `clang` on PATH | Fail fast — IR/ASM analysis impossible |\n| `uvx` on PATH (for Serena) | If `mcp_mode=require`: fail. If `mcp_mode=prefer`: continue without MCP; downgrade affected findings per Confidence Gating rules. |\n| `{baseDir}/tools/extract_compile_flags.py` | Fail fast — cannot extract per-TU flags |\n| `{baseDir}/tools/emit_ir.sh` | Fail fast — IR analysis impossible |\n| `{baseDir}/tools/emit_asm.sh` | Warn and skip assembly findings (STACK_RETENTION, REGISTER_SPILL) |\n| `{baseDir}/tools/mcp/check_mcp.sh` | Warn and treat as MCP unavailable |\n| `{baseDir}/tools/mcp/normalize_mcp_evidence.py` | Warn and use raw MCP output |\n\n**Rust prerequisites:**\n\n| Prerequisite | Failure mode if missing |\n|---|---|\n| `Cargo.toml` at `cargo_manifest` path | Fail fast — do not proceed |\n| `cargo check` passes | Fail fast — crate must be buildable |\n| `cargo +nightly` on PATH | Fail fast — nightly required for MIR and LLVM IR emission |\n| `uv` on PATH | Fail fast — required to run Python analysis scripts |\n| `{baseDir}/tools/validate_rust_toolchain.sh` | Warn — run preflight manually. Checks all tools, scripts, nightly, and optionally `cargo check`. Use `--json` for machine-readable output, `--manifest` to also validate the crate builds. |\n| `{baseDir}/tools/emit_rust_mir.sh` | Fail fast — MIR analysis impossible (`--opt`, `--crate`, `--bin/--lib` supported; `--out` can be file or directory) |\n| `{baseDir}/tools/emit_rust_ir.sh` | Fail fast — LLVM IR analysis impossible (`--opt` required; `--crate`, `--bin/--lib` supported; `--out` must be `.ll`) |\n| `{baseDir}/tools/emit_rust_asm.sh` | Warn and skip assembly findings (`STACK_RETENTION`, `REGISTER_SPILL`). Supports `--opt`, `--crate`, `--bin/--lib`, `--target`, `--intel-syntax`; `--out` can be `.s` file or directory. |\n| `{baseDir}/tools/diff_rust_mir.sh` | Warn and skip MIR-level optimization comparison. Accepts 2+ MIR files, normalizes, diffs pairwise, and reports first opt level where zeroize/drop-glue patterns disappear. |\n| `{baseDir}/tools/scripts/semantic_audit.py` | Warn and skip semantic source analysis |\n| `{baseDir}/tools/scripts/find_dangerous_apis.py` | Warn and skip dangerous API scan |\n| `{baseDir}/tools/scripts/check_mir_patterns.py` | Warn and skip MIR analysis |\n| `{baseDir}/tools/scripts/check_llvm_patterns.py` | Warn and skip LLVM IR analysis |\n| `{baseDir}/tools/scripts/check_rust_asm.py` | Warn and skip Rust assembly analysis (`STACK_RETENTION`, `REGISTER_SPILL`, drop-glue checks). Dispatches to `check_rust_asm_x86.py` (production) or `check_rust_asm_aarch64.py` (**EXPERIMENTAL** — AArch64 findings require manual verification). |\n| `{baseDir}/tools/scripts/check_rust_asm_x86.py` | Required by `check_rust_asm.py` for x86-64 analysis; warn and skip if missing |\n| `{baseDir}/tools/scripts/check_rust_asm_aarch64.py` | Required by `check_rust_asm.py` for AArch64 analysis (**EXPERIMENTAL**); warn and skip if missing |\n\n**Common prerequisite:**\n\n| Prerequisite | Failure mode if missing |\n|---|---|\n| `{baseDir}/tools/generate_poc.py` | Fail fast — PoC generation is mandatory |\n\n---\n\n## Approved Wipe APIs\n\nThe following are recognized as valid zeroization. Configure additional entries in `{baseDir}/configs/`.\n\n**C/C++**\n- `explicit_bzero`\n- `memset_s`\n- `SecureZeroMemory`\n- `OPENSSL_cleanse`\n- `sodium_memzero`\n- Volatile wipe loops (pattern-based; see `volatile_wipe_patterns` in `{baseDir}/configs/default.yaml`)\n- In IR: `llvm.memset` with volatile flag, volatile stores, or non-elidable wipe call\n\n**Rust**\n- `zeroize::Zeroize` trait (`zeroize()` method)\n- `Zeroizing<T>` wrapper (drop-based)\n- `ZeroizeOnDrop` derive macro\n\n---\n\n## Finding Capabilities\n\nFindings are grouped by required evidence. Only attempt findings for which the required tooling is available.