Skill

defect-taxonomy

Comprehensive defect taxonomy knowledge base -- 16 macro-categories, 140+ subcategories of source code defects with CWE/OWASP mappings, detection strategies, fix patterns, and review frameworks. Used by senior-review agents (code-auditor, security-auditor, ui-race-auditor) to enrich analysis with structured defect knowledge.

Install

npx claudepluginhub acaprino/alfio-claude-plugins --plugin senior-review

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Unified classification of source code defects synthesizing MITRE CWE, OWASP Top 10, NASA Power of 10, IBM ODC, IEEE 1044, and Beizer's taxonomy into actionable detection references.

Supporting Assets

references/concurrency-state.mdreferences/data-design-ops.mdreferences/detection-matrix.mdreferences/distributed-integration.mdreferences/logic-types.mdreferences/memory-resources.mdreferences/review-frameworks.mdreferences/security.md

SKILL.md

Similar Skills

memory-forensics

Acquire memory dumps from live systems/VMs and analyze with Volatility 3 for processes, networks, DLLs, injections in incident response or malware hunts.

reverse-engineering

33.0k

binary-analysis-patterns

Provides x86-64/ARM disassembly patterns, calling conventions, control flow recognition for static analysis of executables and compiled binaries.

reverse-engineering

33.0k

anti-reversing-techniques

1 file

Identifies anti-debugging checks like IsDebuggerPresent, NtQueryInformationProcess in Windows binaries; suggests bypasses via patches/hooks/scripts for malware analysis, CTFs, authorized RE.

reverse-engineering

33.0k

Stats

Parent Repo Stars0

Parent Repo Forks1

Last CommitMar 21, 2026

Actions

View Source View Plugin View on GitHub View README

Defect Taxonomy Knowledge Base

Unified classification of source code defects synthesizing MITRE CWE, OWASP Top 10, NASA Power of 10, IBM ODC, IEEE 1044, and Beizer's taxonomy into actionable detection references.

Reference Files

Load relevant references based on the code domain under review. Do NOT load all files -- select only what applies.

Taxonomy References (defect patterns)

Reference	When to load
`references/concurrency-state.md`	Concurrent/parallel code, shared state, async patterns, closures, variable scoping
`references/logic-types.md`	Comparisons, boolean logic, type conversions, generics, serialization
`references/memory-resources.md`	Memory management (C/C++/Rust), resource lifecycle, error handling, performance bottlenecks
`references/security.md`	Security review -- injection, auth, crypto, secrets, CORS, SSRF, input validation
`references/distributed-integration.md`	Microservices, APIs, distributed state, message queues, service mesh, migrations
`references/data-design-ops.md`	Database/ORM, design patterns, build/deploy, testing, observability
`references/detection-matrix.md`	Cross-cutting: detection channels per category, language-weighted focus, ROI prioritization

Review Frameworks (analysis methodology)

Reference	When to load
`references/review-frameworks.md`	Always load for code-auditor. Contains cognitive models, failure flow methodology, anti-pattern checklist, mental models, severity/scoring system

Language-Weighted Category Focus

C/C++: concurrency-state.md + memory-resources.md (categories 1, 5)
JVM (Java/Kotlin/Scala): concurrency-state.md + logic-types.md + memory-resources.md (categories 2, 7, 8)
JavaScript/TypeScript: concurrency-state.md + logic-types.md + security.md (categories 2, 4, 6)
Python: logic-types.md + security.md + memory-resources.md (categories 4, 6, 7)
Go/Rust: concurrency-state.md + memory-resources.md (categories 1, 5, 7)
Microservices (any): distributed-integration.md + data-design-ops.md (categories 8-12)

Usage Instructions

Identify the language(s) and domain of the code under review
Load the review-frameworks.md reference (for code-auditor agent)
Load 1-3 taxonomy references matching the language/domain
Apply detection strategies from the loaded references during analysis
Map findings to CWE identifiers where applicable
Use the detection-matrix.md to prioritize detection approach