allsmog
UserSecurity review inside Claude Code that proves it or drops it: hunts source→sink bugs, proves them with a sandboxed PoC, validates the patch — and benchmarks its own recall so it can't cry wolf. Local-first, network-denied by default. AIxCC techniques: obligation discharge, sanitizer execution proof, scoped-CPG dataflow.
Categories
Indexed Skills (36)
mem-exploitability
Memory-corruption exploitability ASSESSMENT. For each memory-safety finding (systems-hunt / verify), the mem-exploit-analyst agent works the analysis phases — vuln shape, control/offset plausibility, input constraints, mitigation posture (NX/PIE/canary/RELRO/FORTIFY/CFG from build flags + read-only binary inspection) — and assigns an exploitability tier + remediation, attaching an `exploitability` block onto .kuzushi/findings.json. Assessment only — never produces exploit payloads or mitigation bypasses.
poc
Empirical proof-of-concept for the PoC-ready findings. For each finding /verify marked confirmed-exploitable or inconclusive, synthesize a minimal harness that triggers the bug; a host script then runs it in a sandbox (Docker --network none when present, else a gated local run) and classifies the crash into a proof verdict. Attaches a poc block onto each finding. Requires /verify first.
threat-model
Build or regenerate the PASTA threat model for the current repository. Runs the threat-modeler subagent through the PASTA phases (S1 Objectives → S2 Scope → S3 Decomposition → S4 Threats) and writes .kuzushi/threat-model.json plus an ASCII data-flow diagram.
verify
Exploitability verification of the findings index. For each open / trace-needed finding in .kuzushi/findings.json, reconstruct source→sink, build a concrete trigger, and assign a proof verdict (confirmed-exploitable / not-exploitable / inconclusive) with a PoC sketch. Read-only — attaches a verification block onto each finding and tags the PoC-ready ones for /poc. Requires /threat-hunt (or /taint-analysis) first.
fix
Generate and PoC⁺-validate a patch for each confirmed/proven finding. The fixer agent writes a minimal defensive unified diff plus functional and semantic checks; the host applies it to a SANDBOX COPY, re-runs the existing PoC harness, the functional check, and the semantic oracle check for supported CWEs. A patch is "validated" only if all required gates pass. The working tree is never touched until you explicitly approve the apply step. Requires confirmed/proven findings (run /verify and /poc first).
logic-hunt
Adversarial business-logic and invariant-violation hunt. For each intended-behavior invariant (from /deep-context) and logic-bug code shape, the logic-hunter agent tries to construct an operation sequence that violates the property — broken atomicity, out-of-order state transitions, authorization-by-omission, replay, business-rule abuse — then assigns a verdict from a closed set with file:line evidence. Promotes violations into findings.json. Strongest after /deep-context.
path-solve
Concolic-lite path-constraint solving for hard-to-reach sinks. For findings /verify left inconclusive, the path-solver agent extracts the guard predicate between source and sink and solves it into a concrete reaching input — via the concolic MCP backend (Z3 / CrossHair) when installed, else by reasoning (LLM). Attaches a pathSolution block; feeds /verify and /fuzz. Heuristic, not a proof.
deep-context
Deep system-understanding pass before threat modeling. The context-analyst agent reads the code (line-by-line where it matters) and builds a grounded model — modules, entry points, actors, trust boundaries, data stores, system invariants — with file:line evidence, written to .kuzushi/deep-context.json. Context only — it never finds vulns, fixes, or severities. Best run after x-ray, before /threat-model.
invariant-test
Verify the CVE-derived invariants in .kuzushi/threat-intel.json against the code, using the tree-sitter taint MCP tools (and codeql/joern if available). Writes .kuzushi/invariant-results.json with hold / violated / needs-review verdicts. Requires /threat-intel to have run first.
sast
Semgrep-driven SAST pass — scan the repo with semgrep, then triage each hit against the source as finding / candidate / rejected (scanner hits are leads, not findings). Promotes the kept ones into .kuzushi/findings.json (source "sast"). Needs semgrep installed.
semgrep-rule
Turn confirmed findings into reusable, test-driven Semgrep rules under .kuzushi/rules/. For each seed, the semgrep-rule-author agent writes a positive/negative fixture and a rule that matches the bug shape, validates it with semgrep, and indexes it. The rules seed /variant-hunt and /sast re-runs. Requires a confirmed finding first.
systems-hunt
Native / parser / memory-safety review. Scans the repo for systems patterns (loadLibrary/JNI, memcpy/Unsafe/gets, archive parsers, deserialization, exec), then the systems-hunter agent confirms reachability + memory-safety impact and promotes verdicts to .kuzushi/findings.json. Most useful on C/C++/Rust/native code.
threat-hunt
Adversarial per-threat review (Carlini doctrine). For each threat in .kuzushi/threat-model.json, state attacker capabilities, walk source→sink, attempt to bypass every guard, and assign a verdict with evidence. Promotes findings into .kuzushi/findings.json. Requires /threat-model first.
threat-intel
Research recent critical/high CVEs for this repo's stack and for similar apps in its domain, and distill them into checkable invariants written to .kuzushi/threat-intel.json. Uses live web search. Best run after /threat-model.
variant-hunt
Variant analysis — find siblings of a confirmed bug. For each confirmed/exploitable finding in .kuzushi/findings.json, the variant-hunter agent sweeps the repo for other sites with the same bug class (exact match → generalize), triages each, and promotes variants into findings.json (source "variant-hunt", refId variant-of:<seed>). Requires at least one confirmed finding first.
authz
Authorization-model review. Scans endpoints + object-access-by-id sites; the authz-reviewer agent finds missing authorization (CWE-862), IDOR / broken object-level authz (CWE-639), privilege escalation, and broken ownership, and promotes them into .kuzushi/findings.json (source "authz"). Complements /threat-hunt (which hunts named threats) with a dedicated authz pass.
chain
Link related findings into higher-impact attack chains. The chain-finder agent reasons over the findings index for compositions (precondition → pivot → impact) — e.g. an auth bypass that turns a read-only SSRF into internal RCE — and records each chain with an ordered narrative + member fingerprints in .kuzushi/chains.json, attaching a `chains` ref onto each member finding (status unchanged). Needs ≥2 live findings.
crypto-review
Crypto-misuse review — non-constant-time comparison of secrets (timing side-channels), missing/compiler-elidable zeroization of secrets, and non-cryptographic RNG used to mint secrets. The crypto-reviewer agent confirms each candidate handles a secret and promotes real issues into .kuzushi/findings.json (source "crypto-review"). Distinct from /sast (injection) and /sharp-edges (API design).
diff-review
Security-focused review of a code change. Resolves a base ref, risk-scores the changed files, then the diff-reviewer agent walks source→sink on the new code, uses git blame to catch regressions, estimates blast radius by caller count, and promotes verdicts into .kuzushi/findings.json (source "diff-review"). Needs a git repo. Pass a base via --input '{"base":"origin/main"}'.
iac
Config & container security review. Scans Dockerfiles, Kubernetes/Compose manifests, and Terraform/IaC for misconfigurations (privileged containers, root, unpinned images, hardcoded secrets, public network/storage, disabled TLS); the iac-reviewer agent confirms each in context and promotes real ones into .kuzushi/findings.json (source "iac"). Distinct from /sast (source injection) and the insecure-defaults companion (app config values).
rule-synth
Synthesize CodeQL queries / Joern scripts from confirmed findings — the heavy semantic engines /semgrep-rule (Semgrep-only) doesn't cover. The rule-synthesist agent writes a tight rule per seed; the host runs a native compile → fire-on-seed → repo-run → precision gate and persists only validated rules into a digest-attested pack under .kuzushi/rules/{codeql,joern}/, promoting new matches as candidate leads. Needs a confirmed finding + a built CodeQL DB / Joern CPG.
