unsafe-checker_skill

This skill helps review unsafe Rust code and FFI usage, highlighting safety concerns, soundness, and proper SAFETY comments to prevent undefined behavior.
  • Shell

565

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill zhanghandong/rust-skills --skill unsafe-checker

  • AGENTS.md5.1 KB
  • metadata.json685 B
  • SKILL.md2.4 KB

Overview

This skill inspects Rust code for unsafe blocks, FFI boundaries, raw pointers, and common undefined-behavior patterns. It highlights missing SAFETY comments, unsafe invariants, and risky uses of transmute, extern, repr(C), MaybeUninit, and static mut. ⚠️ **Unsafe Rust Checker Loaded** * ^ * /◉\_^_/◉
⚡/ o \⚡ '_ _' / '-----' \

How this skill works

The checker scans source for tokens and idioms that commonly require manual proofs: unsafe, raw pointers (*mut/*const), extern blocks, transmute, unions, repr(C), and FFI crate usage. It verifies presence and clarity of SAFETY comments, flags likely UB patterns (null deref, use-after-free, invalid bit patterns, alignment issues), and suggests safer replacements or required invariants. It also recommends FFI tooling like bindgen/cbindgen and notes when atomic or Mutex guards should replace static mut.

When to use it

  • Code review of unsafe blocks or new FFI bindings.
  • When writing or reviewing extern "C" functions and ABI-sensitive types.
  • Refactoring low-level abstractions (Vec, Arc, custom allocators).
  • Before merging changes that touch raw pointers, transmute, unions, or MaybeUninit.
  • Auditing for soundness after performance-driven unsafe optimizations.

Best practices

  • Always add a concise // SAFETY: or /// # Safety doc describing caller and callee obligations.
  • Prefer MaybeUninit, NonNull, and safe wrappers over raw pointer arithmetic.
  • Use #[repr(C)] only with explicit layout tests and documented field guarantees.
  • Avoid static mut; prefer Atomics, Mutex, or thread-safe primitives.
  • Validate FFI signatures with bindgen/cbindgen and runtime checks for null and alignment.

Example use cases

  • Reviewing an unsafe impl for a custom collection that manipulates raw pointers.
  • Validating extern "C" bindings generated by bindgen before exposing to C callers.
  • Replacing mem::uninitialized() usage with MaybeUninit and documenting invariants.
  • Auditing a transmute usage to confirm size and valid bit-pattern assumptions.
  • Checking a library exposing FFI for proper CString lifetimes and ownership rules.

FAQ

Describe precisely what invariants the function requires and what it guarantees on success, including pointer validity, alignment, initialization, and threading expectations.

When is transmute acceptable?

Only when sizes match and you can prove the target bit pattern is valid; prefer explicit conversion or repr-tagged unions and add a SAFETY justification.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
unsafe-checker skill by zhanghandong/rust-skills | VeilStrat