\n\n| Finding ID | Description | Requires | PoC Support |\n|---|---|---|---|\n| `MISSING_SOURCE_ZEROIZE` | No zeroization found in source | Source only | Yes (C/C++ + Rust) |\n| `PARTIAL_WIPE` | Incorrect size or incomplete wipe | Source only | Yes (C/C++ + Rust) |\n| `NOT_ON_ALL_PATHS` | Zeroization missing on some control-flow paths (heuristic) | Source only | Yes (C/C++ only) |\n| `SECRET_COPY` | Sensitive data copied without zeroization tracking | Source + MCP preferred | Yes (C/C++ + Rust) |\n| `INSECURE_HEAP_ALLOC` | Secret uses insecure allocator (malloc vs. secure_malloc) | Source only | Yes (C/C++ only) |\n| `OPTIMIZED_AWAY_ZEROIZE` | Compiler removed zeroization | IR diff required (never source-only) | Yes |\n| `STACK_RETENTION` | Stack frame may retain secrets after return | Assembly required (C/C++); LLVM IR `alloca`+`lifetime.end` evidence (Rust); assembly corroboration upgrades to `confirmed` | Yes (C/C++ only) |\n| `REGISTER_SPILL` | Secrets spilled from registers to stack | Assembly required (C/C++); LLVM IR `load`+call-site evidence (Rust); assembly corroboration upgrades to `confirmed` | Yes (C/C++ only) |\n| `MISSING_ON_ERROR_PATH` | Error-handling paths lack cleanup | CFG or MCP required | Yes |\n| `NOT_DOMINATING_EXITS` | Wipe doesn't dominate all exits | CFG or MCP required | Yes |\n| `LOOP_UNROLLED_INCOMPLETE` | Unrolled loop wipe is incomplete | Semantic IR required | Yes |\n\n---\n\n## Agent Architecture\n\nThe analysis pipeline uses 11 agents across 8 phases, invoked by the orchestrator (`{baseDir}/prompts/task.md`) via `Task`. Agents write persistent finding files to a shared working directory (`/tmp/zeroize-audit-{run_id}/`), enabling parallel execution and protecting against context pressure.\n\n| Agent | Phase | Purpose | Output Directory |\n|---|---|---|---|\n| `0-preflight` | Phase 0 | Preflight checks (tools, toolchain, compile DB, crate build), config merge, workdir creation, TU enumeration | `{workdir}/` |\n| `1-mcp-resolver` | Phase 1, Wave 1 (C/C++ only) | Resolve symbols, types, and cross-file references via Serena MCP | `mcp-evidence/` |\n| `2-source-analyzer` | Phase 1, Wave 2a (C/C++ only) | Identify sensitive objects, detect wipes, validate correctness, data-flow/heap | `source-analysis/` |\n| `2b-rust-source-analyzer` | Phase 1, Wave 2b (Rust only, parallel with 2a) | Rustdoc JSON trait-aware analysis + dangerous API grep | `source-analysis/` |\n| `3-tu-compiler-analyzer` | Phase 2, Wave 3 (C/C++ only, N parallel) | Per-TU IR diff, assembly, semantic IR, CFG analysis | `compiler-analysis/{tu_hash}/` |\n| `3b-rust-compiler-analyzer` | Phase 2, Wave 3R (Rust only, single agent) | Crate-level MIR, LLVM IR, and assembly analysis | `rust-compiler-analysis/` |\n| `4-report-assembler` | Phase 3 (interim) + Phase 6 (final) | Collect findings from all agents, apply confidence gates; merge PoC results and produce final report | `report/` |\n| `5-poc-generator` | Phase 4 | Craft bespoke proof-of-concept programs (C/C++: all categories; Rust: MISSING_SOURCE_ZEROIZE, SECRET_COPY, PARTIAL_WIPE) | `poc/` |\n| `5b-poc-validator` | Phase 5 | Compile and run all PoCs | `poc/` |\n| `5c-poc-verifier` | Phase 5 | Verify each PoC proves its claimed finding | `poc/` |\n| `6-test-generator` | Phase 7 (optional) | Generate runtime validation test harnesses | `tests/` |\n\nThe orchestrator reads one per-phase workflow file from `{baseDir}/workflows/` at a time, and maintains `orchestrator-state.json` for recovery after context compression. Agents receive configuration by file path (`config_path`), not by value.\n\n### Execution flow\n\n```\nPhase 0: 0-preflight agent — Preflight + config + create workdir + enumerate TUs\n           → writes orchestrator-state.json, merged-config.yaml, preflight.json\nPhase 1: Wave 1:  1-mcp-resolver              (skip if mcp_mode=off OR language_mode=rust)\n         Wave 2a: 2-source-analyzer           (C/C++ only; skip if no compile_db)  ─┐ parallel\n         Wave 2b: 2b-rust-source-analyzer     (Rust only; skip if no cargo_manifest) ─┘\nPhase 2: Wave 3:  3-tu-compiler-analyzer x N  (C/C++ only; parallel per TU)\n         Wave 3R: 3b-rust-compiler-analyzer   (Rust only; single crate-level agent)\nPhase 3: Wave 4:  4-report-assembler          (mode=interim → findings.json; reads all agent outputs)\nPhase 4: Wave 5:  5-poc-generator             (C/C++: all categories; Rust: MISSING_SOURCE_ZEROIZE, SECRET_COPY, PARTIAL_WIPE; other Rust findings: poc_supported=false)\nPhase 5: PoC Validation & Verification\n           Step 1: 5b-poc-validator agent      (compile and run all PoCs)\n           Step 2: 5c-poc-verifier agent       (verify each PoC proves its claimed finding)\n           Step 3: Orchestrator presents verification failures to user via AskUserQuestion\n           Step 4: Orchestrator merges all results into poc_final_results.json\nPhase 6: Wave 6: 4-report-assembler           (mode=final → merge PoC results, final-report.md)\nPhase 7: Wave 7: 6-test-generator             (optional)\nPhase 8: Orchestrator — Return final-report.md\n```\n\n## Cross-Reference