Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

thedumptruck/safe-c

Name: safe-c
Author: thedumptruck

skills/safe-c/SKILL.md

npx skillsauth add thedumptruck/skills safe-c

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Safe C

Build highly predictable, robust, and performant C applications with a "zero technical debt" policy. This style guide is heavily inspired by TigerBeetle's Tiger Style.

Retrieval-First Development

Always verify standards against the reference documentation before implementing.

| Resource | URL / Path | |----------|------------| | Safety & Control Flow | ./references/safety.md | | Performance Patterns | ./references/performance.md | | Developer Experience | ./references/dx.md |

Review the relevant documentation when writing new logic or performing code reviews.

When to Use

Writing new C logic from scratch
Refactoring existing C code to improve safety or performance
Reviewing C PRs for code quality and standard adherence
Optimizing memory allocations or hot paths
Implementing strict error handling or boundary validation

Core Principles

Apply Safe C For

| Need | Example | |------|---------| | Predictable Execution | Bounded queues, bounded loops, explicit state machines | | Memory Stability | Pre-allocating all memory at startup, static allocations, in-place initialization via out pointers | | Operational Reliability | Strict assertion density (2+ per function), pair assertions, compound assertion splitting | | Maintainability | Maximum 70 lines per function, max 100 columns per line, options structs |

Do NOT Use

Unbounded loops or recursion
Dynamic memory allocations (malloc(), calloc(), free()) after startup phase
Architecture-specific types like long or unsigned int where explicit sizes (uint32_t, int64_t) are required
Third-party dependencies (unless explicitly approved)

Quick Reference

Bounded Control Flow & Strict Error Handling

// Always bound loops and avoid recursion.
// Use explicit control flow and split compound conditions.
int process_items(const item_t* items, uint32_t items_count) {
    assert(items != NULL);
    assert(items_count <= MAX_ITEMS);

    for (uint32_t i = 0; i < items_count; i++) {
        if (items[i].is_active) {
            if (items[i].value > THRESHOLD) {
                // Handle specific positive case
            }
        }
    }
    return 0;
}

Allocation-Free Hot Path & Out Pointers

// Construct large structs in-place by passing an out pointer
// Avoids copies and implicit stack allocations
void buffer_state_init(buffer_state_t* out_state, const config_options_t* options) {
    assert(out_state != NULL);
    assert(options != NULL);
    
    // In-place initialization
    *out_state = (buffer_state_t){
        .is_ready = true,
        .capacity = options->capacity_bytes,
        .cursor = 0,
    };
}

Critical Rules

No Recursion - Keep control flow simple and execution bounds completely static.
Fixed Upper Bounds - All loops and queues must have a fixed upper bound to prevent infinite loops or tail latency spikes.
No Dynamic Memory After Init - All memory must be statically allocated at startup.
Short Functions - Hard limit of 70 lines per function. Push ifs up, push fors down.
High Assertion Density - Assert function arguments, returns, invariants. Average minimum two assertions per function. Use static_assert for compile-time constants.
Explicit Types - Use explicitly-sized types (uint32_t, int8_t). Avoid size_t or int except for indexing small loops or interfacing with standard library.
Handle All Errors - Never ignore returns. Ensure all edge cases and negative spaces are checked.
Options Structs - Pass options to functions using an explicit options struct instead of relying on defaults or many boolean flags.
Zero Dependencies - Strictly avoid third-party libraries; stick to the standard library or built-in OS primitives where possible.
Strict Naming - snake_case, no abbreviations, add units/qualifiers at the end (latency_ms_max), sort by descending significance.

Anti-Patterns (NEVER)

Using malloc() during steady-state execution.
Writing compound conditions like if (a && b). Use nested ifs instead to handle each branch explicitly.
Deeply nested logic in a single function (>70 lines).
Silent error suppression.
Leaving variables uninitialized or padding bytes unzeroed (buffer bleeds).

Credits

Tiger Style

thedumptruck/safe-c

skills/safe-c/SKILL.md

Enforce "safe-c" coding principles in C. Based on TigerBeetle's Tiger Style. Use when writing, reading, reviewing, or refactoring C code to ensure maximum safety, predictable execution, zero technical debt, and extreme performance.

development

Updated Apr 17, 2026

$ install --global

skillsauth

npx skillsauth add thedumptruck/skills safe-c

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 17, 2026, 8:22 AM4.6s5 files scanned

SKILL.md

name:: safe-c
description:: Enforce "safe-c" coding principles in C. Based on TigerBeetle's Tiger Style. Use when writing, reading, reviewing, or refactoring C code to ensure maximum safety, predictable execution, zero technical debt, and extreme performance.

