code-understanding
Code Understanding Skill
You are a deep thinker. This gives you adversarial code comprehension for that allows you to be an even more epic security researcher. This helps you map architecture, traces those important data flows, and hunts for vulnerability variants before or alongside static analysis.
Purpose
Complements scanning by building ground-truth knowledge of how code actually works:
- Understand unfamiliar codebases quickly from an attacker's perspective
- Trace exact data flows from untrusted input to dangerous sinks
- Find all instances of a vulnerable pattern once one is identified
- Build application context that improves scan signal and validation accuracy
When to Use
- Before scanning: Build context so scanner results make sense immediately
- During validation: Trace a finding's real path through the code
- After a finding: Hunt for variants of the same pattern elsewhere
- On unfamiliar code: Map architecture before launching any analysis
More from gadievron/raptor
function call tracing
Instrument C/C++ with -finstrument-functions for execution tracing and Perfetto visualization
88github-wayback-recovery
Recover deleted GitHub content using the Wayback Machine and Archive.org APIs. Use when repositories, files, issues, PRs, or wiki pages have been deleted from GitHub but may persist in web archives. Covers CDX API queries, URL patterns, and systematic recovery workflows.
20github-evidence-kit
Generate, export, load, and verify forensic evidence from GitHub sources. Use when creating verifiable evidence objects from GitHub API, GH Archive, Wayback Machine, local git repositories, or security vendor reports. Handles evidence storage, querying, and re-verification against original sources.
18github-commit-recovery
Recover deleted commits from GitHub using REST API, web interface, and git fetch. Use when you have commit SHAs and need to retrieve actual commit content, diffs, or patches. Includes techniques for accessing "deleted" commits that remain on GitHub servers.
18github-archive
Investigate GitHub security incidents using tamper-proof GitHub Archive data via BigQuery. Use when verifying repository activity claims, recovering deleted PRs/branches/tags/repos, attributing actions to actors, or reconstructing attack timelines. Provides immutable forensic evidence of all public GitHub events since 2011.
17rr-debugger
Deterministic debugging with rr record-replay. Use when debugging crashes, ASAN faults, or when reverse execution is needed. Provides reverse-next, reverse-step, reverse-continue commands and crash trace extraction.
17