Convention\n\nIDs are namespaced per agent to prevent collisions during parallel execution:\n\n| Entity | Pattern | Assigned By |\n|---|---|---|\n| Sensitive object (C/C++) | `SO-0001`–`SO-4999` | `2-source-analyzer` |\n| Sensitive object (Rust) | `SO-5000`–`SO-9999` (Rust namespace) | `2b-rust-source-analyzer` |\n| Source finding (C/C++) | `F-SRC-NNNN` | `2-source-analyzer` |\n| Source finding (Rust) | `F-RUST-SRC-NNNN` | `2b-rust-source-analyzer` |\n| IR finding (C/C++) | `F-IR-{tu_hash}-NNNN` | `3-tu-compiler-analyzer` |\n| ASM finding (C/C++) | `F-ASM-{tu_hash}-NNNN` | `3-tu-compiler-analyzer` |\n| CFG finding | `F-CFG-{tu_hash}-NNNN` | `3-tu-compiler-analyzer` |\n| Semantic IR finding | `F-SIR-{tu_hash}-NNNN` | `3-tu-compiler-analyzer` |\n| Rust MIR finding | `F-RUST-MIR-NNNN` | `3b-rust-compiler-analyzer` |\n| Rust LLVM IR finding | `F-RUST-IR-NNNN` | `3b-rust-compiler-analyzer` |\n| Rust assembly finding | `F-RUST-ASM-NNNN` | `3b-rust-compiler-analyzer` |\n| Translation unit | `TU-{hash}` | Orchestrator |\n| Final finding | `ZA-NNNN` | `4-report-assembler` |\n\nEvery finding JSON object includes `related_objects`, `related_findings`, and `evidence_files` fields for cross-referencing between agents.\n\n---\n\n## Detection Strategy\n\nAnalysis runs in two phases. For complete step-by-step guidance, see `{baseDir}/references/detection-strategy.md`.\n\n| Phase | Steps | Findings produced | Required tooling |\n|---|---|---|---|\n| Phase 1 (Source) | 1–6 | `MISSING_SOURCE_ZEROIZE`, `PARTIAL_WIPE`, `NOT_ON_ALL_PATHS`, `SECRET_COPY`, `INSECURE_HEAP_ALLOC` | Source + compile DB |\n| Phase 2 (Compiler) | 7–12 | `OPTIMIZED_AWAY_ZEROIZE`, `STACK_RETENTION`*, `REGISTER_SPILL`*, `LOOP_UNROLLED_INCOMPLETE`†, `MISSING_ON_ERROR_PATH`‡, `NOT_DOMINATING_EXITS`‡ | `clang`, IR/ASM tools |\n\n\\* requires `enable_asm=true` (default)\n† requires `enable_semantic_ir=true`\n‡ requires `enable_cfg=true`\n\n---\n\n\n## Output Format\n\nEach run produces two outputs:\n\n1. **`final-report.md`** — Comprehensive markdown report (primary human-readable output)\n2. **`findings.json`** — Structured JSON matching `{baseDir}/schemas/output.json` (for machine consumption and downstream tools)\n\n### Markdown Report Structure\n\nThe markdown report (`final-report.md`) contains these sections:\n\n- **Header**: Run metadata (run_id, timestamp, repo, compile_db, config summary)\n- **Executive Summary**: Finding counts by severity, confidence, and category\n- **Sensitive Objects Inventory**: Table of all identified objects with IDs, types, locations\n- **Findings**: Grouped by severity then confidence. Each finding includes location, object, all evidence (source/IR/ASM/CFG), compiler evidence details, and recommended fix\n- **Superseded Findings**: Source findings replaced by CFG-backed findings\n- **Confidence Gate Summary**: Downgrades applied and overrides rejected\n- **Analysis Coverage**: TUs analyzed, agent success/failure, features enabled\n- **Appendix: Evidence Files**: Mapping of finding IDs to evidence file paths\n\n### Structured JSON\n\nThe `findings.json` file follows the schema in `{baseDir}/schemas/output.json`. Each `Finding` object:\n\n```json\n{\n  \"id\": \"ZA-0001\",\n  \"category\": \"OPTIMIZED_AWAY_ZEROIZE\",\n  \"severity\": \"high\",\n  \"confidence\": \"confirmed\",\n  \"language\": \"c\",\n  \"file\": \"src/crypto.c\",\n  \"line\": 42,\n  \"symbol\": \"key_buf\",\n  \"evidence\": \"store volatile i8 0 count: O0=32, O2=0 — wipe eliminated by DSE\",\n  \"compiler_evidence\": {\n    \"opt_levels\": [\"O0\", \"O2\"],\n    \"o0\": \"32 volatile stores targeting key_buf\",\n    \"o2\": \"0 volatile stores (all eliminated)\",\n    \"diff_summary\": \"All volatile wipe stores removed at O2 — classic DSE pattern\"\n  },\n  \"suggested_fix\": \"Replace memset with explicit_bzero or add compiler_fence(SeqCst) after the wipe\",\n  \"poc\": {\n    \"file\": \"generated_pocs/ZA-0001.c\",\n    \"makefile_target\": \"ZA-0001\",\n    \"compile_opt\": \"-O2\",\n    \"requires_manual_adjustment\": false,\n    \"validated\": true,\n    \"validation_result\": \"exploitable\"\n  }\n}\n```\n\nSee `{baseDir}/schemas/output.json` for the full schema and enum values.\n\n---\n\n## Confidence Gating\n\n### Evidence thresholds\n\nA finding requires at least **2 independent signals** to be marked `confirmed`. With 1 signal, mark `likely`. With 0 strong signals (name-pattern match only), mark `needs_review`.