analyzing-crypto-weakness
Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code. Use when analyzing encryption/decryption, authentication mechanisms, or reviewing cryptographic implementations.
Best use case
analyzing-crypto-weakness is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code. Use when analyzing encryption/decryption, authentication mechanisms, or reviewing cryptographic implementations.
Teams using analyzing-crypto-weakness should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/analyzing-crypto-weakness/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How analyzing-crypto-weakness Compares
| Feature / Agent | analyzing-crypto-weakness | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code. Use when analyzing encryption/decryption, authentication mechanisms, or reviewing cryptographic implementations.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Cryptographic Weakness Detection ## Detection Workflow 1. **Identify cryptographic functions**: Search for crypto-related function names, encryption/decryption operations, hash function usage 2. **Extract crypto parameters**: Identify algorithms used, check key sizes and modes, examine IV/nonce handling 3. **Check for hardcoded secrets**: Use `strings` to find potential keys, search for common password/key patterns, analyze data sections for secrets 4. **Assess implementation security**: Check for constant-time comparisons, verify proper padding, assess randomness of IVs/nonces ## Key Patterns - Weak algorithms: DES, 3DES, RC4, MD5, SHA1, ECB mode, small key sizes (<128 bits) - Hardcoded secrets: passwords/passphrases, keys, IVs/nonces, magic numbers - Insecure key management: keys embedded in code, plaintext storage, weak RNG, reused IVs/nonces - Implementation issues: timing attacks, side-channel vulnerabilities, incorrect padding, missing authentication ## Output Format Report with: id, type, subtype, severity, confidence, location, algorithm, mode, key_size, issues, recommendation, cve_references, mitigation. ## Severity Guidelines - **CRITICAL**: Hardcoded private keys or passwords - **HIGH**: Broken algorithms (DES, RC4) in security-critical code - **MEDIUM**: Weak algorithms in non-critical code - **LOW**: Minor crypto implementation issues ## See Also - `patterns.md` - Detailed detection patterns and exploitation scenarios - `examples.md` - Example analysis cases and code samples - `references.md` - CWE references and mitigation strategies
Related Skills
crypto-expert
Crypto best-practices guidance and review across languages and domains. Use whenever cryptography, encryption, hashing, signatures, key/nonce/IV handling, randomness, password storage, TLS/PKI, secure channels, token formats, or "roll your own crypto" is mentioned, including high-level questions or code/design reviews. Trigger broadly to prevent subtle security mistakes.
analyzing-test-quality
Automatically activated when user asks about test quality, code coverage, test reliability, test maintainability, or wants to analyze their test suite. Provides framework-agnostic test quality analysis and improvement recommendations. Does NOT provide framework-specific patterns - use jest-testing or playwright-testing for those.
analyzing-test-effectiveness
Use to audit test quality with Google Fellow SRE scrutiny - identifies tautological tests, coverage gaming, weak assertions, missing corner cases. Creates bd epic with tasks for improvements, then runs SRE task refinement on each.
analyzing-session-management
Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling. Use when analyzing authentication sessions, cookie security, or investigating session-related vulnerabilities.
analyzing-dependencies
Analyze dependencies for known security vulnerabilities and outdated versions. Use when auditing third-party libraries. Trigger with 'check dependencies', 'scan for vulnerabilities', or 'audit packages'.
analyzing-backtests
Analyzes algorithmic trading backtest results from Jupyter notebooks and generates summary reports. Use when the user wants to analyze or summarize backtest notebooks.
analyzing-requirements
Helps the user define, refine, and document requirements for new software features or projects. Use this when a user says "I want to build...", "I need a feature...", or "How should I implement...".
analyzing-business-models
Analyzes business models including revenue models, unit economics, competitive moats, scalability, and value creation/capture mechanisms using frameworks like Business Model Canvas and strategic analysis. Use when the user requests business model analysis, unit economics review, moat assessment, or wants to understand how a company creates and captures value.
analyzing-websites
既存ウェブサイトを分析し、サイトマップとワイヤーフレームを作成します。URLを渡すとページ構造を解析し、指定形式で出力します。コンテンツ分析機能でページの目的やターゲットも要約できます。
analyzing-specifications
Use when analyzing requirements or project specifications - guides shannon analyze command, explains 8D complexity output, caching behavior, context-aware mode with --project flag
analyzing-source
Conducts in-depth analysis of a specific source or topic, producing comprehensive summaries for research synthesis. Use when you need detailed analysis and documentation of individual sources as part of a larger research effort.
analyzing-pricing
Analyzes pricing strategies, competitive pricing benchmarks, pricing models, value metrics, and willingness-to-pay to optimize pricing and positioning. Use when the user requests pricing analysis, competitive pricing comparison, pricing strategy, pricing model evaluation, or wants to optimize pricing decisions.