sharp-edges
Find footgun APIs, dangerous defaults, and misuse-prone designs (where the secure path isn't the default). The sharp-edges-analyzer agent reasons through three adversaries (scoundrel / lazy dev / confused dev) across six categories and promotes real edges into .kuzushi/findings.json (source "sharp-edges"). Distinct from /sast (injection) and the insecure-defaults companion (config values).
supply-chain
Audit direct dependencies for takeover / abandonment risk (maintainer count, popularity, CVE history, release cadence, ownership) and promote the risky ones into .kuzushi/findings.json (source "supply-chain"). Complements /threat-intel (which checks CVEs, not dependency trustworthiness). Uses the network — asks first.
traffic-map
Offline Burp/HAR import — parse a captured traffic export (HAR JSON or Burp "Save items" XML), correlate observed endpoints to source handlers (x-ray + code-graph), and flag the gaps it reveals (shadow surface, unauthenticated mutating endpoints, params reaching sinks). Writes .kuzushi/traffic-map.json and promotes gaps into findings (source "traffic-map"). Offline only — no proxy, no live requests. Pass a capture via --input '{"file":"capture.har"}'.
taint-analysis
IRIS-style source→sink taint hunt. Ranks a typed CWE catalog for the repo, then drives subagents to label dangerous sinks, label sources of user input, run Joern/CodeQL dataflow queries (or same-file linking) to connect them, and triage each flow as finding/candidate/rejected. Promotes verdicts into .kuzushi/findings.json. Benefits from a prebuilt CodeQL DB / Joern CPG but degrades gracefully.
benchmark
Measure recall / precision / false-proof rate of the pipeline against a ground-truth manifest. Scores either the bundled planted-vulnerability corpus (regression) or a live run's findings.json against a manifest you supply. Deterministic — no agent, no network. Use to prove a change to the producers helps rather than hurts.
build-databases
Build the heavy semantic indexes the codeql/joern backends query — a CodeQL database (per detected language) and a Joern CPG — under .kuzushi/. Runs asynchronously in the background (doesn't block the session); installs the CLI first if missing. Pass "codeql" or "joern" to build just one.
doctor
Run kuzushi preflight diagnostics — Node dependencies, plugin MCP server health, and which analysis CLIs and LSP servers are installed, with exact install commands for anything missing. Use when tooling shows as missing or MCP servers won't connect.
export-sarif
Export .kuzushi/findings.json as a SARIF 2.1.0 file (.kuzushi/findings.sarif) so findings are consumable by CI code-scanning, dashboards, and IDEs. Deterministic transform — no analysis. Pass "all" to include reviewed/noise findings too.
install
Install/vendor the analysis tooling for this repo's detected languages — LSP servers (rust-analyzer, clangd, jdtls) and MCP backend CLIs. Pass a tool name to install a specific one, including the heavy ones (e.g. /install codeql, /install joern). Use when /doctor shows tools missing.
code-graph
Build a cached code-graph (.kuzushi/code-graph.json) — entry points + per-symbol caller counts (blast-radius / attack-surface signal) — so producers like /diff-review query it instead of re-deriving caller info live. Uses real Joern call edges when a CPG is built, else a deterministic ripgrep heuristic (no heavy tooling required). Re-run after large code changes.
fuzz
Canonical fuzzing workflow for confirmed/proven findings. Coordinates plan → author harnesses (fuzz-harness-author agent) → replay → triage → promote, and advances a finding to proven only on empirical crash/sanitizer evidence. Prefer this over the lower-level /fuzz-* stage commands.
fuzz-init
Low-level stage for /fuzz. Initialize a local fuzzing campaign plan from confirmed/proven findings. Prefer /fuzz for normal use.
fuzz-minimize
Low-level stage for /fuzz. Record minimization status for triaged fuzz crashes. Prefer /fuzz --stage replay for normal use.
fuzz-promote
Low-level stage for /fuzz. Attach fuzz evidence to findings and promote only exploited fuzz results to proven. Prefer /fuzz --stage replay for normal use.
fuzz-run
Low-level stage for /fuzz. Execute runnable fuzz harnesses from .kuzushi/fuzz/fuzz-plan.json in an offline sandbox. Prefer /fuzz --stage replay for normal use.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.