\n\nSignals include: name pattern match, type hint match, explicit annotation, IR evidence, ASM evidence, MCP cross-reference, CFG evidence, PoC validation.\n\n### PoC validation as evidence signal\n\nEvery finding is validated against a bespoke PoC. After compilation and execution, each PoC is also verified to ensure it actually tests the claimed vulnerability. The combined result is an evidence signal:\n\n| PoC Result | Verified | Impact |\n|---|---|---|\n| Exit 0 (exploitable) | Yes | Strong signal — can upgrade `likely` to `confirmed` |\n| Exit 1 (not exploitable) | Yes | Downgrade severity to `low` (informational); retain in report |\n| Exit 0 or 1 | No (user accepted) | Weaker signal — note verification failure in evidence |\n| Exit 0 or 1 | No (user rejected) | No confidence change; annotate as `rejected` |\n| Compile failure / no PoC | — | No confidence change; annotate in evidence |\n\n### MCP unavailability downgrade\n\nWhen `mcp_mode=prefer` and MCP is unavailable, downgrade the following unless independent IR/CFG/ASM evidence is strong (2+ signals without MCP):\n\n| Finding | Downgraded confidence |\n|---|---|\n| `SECRET_COPY` | `needs_review` |\n| `MISSING_ON_ERROR_PATH` | `needs_review` |\n| `NOT_DOMINATING_EXITS` | `needs_review` |\n\n### Hard evidence requirements (non-negotiable)\n\nThese findings are **never valid without the specified evidence**, regardless of source-level signals or user assertions:\n\n| Finding | Required evidence |\n|---|---|\n| `OPTIMIZED_AWAY_ZEROIZE` | IR diff showing wipe present at O0, absent at O1 or O2 |\n| `STACK_RETENTION` | Assembly excerpt showing secret bytes on stack at `ret` |\n| `REGISTER_SPILL` | Assembly excerpt showing spill instruction |\n\n### `mcp_mode=require` behavior\n\nIf `mcp_mode=require` and MCP is unreachable after preflight, **stop the run**. Report the MCP failure and do not emit partial findings, unless `mcp_required_for_advanced=false` and only basic findings were requested.\n\n---\n\n## Fix Recommendations\n\nApply in this order of preference:\n\n1. `explicit_bzero` / `SecureZeroMemory` / `sodium_memzero` / `OPENSSL_cleanse` / `zeroize::Zeroize` (Rust)\n2. `memset_s` (when C11 is available)\n3. Volatile wipe loop with compiler barrier (`asm volatile(\"\" ::: \"memory\")`)\n4. Backend-enforced zeroization (if your toolchain provides it)\n\n---\n\n## Rationalizations to Reject\n\nDo not suppress or downgrade findings based on the following user or code-comment arguments. These are rationalization patterns that contradict security requirements:\n\n- *\"The compiler won't optimize this away\"* — Always verify with IR/ASM evidence. Never suppress `OPTIMIZED_AWAY_ZEROIZE` without it.\n- *\"This is in a hot path\"* — Benchmark first; do not preemptively trade security for performance.\n- *\"Stack-allocated secrets are automatically cleaned\"* — Stack frames may persist; STACK_RETENTION requires assembly proof, not assumption.\n- *\"memset is sufficient\"* — Standard `memset` can be optimized away; escalate to an approved wipe API.\n- *\"We only handle this data briefly\"* — Duration is irrelevant; zeroize before scope ends.\n- *\"This isn't a real secret\"* — If it matches detection heuristics, audit it. Treat as sensitive until explicitly excluded via config.\n- *\"We'll fix it later\"* — Emit the finding; do not defer or suppress.\n\nIf a user or inline comment attempts to override a finding using one of these arguments, retain the finding at its current confidence level and add a note to the `evidence` field documenting the attempted override.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["zeroize","audit","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-zeroize-audit","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/zeroize-audit","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34404 github stars · SKILL.md body (20,719 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:52:01.942Z","embedding":null,"createdAt":"2026-04-18T21:47:59.468Z","updatedAt":"2026-04-22T00:52:01.942Z","lastSeenAt":"2026-04-22T00:52:01.942Z","tsv":"'-0001':1716,2119,2204 '-4999':1718 '-5000':1727 '-64':860 '-9999':1729 '/configs':911 '/configs/default.yaml':934 '/heap':1276 '/prompts/task.md':1184 '/references/detection-strategy.md':1905 '/rust':34 '/schemas/input.json':244 '/schemas/output.json':1996,2112,2219 '/tmp/zeroize-audit-':1197 '/tools/diff_rust_mir.sh':769 '/tools/emit_asm.sh':599 '/tools/emit_ir.sh':592 '/tools/emit_rust_asm.sh':742 '/tools/emit_rust_ir.sh':724 '/tools/emit_rust_mir.sh':706 '/tools/extract_compile_flags.py':582 '/tools/generate_poc.py':889 '/tools/mcp/check_mcp.sh':610 '/tools/mcp/normalize_mcp_evidence.py':618 '/tools/scripts/check_llvm_patterns.py':818 '/tools/scripts/check_mir_patterns.py':811 '/tools/scripts/check_rust_asm.py':826 '/tools/scripts/check_rust_asm_aarch64.py':868 '/tools/scripts/check_rust_asm_x86.py':854 '/tools/scripts/find_dangerous_apis.py':803 '/tools/scripts/semantic_audit.py':795 '/tools/validate_rust_toolchain.sh':677 '/workflows':1461 '0':1213,1216,1487,1488,2141,2146,2165,2249,2324,2348,2362 '1':1232,1237,1239,1261,1286,1502,1504,1505,1622,1913,1915,1980,2244,2335,2350,2364,2533 '10':499 '11':402,414,519,1174 '12':1938 '2':779,1256,1312,1340,1520,1547,1634,1719,1744,1935,1990,2236,2404,2544 '2a':1263,1293,1519 '2b':1281,1288,1533,1535,1733,1757 '2b-rust-source-analyzer':1280,1534,1732,1756 '3':1306,1314,1365,1549,1550,1577,1648,1770,1784,1797,1811,2551 '32':2144,2158 '3b':1335,1565,1825,1839,1852 '3b-rust-compiler-analyzer':1334,1564,1824,1838,1851 '3r':1342,1563 '4':1360,1391,1579,1580,1592,1658,1669,1866,2561 '42':2133 '5':1386,1416,1428,1594,1595,1617 '5b':1412,1624 '5b-poc-validator':1411,1623 '5c':1424,1636 '5c-poc-verifier':1423,1635 '6':1368,1437,1666,1668,1683,1916 '7':1442,1680,1682,1937 '8':459,1177,1689 '9':483 'aarch64':848,873 'absent':2463 'accept':778,2353 'across':1176 'actual':2307 'add':2190,2737 'addit':907 'adjust':2210 'advanc':367,2517 'affect':575 'agent':1168,1175,1187,1208,1346,1374,1473,1490,1575,1589,1627,1639,1701,1888,2087 'aggress':331 'alloc':171,1046,1050,1930,2634 'alloca':1088 'allow':235 'also':700,2302 'alway':2605 'analysi':24,156,176,187,210,268,286,457,481,497,555,596,674,710,729,801,816,824,832,861,874,1171,1279,1299,1305,1328,1331,1355,1359,1891,2083 'analyz':66,340,1259,1284,1310,1338,1523,1538,1554,1568,1722,1736,1747,1760,1774,1788,1801,1815,1828,1842,1855,2086 'annot':2269,2371,2381 'api':808,898,1301,2664 'appendix':2091 'appli':1375,2079,2527 'approv':300,896,2662 'architectur':1169 'argument':2589,2727 'artifact':211 'ask':2781 'askuserquest':1656 'asm':450,1775,1780,1849,1961,2272,2558 'assembl':22,154,454,603,746,831,1083,1092,1108,1119,1324,1354,1363,1583,1672,1844,1869,2470,2481,2646 'assembly-level':21,153 'assert':2449 'assign':1710 'assumpt':2649 'attempt':972,2718,2746 'audit':3,32,46,52,207,2689 'authent':60 'auto':466 'auto-dis':465 'automat':2637 'avail':980,2550 'awar':1298 'away':232,1061,1940,2122,2454,2604,2613,2658 'back':2073 'backend':2563 'backend-enforc':2562 'barrier':2557 'base':927,959,2580 'basedir':243,581,591,598,609,617,676,705,723,741,768,794,802,810,817,825,853,867,888,910,933,1183,1460,1904,1995,2111,2218 'basic':2521 'behavior':2489 'benchmark':2623 'bespok':1393,2293 'bin':714,734,755 'boundari':2789 'briefli':2670 'budget':393 'buf':2136,2163 'build':224,704,1224 'buildabl':650 'byte':2474 'bzero':914,2188,2535 'c':335,2129 'c/c':33,267,411,532,912,998,1010,1028,1042,1058,1085,1098,1110,1125,1240,1264,1315,1399,1524,1557,1599,1714,1739,1763,1777 'c11':2548 'call':948,1115 'call-sit':1114 'cannot':585 'capabl':151,964 'cargo':271,276,634,642,651,689,1544 'cargo.toml':282,632 'catch':329 'categori':399,405,415,432,1401,1601,2032,2120 'cfg':489,1137,1151,1327,1789,1793,1971,2072,2278 'cfg-back':2071 'chang':2370,2380 'check':643,682,690,840,1218 'check_rust_asm.py':857,871 'check_rust_asm_aarch64.py':846 'check_rust_asm_x86.py':843 'claim':1434,1645,2310 'clang':549,1956 'clarif':2783 'classic':2179 'claud':47 'clean':2638 'cleans':919,2540 'cleanup':76,1136 'clear':2756 'code':12,35,67,94,113,129,208,2587 'code-com':2586 'codebas':81,203 'collect':1370 'collis':1704 'combin':2313 'comment':2588,2717 'common':881 'comparison':312,777 'compil':18,139,228,237,259,289,350,541,1063,1221,1309,1330,1337,1358,1417,1529,1553,1567,1628,1773,1787,1800,1814,1827,1841,1854,1932,1936,2020,2059,2151,2191,2205,2296,2374,2556,2599 'compile_commands.json':226,265,539 'compiler-analysi':1329 'complet':1897 'comprehens':1982 'compress':1472 'concept':1397 'confid':578,1376,2030,2050,2075,2126,2227,2369,2379,2410,2734 'config':294,1225,1479,1492,2022,2698 'configur':906,1475 'confirm':1096,1123,2127,2242,2333 'consumpt':1999 'contain':2010 'context':225,1206,1471 'continu':571 'contradict':2595 'control':27,184,360,494,1021 'control-flow':26,183,493,1020 'convent':1696 