Claude-skill-registry detecting-type-confusion

Detects type confusion vulnerabilities by identifying unsafe type casts, vtable corruption, and polymorphism issues. Use when analyzing object-oriented code, type casting, or investigating C++ memory safety issues.

install

source · Clone the upstream repo

git clone https://github.com/majiayu000/claude-skill-registry

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/detecting-type-confusion" ~/.claude/skills/majiayu000-claude-skill-registry-detecting-type-confusion && rm -rf "$T"

manifest: skills/data/detecting-type-confusion/SKILL.md

Type Confusion Detection

Detection Workflow

Identify type operations: Find all type casts, virtual function calls, union usage, class hierarchies
Analyze type safety: Check cast validation, assess vtable integrity, verify union usage correctness
Trace object flow: Use
```
xrefs_to
```
to trace objects, identify type changes, assess type consistency
Assess exploitability: Can attacker control object type? Is there useful type confusion? Can attacker corrupt vtable?

Key Patterns

Unsafe type casting: C-style casts without validation, reinterpret_cast without checks
Vtable corruption: virtual function calls on corrupted objects, vtable pointer manipulation
Union misuse: writing to one union member, reading another
Polymorphism issues: base pointer used as derived without dynamic_cast

Output Format

Report with: id, type, subtype, severity, confidence, location, vulnerability, cast operation, base type, derived type, validation, vtable access, exploitability, attack scenario, impact, mitigation.

Severity Guidelines

CRITICAL: Type confusion with code execution
HIGH: Type confusion with data corruption
MEDIUM: Type confusion with limited impact
LOW: Type confusion with minor issues