Fähigkeiten sharp-edges
📦

sharp-edges

Sicher

Identify Dangerous APIs and Risky Configurations

Code reviews often miss error-prone APIs and dangerous configurations that lead to bugs and security vulnerabilities. This skill helps identify these sharp edges before they cause production issues.

UnterstĂĽtzt: Claude Codex Code(CC)
đź“Š 70 Angemessen
1

Die Skill-ZIP herunterladen

2

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

3

Einschalten und loslegen

Teste es

Verwendung von "sharp-edges". Review this code for sharp edges: Using timezone functions without specifying timezone can lead to incorrect time calculations.

Erwartetes Ergebnis:

Sharp Edges Identified:

1. **Timezone API Risk** (Medium)
- Issue: Using Date/time functions without explicit timezone handling
- Impact: Incorrect time calculations, data corruption in scheduled tasks
- Recommendation: Always use explicit timezone with IANA timezone identifiers (e.g., 'America/New_York')
- Safer Alternative: Use libraries like moment-timezone or date-fns-tz

Verwendung von "sharp-edges". Analyze this configuration for dangerous settings

Erwartetes Ergebnis:

Configuration Sharp Edges Found:

1. **Debug Mode Enabled** (High)
- Setting: DEBUG=true in production config
- Risk: Exposes sensitive error details and internal system information
- Recommendation: Disable debug mode in production environments

2. **Default Credentials** (Critical)
- Setting: Default admin/password credentials active
- Risk: Unauthorized access via brute force attacks
- Recommendation: Force password change on first login, use strong credential requirements

Sicherheitsaudit

Sicher
v1 • 2/25/2026

This skill is a documentation/guide for identifying error-prone APIs and dangerous configurations. The static analyzer detected hardcoded URLs (lines 4, 70) which are legitimate source references to the original GitHub repository - not data exfiltration. The 'weak cryptographic algorithm' detections at lines 3, 22, and 39 are false positives - the scanner misidentified text patterns as cryptographic issues when there are no cryptographic algorithms present. No actual security risks identified.

1
Gescannte Dateien
71
Analysierte Zeilen
2
befunde
1
Gesamtzahl Audits

Probleme mit hohem Risiko (2)

SKILL.md:3SKILL.md:22SKILL.md:39
False Positive: Weak Cryptographic Algorithm Detection
Static analyzer flagged 'weak cryptographic algorithm' at lines 3, 22, and 39. This is a false positive - the skill contains no cryptographic code or algorithms. The scanner misidentified benign text patterns as cryptographic issues.
SKILL.md:4SKILL.md:70
Hardcoded URLs in Documentation
URLs to the original source repository are hardcoded in the skill documentation. These are legitimate source references, not security concerns.
Auditiert von: claude

Qualitätsbewertung

38
Architektur
100
Wartbarkeit
87
Inhalt
50
Community
85
Sicherheit
83
Spezifikationskonformität

Was du bauen kannst

Security Audit Assistance

Use during code reviews to identify potentially dangerous API usage and risky configurations that could lead to security vulnerabilities.

API Design Review

Evaluate proposed API designs for known pitfalls and error-prone patterns before implementation.

Configuration Safety Check

Review configuration files and settings for dangerous defaults that could expose systems to risk.

Probiere diese Prompts

Basic API Review 
Use the sharp-edges skill to identify any error-prone APIs or dangerous configurations in this code snippet. Focus on APIs with non-obvious failure modes or complex parameter requirements.
Security Configuration Audit 
Apply the sharp-edges skill to analyze these configuration settings. Identify any defaults that are insecure or settings that could bypass security controls.
API Design Assessment 
Using the sharp-edges methodology, evaluate this proposed API design. What sharp edges should developers be aware of? What safer alternatives exist?
Comprehensive Risk Analysis 
Perform a thorough sharp-edges analysis on this codebase. Identify error-prone patterns, dangerous configurations, and provide risk assessments with recommendations for each finding.

Bewährte Verfahren

  • Always document identified sharp edges with clear explanations of the risk
  • Provide concrete examples of both incorrect and correct usage patterns
  • Recommend specific safer alternatives when available, with code examples
  • Keep sharp edge documentation updated as new vulnerabilities are discovered

Vermeiden

  • Ignoring API documentation warnings about known failure modes
  • Using default configurations without reviewing security implications
  • Assuming all APIs behave consistently across different contexts
  • Skipping resource management checks for APIs that require cleanup

Häufig gestellte Fragen

What is a sharp edge in code?
A sharp edge is an API or configuration that has non-obvious failure modes, complex requirements, or can lead to bugs and security issues if not used carefully. Examples include APIs with timing sensitivities, unclear error handling, or dangerous default settings.
Does this skill scan my code automatically?
No. This skill provides methodology and knowledge for identifying sharp edges. It guides you through the review process but does not perform automated static or dynamic analysis of your code.
Can this skill detect all security vulnerabilities?
No. This skill helps identify common error-prone APIs and dangerous configurations, but it cannot detect all possible vulnerabilities. It should be used as part of a comprehensive security review process.
What types of APIs does this skill help identify?
The skill helps identify APIs with complex parameter requirements, non-obvious failure modes, timing or concurrency issues, unclear error handling, and APIs requiring careful resource management.
How is this skill different from static analysis tools?
Static analysis tools automatically scan code for patterns. This skill provides guidance and methodology for manual review, helping you understand WHY certain patterns are problematic and how to address them.
Can I use this skill for any programming language?
Yes. The sharp-edges methodology is language-agnostic. The skill provides general principles for identifying problematic APIs and configurations across different programming languages and frameworks.

Entwicklerdetails

Autor

sickn33

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/sharp-edges

Ref

main

Dateistruktur

đź“„ SKILL.md