Stats
Actions
Tags
From vulhunt
Searches decompiled pseudocode for patterns using Weggli semantic matching. Finds vulnerable constructs like unchecked memcpy, buffer operations, or function call patterns.
How this skill is triggered — by the user, by Claude, or both
Slash command
/vulhunt:code-pattern-matchingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Search for code patterns in decompiled output using the Weggli pattern matching engine.
Search for code patterns in decompiled output using the Weggli pattern matching engine.
memcpy(dst, src, len))Using the VulHunt MCP tools, open the project (open_project) and run the following Lua query (query_project), adapting it as needed:
local decomp = project:decompile(<target_function>)
local matches = decomp:query({
raw = true, -- If true, the query will be used as-is; otherwise, it will be wrapped in {{}}
query = [[<query>]]
})
return matches:dump() -- matches:dump() already returns a table
The <query> parameter is a query written in Weggli, the default pattern matching engine.
Possible values for <target_function>:
"system"AddressValue.new(0x1234){matching = "<regex>", kind = "symbol", all = true}{matching = "41544155", kind = "bytes", all = true}
allis a boolean. If set totrue, it returns a table containing all matching functions. Iffalse(default), it returns only the first matching value. The for loop is not necessary if the function target is only one (i.e.allis not set to true)
Returns a JSON object containing all matched code and their addresses.
decomp:query{
raw = true,
unique = true, -- captured variables must refer to different nodes
query = [[ $FN($DST, $SRC, $SIZE); ]],
regexes = {
"$FN=memcpy|memmove|strncpy", -- function name must match one of these
"$SIZE!=^[0-9]+$", -- size must NOT be a plain numeric constant
}
}
URLs to additional documentation pages are available at https://vulhunt.re/llm.txt
/decompiler) - Required prerequisite for code pattern matching; use it to decompile functions before searching for patterns/functions) - Use this to find target functions before decompiling and pattern matchingnpx claudepluginhub vulhunt-re/skills --plugin vulhuntDecompiles binary functions to C-like pseudocode using VulHunt tools. Analyze function logic, control flow, or prepare for code pattern matching.
Finds similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, or performing systematic code audits after finding an initial issue.
Triages and audits IDA binaries to detect suspicious behavior, crypto/network activity, review decompiled code against source, and run multi-table queries.