sharp-edges
识���危险 API 和高风险配置
代码审查经常会遗漏容易导致错误和安全漏洞的易错 API 和危险配置。此技能帮助您在生产环境出现问题之前识别这些隐患。
تنزيل ZIP المهارة
رفع في Claude
اذهب إلى Settings → Capabilities → Skills → Upload skill
فعّل وابدأ الاستخدام
اختبرها
استخدام "sharp-edges". Review this code for sharp edges: Using timezone functions without specifying timezone can lead to incorrect time calculations.
النتيجة المتوقعة:
Sharp Edges Identified:
1. **Timezone API Risk** (Medium)
- Issue: Using Date/time functions without explicit timezone handling
- Impact: Incorrect time calculations, data corruption in scheduled tasks
- Recommendation: Always use explicit timezone with IANA timezone identifiers (e.g., 'America/New_York')
- Safer Alternative: Use libraries like moment-timezone or date-fns-tz
استخدام "sharp-edges". Analyze this configuration for dangerous settings
النتيجة المتوقعة:
Configuration Sharp Edges Found:
1. **Debug Mode Enabled** (High)
- Setting: DEBUG=true in production config
- Risk: Exposes sensitive error details and internal system information
- Recommendation: Disable debug mode in production environments
2. **Default Credentials** (Critical)
- Setting: Default admin/password credentials active
- Risk: Unauthorized access via brute force attacks
- Recommendation: Force password change on first login, use strong credential requirements
التدقيق الأمني
آمنThis skill is a documentation/guide for identifying error-prone APIs and dangerous configurations. The static analyzer detected hardcoded URLs (lines 4, 70) which are legitimate source references to the original GitHub repository - not data exfiltration. The 'weak cryptographic algorithm' detections at lines 3, 22, and 39 are false positives - the scanner misidentified text patterns as cryptographic issues when there are no cryptographic algorithms present. No actual security risks identified.
مشكلات عالية المخاطر (2)
درجة الجودة
ماذا يمكنك بناءه
安全审计辅助
在代码审查期间使用,以识别可能导致安全漏洞的潜在危险 API 使用和风险配置。
API 设计审查
在实施之前,评估提议的 API 设计是否存在已知陷阱和易错模式。
配置安全检查
审查配置文件和设置,查找可能使系统暴露于风险的危险默认值。
جرّب هذه الموجهات
Use the sharp-edges skill to identify any error-prone APIs or dangerous configurations in this code snippet. Focus on APIs with non-obvious failure modes or complex parameter requirements.
Apply the sharp-edges skill to analyze these configuration settings. Identify any defaults that are insecure or settings that could bypass security controls.
Using the sharp-edges methodology, evaluate this proposed API design. What sharp edges should developers be aware of? What safer alternatives exist?
Perform a thorough sharp-edges analysis on this codebase. Identify error-prone patterns, dangerous configurations, and provide risk assessments with recommendations for each finding.
أفضل الممارسات
- 始终记录已识别的 sharp edges,并清楚解释相关风险
- 提供正确和错误使用模式的具体示例
- 在可用时推荐具体的更安全的替代方案,并提供代码示例
- 随着发现新的漏洞,及时更新 sharp edges 文档
تجنب
- 忽视 API 文档中关于已知故障模式的警告
- 使用默认配置而不审查安全影响
- 假设所有 API 在不同上下文中表现一致
- 跳过需要清理的 API 的资源管理检查
الأسئلة المتكررة
代码中的 sharp edge 是什么?
此技能会自动扫描我的代码吗?
此技能可以检测所有安全漏洞吗?
此技能帮助识别哪些类型的 API?
此技能与静态分析工具相比有何不同?
我可以将此技能用于任何编程语言吗?
تفاصيل المطور
المؤلف
sickn33الترخيص
MIT
المستودع
https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/sharp-edgesمرجع
main
بنية الملفات
📄 SKILL.md