Habilidades sharp-edges
📦

sharp-edges

Seguro

Identify Dangerous APIs and Risky Configurations

Code reviews often miss error-prone APIs and dangerous configurations that lead to bugs and security vulnerabilities. This skill helps identify these sharp edges before they cause production issues.

Suporta: Claude Codex Code(CC)
📊 70 Adequado
1

Baixar o ZIP da skill

2

Upload no Claude

Vá em Configurações → Capacidades → Skills → Upload skill

3

Ative e comece a usar

Testar

A utilizar "sharp-edges". Review this code for sharp edges: Using timezone functions without specifying timezone can lead to incorrect time calculations.

Resultado esperado:

Sharp Edges Identified:

1. **Timezone API Risk** (Medium)
- Issue: Using Date/time functions without explicit timezone handling
- Impact: Incorrect time calculations, data corruption in scheduled tasks
- Recommendation: Always use explicit timezone with IANA timezone identifiers (e.g., 'America/New_York')
- Safer Alternative: Use libraries like moment-timezone or date-fns-tz

A utilizar "sharp-edges". Analyze this configuration for dangerous settings

Resultado esperado:

Configuration Sharp Edges Found:

1. **Debug Mode Enabled** (High)
- Setting: DEBUG=true in production config
- Risk: Exposes sensitive error details and internal system information
- Recommendation: Disable debug mode in production environments

2. **Default Credentials** (Critical)
- Setting: Default admin/password credentials active
- Risk: Unauthorized access via brute force attacks
- Recommendation: Force password change on first login, use strong credential requirements

Auditoria de Segurança

Seguro
v1 • 2/25/2026

This skill is a documentation/guide for identifying error-prone APIs and dangerous configurations. The static analyzer detected hardcoded URLs (lines 4, 70) which are legitimate source references to the original GitHub repository - not data exfiltration. The 'weak cryptographic algorithm' detections at lines 3, 22, and 39 are false positives - the scanner misidentified text patterns as cryptographic issues when there are no cryptographic algorithms present. No actual security risks identified.

1
Arquivos analisados
71
Linhas analisadas
2
achados
1
Total de auditorias

Problemas de Alto Risco (2)

SKILL.md:3SKILL.md:22SKILL.md:39
False Positive: Weak Cryptographic Algorithm Detection
Static analyzer flagged 'weak cryptographic algorithm' at lines 3, 22, and 39. This is a false positive - the skill contains no cryptographic code or algorithms. The scanner misidentified benign text patterns as cryptographic issues.
SKILL.md:4SKILL.md:70
Hardcoded URLs in Documentation
URLs to the original source repository are hardcoded in the skill documentation. These are legitimate source references, not security concerns.
Auditado por: claude

Pontuação de qualidade

38
Arquitetura
100
Manutenibilidade
87
Conteúdo
50
Comunidade
85
Segurança
83
Conformidade com especificações

O Que Você Pode Construir

Security Audit Assistance

Use during code reviews to identify potentially dangerous API usage and risky configurations that could lead to security vulnerabilities.

API Design Review

Evaluate proposed API designs for known pitfalls and error-prone patterns before implementation.

Configuration Safety Check

Review configuration files and settings for dangerous defaults that could expose systems to risk.

Tente Estes Prompts

Basic API Review 
Use the sharp-edges skill to identify any error-prone APIs or dangerous configurations in this code snippet. Focus on APIs with non-obvious failure modes or complex parameter requirements.
Security Configuration Audit 
Apply the sharp-edges skill to analyze these configuration settings. Identify any defaults that are insecure or settings that could bypass security controls.
API Design Assessment 
Using the sharp-edges methodology, evaluate this proposed API design. What sharp edges should developers be aware of? What safer alternatives exist?
Comprehensive Risk Analysis 
Perform a thorough sharp-edges analysis on this codebase. Identify error-prone patterns, dangerous configurations, and provide risk assessments with recommendations for each finding.

Melhores Práticas

  • Always document identified sharp edges with clear explanations of the risk
  • Provide concrete examples of both incorrect and correct usage patterns
  • Recommend specific safer alternatives when available, with code examples
  • Keep sharp edge documentation updated as new vulnerabilities are discovered

Evitar

  • Ignoring API documentation warnings about known failure modes
  • Using default configurations without reviewing security implications
  • Assuming all APIs behave consistently across different contexts
  • Skipping resource management checks for APIs that require cleanup

Perguntas Frequentes

What is a sharp edge in code?
A sharp edge is an API or configuration that has non-obvious failure modes, complex requirements, or can lead to bugs and security issues if not used carefully. Examples include APIs with timing sensitivities, unclear error handling, or dangerous default settings.
Does this skill scan my code automatically?
No. This skill provides methodology and knowledge for identifying sharp edges. It guides you through the review process but does not perform automated static or dynamic analysis of your code.
Can this skill detect all security vulnerabilities?
No. This skill helps identify common error-prone APIs and dangerous configurations, but it cannot detect all possible vulnerabilities. It should be used as part of a comprehensive security review process.
What types of APIs does this skill help identify?
The skill helps identify APIs with complex parameter requirements, non-obvious failure modes, timing or concurrency issues, unclear error handling, and APIs requiring careful resource management.
How is this skill different from static analysis tools?
Static analysis tools automatically scan code for patterns. This skill provides guidance and methodology for manual review, helping you understand WHY certain patterns are problematic and how to address them.
Can I use this skill for any programming language?
Yes. The sharp-edges methodology is language-agnostic. The skill provides general principles for identifying problematic APIs and configurations across different programming languages and frameworks.

Detalhes do Desenvolvedor

Autor

sickn33

Licença

MIT

Repositório

https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/sharp-edges

Referência

main

Estrutura de arquivos

📄 SKILL.md