rust-security-checklist

star 127

Use before merging security-relevant Rust changes. Catches common local-service security regressions.

Jxck By Jxck schedule Updated 2/25/2026
play_arrow Run Skill in Manus View GitHub

name: rust-security-checklist description: Use before merging security-relevant Rust changes. Catches common local-service security regressions.

rust-security-checklist Skill

Use this skill before merging security-relevant Rust changes.

Goal

Catch common local-service security regressions early.

Checklist

  1. Input and size limits
  • Are request/response/body sizes bounded?
  • Are parsing paths resistant to oversized input?
  1. Network trust boundaries
  • Are remote response sources validated (address/port where required)?
  • Are timeouts and retry limits explicit?
  1. Resource exhaustion
  • Is task/thread concurrency bounded?
  • Are unbounded queues/spawns avoided?
  1. File and key safety
  • Are private keys/certs written with restrictive permissions where supported?
  • Are secret file paths stable and predictable under sudo?
  1. Command execution safety
  • Avoid sh -c with interpolated strings.
  • Prefer direct Command APIs and explicit args.
  1. Logging hygiene
  • No secrets in logs.
  • Errors are specific but not sensitive.

Required Validation

cargo run -p xtask -- fmt-check
cargo test -q
cargo check --workspace

Reporting Template

  • Threat addressed:
  • Change summary:
  • Residual risk:
  • Follow-up (if any):
Install via CLI
npx skills add https://github.com/Jxck/sptth --skill rust-security-checklist
Repository Details
star Stars 127
call_split Forks 8
navigation Branch main
article Path SKILL.md
More from Creator
Jxck
Jxck Explore all skills →