insufficient-randomness-anti-pattern
CommunitySecurely generate random values.
Authorigbuend
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical security vulnerability of using predictable, non-cryptographic random number generators for security-sensitive values, which can lead to token forgery and system compromise.
Core Features & Use Cases
- Identifies weak PRNGs: Detects the use of
Math.random(), Python'srandommodule, and similar predictable generators in security contexts. - Provides secure alternatives: Offers examples and guidance on using cryptographically secure pseudo-random number generators (CSPRNGs) like
crypto.randomBytes()(Node.js),secrets(Python), andSecureRandom(Java). - Use Case: When reviewing code that generates session IDs, API keys, or password reset tokens, this skill helps ensure that truly unpredictable values are used, preventing attackers from guessing or deriving these sensitive identifiers.
Quick Start
Use the insufficient-randomness-anti-pattern skill to review the attached code for insecure random number generation.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: insufficient-randomness-anti-pattern Download link: https://github.com/igbuend/grimbard/archive/main.zip#insufficient-randomness-anti-pattern Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.