Zeroize Audit banner
Trail of Bits Trail of Bits

Zeroize Audit

Security community Advanced
SOURCE https://github.com/trailofbits/skills/tree/main/plugins/zeroize-audit

Description

Audits C/C++/Rust code for missing zeroization and compiler-removed wipes. Pipeline: source scan → MCP/LSP semantic context → IR diff → assembly/MIR checks.

Installation

Terminal
claude install-skill https://github.com/trailofbits/skills/tree/main/plugins/zeroize-audit

README

zeroize-audit (Claude Skill)

Audits C/C++/Rust code for missing zeroization and compiler-removed wipes. Pipeline: source scan → MCP/LSP semantic context → IR diff → assembly/MIR checks.

Findings

    undefined

Prerequisites

C/C++

    undefined
which clang uvx python3

Rust

    undefined
# Quick check
cargo +nightly --version
uv --version

# Full preflight validation (checks all tools, scripts, and optionally crate build)
tools/validate_rust_toolchain.sh --manifest path/to/Cargo.toml
tools/validate_rust_toolchain.sh --manifest path/to/Cargo.toml --json  # machine-readable

Generate compile_commands.json (C/C++)

**CMake**

cmake -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON

**Make/Bear**

bear -- make -j$(nproc)

Usage

**C/C++ only:**

{ "path": ".", "compile_db": "compile_commands.json" }

**Rust only:**

{ "path": ".", "cargo_manifest": "Cargo.toml" }

**Mixed C/C++ + Rust:**

{
  "path": ".",
  "compile_db": "compile_commands.json",
  "cargo_manifest": "Cargo.toml",
  "opt_levels": ["O0", "O1", "O2"],
  "mcp_mode": "prefer"
}

**Full C/C++ input:**

{
  "path": ".",
  "compile_db": "compile_commands.json",
  "opt_levels": ["O0", "O1", "O2"],
  "languages": ["c", "cpp"],

...

Related Skills

Defense in Depth preview

Defense in Depth

Implement multi-layered testing and security best practices.

obra Security community
SecLists Official Repository preview

SecLists Official Repository

[OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)

danielmiessler Security community
Threat Hunting with Sigma Rules preview

Threat Hunting with Sigma Rules

Use Sigma detection rules to hunt for threats and analyze security events

jthack Security community
Maintenance Walkthrough - 2026-03-29 preview

Maintenance Walkthrough - 2026-03-29

- Re-triaged the full 2026-03-15 security finding set against current `main` and wrote a fresh current-head report in `docs/maintainers/security-findings-triage-2026-03-29-refresh.md`. - Added a match

sickn33 Security community
Google Workspace Model Armor preview

Google Workspace Model Armor

Filter user-generated content for safety

Google Workspace Security community
Google Workspace Alert Center preview

Google Workspace Alert Center

Manage security alerts

Google Workspace Security community

Related Agents

Accessibility Audit

| You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive tec... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

wcag-audit-patterns

| Comprehensive guide to auditing web content against WCAG 2.2 guidelines with actionable remediation... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

Deps Audit

| You are a dependency security expert specializing in vulnerability scanning, license compliance, and... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent