C
Avoid common C mistakes — memory leaks, buffer overflows, undefined behavior, and pointer traps.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 2 · 852 · 2 current installs · 2 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name, description, and included markdown files consistently cover C safety topics. The only minor mismatch is that the metadata declares two required binaries (gcc and clang) as both required; for a pure documentation/reference skill requiring both compilers is unnecessary but not malicious — it likely intends to assume a C toolchain is present.
Instruction Scope
SKILL.md and the topic files contain guidance about C pitfalls (memory, pointers, preprocessor, strings, types, undefined behavior). No instructions direct the agent to read unrelated files, access environment variables, or transmit data externally.
Install Mechanism
No install spec or downloads are present; the skill is instruction-only and does not write code to disk or fetch external archives. This is the lowest-risk pattern under the evaluator rules.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The declared requirement for gcc and clang is proportionate to a C-focused skill, though requiring both compilers simultaneously is stricter than necessary.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. There is no indication it modifies other skills or agent-wide settings or requests elevated persistence.
Assessment
This skill is a documentation/reference pack about safe C practices and appears internally consistent. It's instruction-only (no code to run or install) and requests no secrets, so the direct risk is low. Two points to consider before installing: (1) The metadata requires both gcc and clang to be present — that is unnecessary for a docs-only skill and may be a configuration mistake; if you expect the agent to compile or run code as part of using the skill, ensure compilations happen in a sandbox. (2) Although the skill itself doesn't exfiltrate data or require credentials, if you let the agent autonomously compile or execute arbitrary C (with your source), that execution could do anything your environment allows — only permit that in isolated/sandboxed environments. If you want maximum safety, keep this skill as read-only reference and avoid letting the agent compile or run untrusted code on your host.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚙️ Clawdis
OSLinux · macOS · Windows
Binsgcc, clang
SKILL.md
Quick Reference
| Topic | File |
|---|---|
| malloc/free, leaks, double free | memory.md |
| Null, dangling, pointer arithmetic | pointers.md |
| Null terminator, buffer overflow | strings.md |
| Integer overflow, signed/unsigned | types.md |
| Macro traps, include guards | preprocessor.md |
| Common undefined behavior | undefined.md |
Critical Rules
mallocreturnsvoid*— cast required in C++, optional in C but check for NULLfree(ptr); ptr = NULL;— always null after free to prevent double-freesizeof(array)in function gives pointer size, not array size — pass length separatelychar str[5] = "hello";— no room for null terminator, UB when used as stringstrcpydoesn't check bounds — usestrncpyand manually null-terminate- Signed overflow is UB — compiler can optimize assuming it never happens
i++ + i++is UB — no sequence point between modifications- Returning pointer to local variable — dangling pointer, UB on use
#define SQUARE(x) x*x—SQUARE(1+2)=1+2*1+2= 5, not 9memcpywith overlapping regions — usememmoveinstead- Uninitialized variables — contain garbage, UB if used
- Array out of bounds — no runtime check, silent corruption or crash
Files
7 totalSelect a file
Select a file to preview.
Comments
Loading comments…