'copi':169,372,424,1031,1034,1407,1607,1927,2412 'correct':1272 'corrobor':1093,1120 'count':2027,2142 'coverag':190,2084 'cpp':336 'craft':1392 'crate':285,647,703,713,733,754,1223,1348,1573 'crate-level':1347,1572 'creat':1493 'creation':1228 'credenti':73 'criteria':2792 'critic':80 'cross':1247,1694,1885,2276 'cross-fil':1246 'cross-refer':1693,2275 'cross-referenc':1884 'cryptograph':53 'current':2733 'danger':807,1300 'data':9,43,65,87,112,126,164,1033,1274,2669 'data-flow':163,1273 'db':260,290,351,542,1222,1530,1933,2021 'dead':143 'dead-stor':142 'default':253,1963 'defer':2709 'defin':297,529 'deriv':961 'describ':2760 'descript':254,983 'detail':2061 'detect':4,121,1269,1889,2687 'diagnost':316 'diff':240,783,1067,1323,2170,2457 'dir':440 'directori':216,445,722,767,1196,1212 'disabl':467 'disappear':321,793 'dispatch':841 'document':2744 'doesn':1146 'domin':379,506,1143,1148,1954,2422 'downgrad':370,574,2078,2339,2386,2395,2409,2578 'downstream':2001 'drop':838,958 'drop-bas':957 'drop-glu':837 'dse':327,2150,2180 'durat':2671 'e.g':141 'elid':946 'elimin':145,332,2148,2169 'emiss':455,664 'emit':2510,2704 'emit_asm.sh':469 'enabl':449,453,472,477,488,492,508,513,1200,1960,1965,1970,2090 'end':2677 'enforc':2564 'ensur':2305 'entiti':1708 'entri':908 'enum':2225 'enumer':1230,1495 'environ':2772 'environment-specif':2771 'error':375,503,1129,1132,1951,2417 'error-handl':1131 'escal':2659 'everi':1870,2287 'evid':150,238,970,1090,1117,1255,1880,2057,2060,2092,2099,2137,2152,2229,2271,2273,2279,2285,2317,2360,2383,2401,2427,2440,2452,2609,2742 'excerpt':2471,2482 'exclud':2696 'execut':1202,1484,1707,2024,2298 'exit':380,507,1144,1150,1955,2323,2334,2347,2361,2423 'experiment':847,875 'expert':2777 'explicit':913,2187,2268,2534,2695 'exploit':403,2216,2325,2337 'extract':586 'f':1741,1752,1765,1779,1792,1806,1820,1834,1847 'f-asm':1778 'f-cfg':1791 'f-ir':1764 'f-rust-asm-nnnn':1846 'f-rust-ir-nnnn':1833 'f-rust-mir-nnnn':1819 'f-rust-src-nnnn':1751 'f-sir':1805 'f-src-nnnn':1740 'fail':544,552,566,583,593,637,645,655,668,707,725,890 'failur':530,535,628,884,1652,2358,2375,2506 'fals':437,476,491,512,1615,2211,2518 'fast':545,553,584,594,638,646,656,669,708,726,891 'featur':2089 'fenc':2192 'field':250,251,1882,2743 'file':720,765,781,1191,1248,1458,1477,1881,2093,2100,2106,2130,2198 'final':1369,1383,1674,1861 'final-report.md':1678,1692,1981,2009 'find':233,404,412,418,576,604,747,849,963,965,973,981,1190,1371,1435,1612,1646,1738,1749,1762,1776,1790,1804,1818,1832,1845,1862,1871,1878,1908,2026,2045,2052,2066,2068,2074,2096,2114,2232,2288,2408,2433,2450,2512,2522,2579,2706,2722,2730 'findings.json':1586,1991,2105 'first':787,2624 'fix':2064,2183,2525,2701 'flag':590,940 'flow':28,165,185,495,1022,1275,1485 'focus':98 'follow':525,900,2107,2397,2583 'form':182 'format':1974 'found':992 'frame':1077,2640 'full':247,2222 'gate':579,1377,2076,2228 'general':93 'generat':195,409,442,447,517,893,1389,1440,1444,1598,1686,2199 'glue':839 'graph':186,496 'grep':1302 'group':967,2046 'guidanc':1902 'handl':36,69,88,1133,2667 'har':516,1448 'hard':2426 'hash':1333,1768,1782,1795,1809,1859 'header':2013 'heap':170,1045,1929 'heurist':298,1024,2688 'high':2125 'hint':2266 'hot':2621 'human':1987 'human-read':1986 'i8':2140 'id':982,1199,1697,2017,2042,2097,2117 'identifi':14,115,131,1266,2039 'impact':2322 'implement':54 'imposs':556,597,711,730 'includ':152,1874,2053,2261 'incomplet':487,1005,1158,1163,1948 'incorrect':1002 'independ':2237,2399 'inform':2343 'inlin':2716 'input':241,2786 'insecur':1044,1049,1928 'instruct':2485 'intel':759 'intel-syntax':758 'interim':1366,1585 'inventori':2035 'investig':82 'invok':1179 'ir':175,311,474,480,595,663,728,823,936,1066,1087,1112,1165,1322,1326,1352,1761,1766,1803,1831,1836,1967,2270,2456 'ir/asm':149,239,554,1957,2608 'ir/cfg/asm':2400 'irrelev':2673 'isn':2679 'json':221,692,1295,1872,1993,2103,2116 'key':38,55,249,2135,2162 'lack':1135 'languag':333,338,1515,2128 'later':2703 'least':2235 'level':23,155,303,309,317,775,789,1349,1574,2154,2445,2735 'lib':715,735,756 'lifetime.end':1089 'like':2247,2331 'limit':344,2748 'line':2132 'll':740,2700 'llvm':148,479,662,727,822,1086,1111,1351,1830 'llvm.memset':937 'load':1113 'locat':2044,2054 'loop':178,485,924,1156,1160,1946,2554 'low':2342 'machin':695,1998 'machine-read':694 'macro':962 'maintain':1466 'makefil':2201 'malloc':1051,1054 'mandatori':147,895 'manifest':272,277,635,698,1545 'manual':681,851,2209 'map':2094 'mark':434,2241,2246,2257 'markdown':1983,2003,2007 'match':1994,2255,2264,2267,2686,2757 'max':341 'may':1078,2641 'mcp':352,362,364,385,388,395,563,568,573,615,623,1039,1139,1153,1234,1252,1254,1507,1511,2274,2384,2388,2392,2407,2486,2491,2495,2505,2514 'mcp-evid':1253 'mcp-resolv':1233,1506 'memori':83,2560 'memset':915,2185,2545,2650,2654 'memzero':921,2538 'merg':1226,1378,1660,1675 'merged-config.yaml':1499 'metadata':2015 'method':954 'mir':660,709,774,780,815,1350,1817,1822 'mir-level':773 'miss':5,122,373,420,471,501,538,631,866,880,887,987,1017,1127,1403,1603,1917,1949,2415,2794 'mode':353,531,536,564,569,629,885,1512,1516,1584,1673,2389,2487,2492 'modifi':206 'ms':390 'must':648,738 'n':1317,1556 'name':2253,2262 'name-pattern':2252 'namespac':1699,1731 'need':382,2258,2413,2419,2424 'negoti':2431 'never':1069,2435,2610 'night':652,657,686 'nnnn':1743,1755,1769,1783,1796,1810,1823,1837,1850,1865 'non':945,2430 'non-elid':944 'non-negoti':2429 'nonc':57 'normal':782 'note':2356,2739 'null':262,279 'o0':305,2143,2155,2157,2462 'o1':306,313,323,2465 'o2':307,328,2145,2156,2164,2178,2207,2467 'object':1268,1713,1724,1873,1876,2034,2040,2055,2115 'one':1453,2724 'openssl':918,2539 'opt':302,712,731,753,788,2153,2206 'optim':19,100,140,231,308,776,1060,1939,2121,2453,2602,2612,2657 'option':688,1443,1687 'orchestr':1182,1451,1649,1659,1690,1860 'orchestrator-state.json':1467,1498 'order':2530 'output':439,444,624,697,1211,1590,1973,1979,1989,2766 'overrid':2081,2720,2747 'pairwis':784 'parallel':1201,1291,1318,1531,1559,1706 'partial':426,1000,1408,1608,1920,2511 'pass':644 'password':39,62 'path':189,255,263,280,376,504,543,551,559,636,654,667,1015,1023,1130,1134,1478,1480,1925,1952,2101,2418,2622 'pattern':792,926,931,1709,2181,2254,2263,2593 'pattern-bas':925 'per':577,588,1320,1455,1560,1700 'per-phas':1454 'per-tu':587,1319 'perform':99,2631 'permiss':2787 'persist':1189,2642 'phase':1178,1209,1215,1236,1260,1285,1311,1339,1364,1367,1390,1415,1427,1441,1456,1486,1501,1546,1576,1591,1616,1665,1679,1688,1895,1906,1912,1934 'pii':70 'pipelin':1172 'poc':398,410,435,438,443,448,892,985,1379,1388,1410,1413,1421,1422,1425,1431,1436,1597,1613,1618,1625,1632,1637,1642,1676,2197,2280,2282,2294,2300,2319,2377 'poc-gener':1387,1596 'poc_final_results.json':1664 'pocs/za-0001.c':2200 'preemptiv':2627 'prefer':355,357,570,1040,2390,2532 'preflight':680,1214,1217,1489,1491,2499 'preflight.json':1500 'prerequisit':520,533,534,626,627,882,883 'present':1650,2460 'pressur':1207 'prevent':1703 'primari':1985 'proceed':548,641 'process':348 'produc':217,460,484,500,1382,1909,1977 'product':844 'program':1398 'proof':1395,2647 'proof-of-concept':1394 'protect':1204 'prove':1432,1643 'provid':2569 'purpos':120,1210 'python':673 'queri':397 'ration':2571,2592 'raw':622 'read':198,1452,1587 'read-on':197 'readabl':696,1988 'real':2682 'receiv':1474 'recogn':902 'recommend':2063,2526 'recoveri':1469 'refactor':106 'refer':1249,1695,2277 'referenc':1886 'regardless':2441 'regist':158,463,607,750,835,1100,1105,1944,2479 'reject':2082,2367,2373,2573 'relat':102,109,1875,1877 'remov':16,135,1064,2176 'replac':2069,2184 'repo':257,2019 'report':220,786,1362,1384,1385,1582,1671,1868,1984,2004,2008,2346,2503 'report-assembl':1361,1581,1670,1867 'request':2524 'requir':222,252,269,287,359,365,565,658,670,732,850,855,869,969,977,984,1068,1084,1109,1140,1154,1166,1910,1959,1964,1969,2208,2233,2428,2451,2488,2493,2515,2597,2645,2785 'resolv':1235,1242,1508 'result':1380,1662,1677,2215,2314,2320 'ret':2478 'retain':1079,2344,2728 'retent':162,462,606,749,834,1075,1943,2469,2644 'return':1082,1691 'review':59,95,383,2259,2414,2420,2425,2778 'root':258 'rule':580 'run':522,672,679,1198,1419,1630,1892,1976,2014,2016,2502 'runtim':192,509,514,1445 'rust':284,337,417,431,625,830,949,999,1011,1043,1091,1118,1282,1289,1336,1343,1357,1402,1517,1536,1539,1566,1569,1602,1611,1725,1730,1734,1750,1753,1758,1816,1821,1826,1829,1835,1840,1843,1848,1853,2543 'rust-compiler-analysi':1356 'rustdoc':1294 'safeti':84,2788 'scan':809 'schema':248,2109,2223 'scope':196,2676,2759 'script':675,685 'secret':37,58,116,168,371,423,1030,1047,1080,1102,1406,1606,1926,2411,2473,2635,2683 'section':2012 'secur':75,79,97,104,172,1053,2596,2629 'securezeromemori':917,2536 'security-crit':78 'see':242,928,1903,2217 'seed':56 'semant':174,396,473,478,799,1164,1325,1802,1966 'sensit':8,42,72,86,111,118,125,1032,1267,1712,1723,2033,2693 'seqcst':2193 'serena':361,561,1251 'session':64 'set':275,293 'sever':2029,2048,2124,2340 'share':1194 'show':2458,2472,2483 'signal':2238,2245,2251,2260,2286,2318,2328,2355,2405,2446 'simpl':326 'singl':1345,1571 'sir':1807 'site':1116 'size':1003 'skill':48,2751 'skill-zeroize-audit' 'skip':602,745,772,798,806,814,821,829,864,878,1509,1526,1541 'sodium':920,2537 'sourc':11,128,421,800,988,994,995,1007,1025,1038,1055,1071,1258,1278,1283,1304,1404,1522,1537,1604,1721,1735,1737,1746,1748,1759,1914,1918,1931,2067,2444 'source-analysi':1277,1303 'source-analyz':1257,1521,1720,1745 'source-level':2443 'source-on':1070 'source-sickn33' 'source/ir/asm/cfg':2058 'specif':2773 'specifi':2439 'spill':159,464,608,751,836,1101,1103,1945,2480,2484 'src':1742,1754 'src/crypto.c':2131 'ssa':181 'stack':161,461,605,748,833,1074,1076,1107,1942,2468,2476,2633,2639,2643 'stack-alloc':2632 'standard':2653 'step':458,482,498,518,1621,1633,1647,1657,1899,1901,1907 'step-by-step':1898 'stop':2500,2779 'store':144,942,2138,2160,2167,2175 'strategi':1890 'strong':2250,2327,2403 'structur':219,1992,2005,2102 'substitut':2769 'success':2791 'success/failure':2088 'suffici':2652 'suggest':2182 'summari':2023,2025,2077,2171 'supersed':2065 'support':416,429,436,716,736,752,986,1614 'suppress':2576,2611,2711 'symbol':1243,2134 'syntax':760 'system':61 'tabl':2036 'target':202,757,2161,2202 'task':107,1186,2755 'temporari':214 'test':194,510,515,1439,1447,1449,1685,2308,2775 'test-gener':1438,1684 'threshold':2230 'time':1464 'timeout':389,392 'timestamp':2018 'token':63 'tool':684,978,1219,1911,1958,2002 'toolchain':1220,2568 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'track':166,1037 'trade':2628 'trait':952,1297 'trait-awar':1296 'translat':229,346,1856 'treat':613,2691,2764 'true':369,452,1962,1968,1972,2213 'tu':589,1229,1308,1321,1332,1552,1561,1767,1772,1781,1786,1794,1799,1808,1813,1858 'tu-compiler-analyz':1307,1551,1771,1785,1798,1812 'tus':342,1496,2085 'two':1894,1978 'type':1244,2043,2265 'unavail':387,616,2385,2394 'unit':230,347,1857 'unless':101,2398,2513 'unreach':2497 'unrol':179,486,1157,1159,1947 'upgrad':1094,1121,2330 'usag':363 'use':30,51,92,621,691,1048,1173,2723,2749 'user':1654,2352,2366,2448,2584,2714 'uv':665 'uvx':557 'valid':193,223,701,904,1271,1414,1446,1619,1626,2212,2214,2281,2283,2290,2436,2774 'valu':119,1483,2226 'verif':29,191,852,1620,1651,2357 'verifi':74,523,1426,1429,1638,1640,2303,2321,2606 'via':1185,1250,1655,2697 'volatil':922,929,939,941,2139,2159,2166,2173,2552,2559 'vs':1052 'vulner':2311 'warn':173,600,611,619,678,743,770,796,804,812,819,827,862,876 'wave':1238,1262,1287,1313,1341,1503,1518,1532,1548,1562,1578,1593,1667,1681 'weaken':137 'weaker':2354 'wipe':105,301,320,427,897,923,930,947,1001,1006,1145,1161,1270,1409,1609,1921,2147,2174,2196,2459,2553,2663 'without':96,114,572,1035,2406,2437,2615 'won':2600 'work':215,1195 'workdir':1227,1231,1494 'workflow':1457 'wrapper':956 'write':209,1188,1497 'x':1555 'x86':859 'yaml':296 'yes':256,997,1009,1027,1041,1057,1073,1097,1124,1141,1155,1167,2326,2338 'za':1864,2118,2203 'za-nnnn':1863 'zeroiz':2,6,15,45,123,132,422,905,950,951,953,955,989,991,1016,1036,1062,1065,1405,1605,1919,1941,2123,2455,2541,2542,2565,2614,2674 'zeroize-audit':1,44 'zeroize/drop-glue':791 'zeroizeondrop':960","prices":[{"id":"6bff6b89-6953-4f9b-a8a9-01a7f88c0c4b","listingId":"b30dfafe-b8b3-4b26-854f-abb6464c3697","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:47:59.468Z"}],"sources":[{"listingId":"b30dfafe-b8b3-4b26-854f-abb6464c3697","source":"github","sourceId":"sickn33/antigravity-awesome-skills/zeroize-audit","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/zeroize-audit","isPrimary":false,"firstSeenAt":"2026-04-18T21:47:59.468Z","lastSeenAt":"2026-04-22T00:52:01.942Z"}],"details":{"listingId":"b30dfafe-b8b3-4b26-854f-abb6464c3697","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"zeroize-audit","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34404,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-21T16:43:40Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"3142dc6a4fce7f022d01261c2fd3fe168212108b","skill_md_path":"skills/zeroize-audit/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/zeroize-audit"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"zeroize-audit","description":"Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/zeroize-audit"},"updatedAt":"2026-04-22T00:52:01.942Z"}}