Claude-skill-registry detecting-race-conditions
Detects race condition vulnerabilities including TOCTOU, double-checked locking issues, and shared state problems. Use when analyzing concurrent operations, file access patterns, or investigating timing-related vulnerabilities.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/detecting-race-conditions" ~/.claude/skills/majiayu000-claude-skill-registry-detecting-race-conditions && rm -rf "$T"
manifest:
skills/data/detecting-race-conditions/SKILL.mdsource content
Race Condition Detection
Detection Workflow
- Identify critical operations: Find file access sequences (check then use), shared state access patterns, synchronization primitives
- Trace execution paths: Use
to identify potential interleaving points and race windowsxrefs_to - Check synchronization: Verify locks protect critical sections, check for atomic operations, assess lock ordering
- Assess exploitability: Can attacker control timing? Is there a useful race window? What's the impact?
Key Patterns
- TOCTOU (Time-of-Check to Time-of-Use)
- Double-checked locking issues
- Unprotected shared variables
- Non-atomic operations on shared data
- Signal handler issues
Output Format
Report with: id, type, subtype, severity, confidence, location, vulnerability, check operation, use operation, race window, exploitability, attack scenario, impact, mitigation.
Severity Guidelines
- CRITICAL: Race allowing privilege escalation
- HIGH: Race allowing file access bypass
- MEDIUM: Race causing data corruption
- LOW: Race with minor impact
See Also
- Detailed detection patterns and exploitation scenariospatterns.md
- Example analysis cases and code samplesexamples.md
- CWE references and mitigation strategiesreferences.md