Safe C

Build highly predictable, robust, and performant C applications with a "zero technical debt" policy. This style guide is heavily inspired by TigerBeetle's Tiger Style.

Retrieval-First Development

Always verify standards against the reference documentation before implementing.

Review the relevant documentation when writing new logic or performing code reviews.

When to Use

Writing new C logic from scratch
Refactoring existing C code to improve safety or performance
Reviewing C PRs for code quality and standard adherence
Optimizing memory allocations or hot paths
Implementing strict error handling or boundary validation

Core Principles

Apply Safe C For

Do NOT Use

Unbounded loops or recursion
Dynamic memory allocations (malloc(), calloc(), free()) after startup phase
Architecture-specific types like long or unsigned int where explicit sizes (uint32_t, int64_t) are required
Third-party dependencies (unless explicitly approved)

Quick Reference

Bounded Control Flow & Strict Error Handling

// Always bound loops and avoid recursion.
// Use explicit control flow and split compound conditions.
int process_items(const item_t* items, uint32_t items_count) {
    assert(items != NULL);
    assert(items_count <= MAX_ITEMS);

    for (uint32_t i = 0; i < items_count; i++) {
        if (items[i].is_active) {
            if (items[i].value > THRESHOLD) {
                // Handle specific positive case
            }
        }
    }
    return 0;
}

Allocation-Free Hot Path & Out Pointers

// Construct large structs in-place by passing an out pointer
// Avoids copies and implicit stack allocations
void buffer_state_init(buffer_state_t* out_state, const config_options_t* options) {
    assert(out_state != NULL);
    assert(options != NULL);
    
    // In-place initialization
    *out_state = (buffer_state_t){
        .is_ready = true,
        .capacity = options->capacity_bytes,
        .cursor = 0,
    };
}

Critical Rules

No Recursion - Keep control flow simple and execution bounds completely static.
Fixed Upper Bounds - All loops and queues must have a fixed upper bound to prevent infinite loops or tail latency spikes.
No Dynamic Memory After Init - All memory must be statically allocated at startup.
Short Functions - Hard limit of 70 lines per function. Push ifs up, push fors down.
High Assertion Density - Assert function arguments, returns, invariants. Average minimum two assertions per function. Use static_assert for compile-time constants.
Explicit Types - Use explicitly-sized types (uint32_t, int8_t). Avoid size_t or int except for indexing small loops or interfacing with standard library.
Handle All Errors - Never ignore returns. Ensure all edge cases and negative spaces are checked.
Options Structs - Pass options to functions using an explicit options struct instead of relying on defaults or many boolean flags.
Zero Dependencies - Strictly avoid third-party libraries; stick to the standard library or built-in OS primitives where possible.
Strict Naming - snake_case, no abbreviations, add units/qualifiers at the end (latency_ms_max), sort by descending significance.

Anti-Patterns (NEVER)

Using malloc() during steady-state execution.
Writing compound conditions like if (a && b). Use nested ifs instead to handle each branch explicitly.
Deeply nested logic in a single function (>70 lines).
Silent error suppression.
Leaving variables uninitialized or padding bytes unzeroed (buffer bleeds).

Credits

Tiger Style

Related Skills

thedumptruck/safe-ts

development

VerifiedTrustedCommunity

Enforce "safe-ts" coding principles in TypeScript. Use when writing, reading, reviewing, or refactoring TypeScript code to ensure maximum safety, predictable execution, and zero technical debt.

SKILL.mdUpdated Apr 17, 2026

thedumptruck/safe-rust

development

VerifiedTrustedCommunity

Enforce "safe-rust" coding principles. Use when writing, reading, reviewing, or refactoring Rust code to ensure maximum memory safety, predictable execution, zero-cost abstractions, and idiomatic Rust patterns.

SKILL.mdUpdated Apr 17, 2026

thedumptruck/safe-rust

thedumptruck/safe-golang

development

VerifiedTrustedCommunity

Enforce "safe-golang" coding principles in Go. Use when writing, reading, reviewing, or refactoring Go code to ensure maximum safety, predictable execution, and zero technical debt.

SKILL.mdUpdated Apr 17, 2026

thedumptruck/safe-golang

openclaw/openclaw-secret-scanning-maintainer

development

VerifiedTrustedCommunity

Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.

357,764SKILL.mdUpdated Apr 15, 2026

openclaw/openclaw-secret-scanning-maintainer

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/thedumptruck/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/skills/safe-c ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

thedumptruck/skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT