Execute qualquer Skill no Manus
com um clique

Execute qualquer Skill no Manus com um clique

$pwd:

config-correctness

Name: Config Correctness
Author: PlamenTSV

// L1 trigger - audits configuration constants, documented bounds, feature-gated values, and unused protocol limits for semantic drift.

Executar no Manus

$ git log --oneline --stat

stars:240

forks:44

updated:13 de maio de 2026 às 10:54

SKILL.md

readonly

name	config-correctness
description	L1 trigger - audits configuration constants, documented bounds, feature-gated values, and unused protocol limits for semantic drift.

Injectable Skill: Config Correctness

L1 trigger: L1_PATTERN=true AND (config/ OR settings OR constants OR DEFAULT_ OR MAX_ OR MIN_ OR protocol docs/comments detected) Inject Into: depth-edge-case, depth-state-trace Language: Go and Rust Finding prefix: [CFG-N]

Purpose

Configuration bugs are often single-line semantic drift: a limit exists but is not used, a default is testnet-only but ships in production, a doc comment says one bound while code enforces another, or a feature flag changes protocol-visible enum values. This skill is a bounded enumeration pass, not a new agent.

1. Configuration Inventory

Build a table of security-relevant constants and runtime config fields:

Config/Constant	Declared Value	Documented Value / Comment	Runtime Use Sites	Verdict

Include:

DEFAULT_*, MAX_*, MIN_*, *_LIMIT, *_TIMEOUT, *_INTERVAL, *_FACTOR;
chain parameters, genesis/testnet/mainnet defaults, peer/network limits, RPC limits, difficulty/EMA/oracle knobs;
feature-flag or platform-conditional values that affect serialization, consensus, object layout, or API output.

2. Required Checks

For each row:

Doc/code drift: compare the declared value with nearby comments, docs, config examples, and protocol constants.
Unused limit: if a max/min/factor exists, find the enforcement site. If no enforcement path exists, flag it.
Network-mode drift: verify testnet/devnet defaults cannot silently apply to production mode.
Unit drift: verify seconds vs milliseconds, bytes vs chunks, slots vs blocks, and percentage vs basis-point units.
Feature/platform drift: verify feature flags or OS-specific types do not change externally visible enum values, byte layout, consensus fields, or API semantics.
Boundary effect: substitute the configured min/max/equality point into the function that consumes it.

Tag evidence as [CFG-DOC-DRIFT:{file}:{line}], [CFG-UNUSED-LIMIT:{file}:{line}], [CFG-UNIT:{file}:{line}], or [CFG-FEATURE-DRIFT:{file}:{line}].

3. Non-Finding Rules

Do not report harmless style differences. A config finding needs at least one concrete consequence: consensus divergence, DoS, stale security bound, unexpected production exposure, cross-platform incompatibility, or user/API misbehavior.

4. Output

Use normal finding format. If no finding exists, still emit the inventory table with SAFE rows and concrete file:line evidence for the checked constants.

related-skills.json

mesmo repositório

plamen-l1.md

from "PlamenTSV/plamen"

Launch the Plamen deterministic L1 infrastructure audit pipeline

2026-05-13240

plamen-l1-wizard.md

from "PlamenTSV/plamen"

Run the Plamen L1 infrastructure audit wizard in Codex

2026-05-13240

plamen.md

from "PlamenTSV/plamen"

Launch the Plamen deterministic Web3 security audit pipeline

2026-05-13240

plamen-wizard.md

from "PlamenTSV/plamen"

Run the Plamen smart-contract audit wizard in Codex

2026-05-13240

bls-aggregation-audit.md

from "PlamenTSV/plamen"

L1 trigger - audits BLS signature aggregation: subgroup check, rogue-key attack defense, aggregation order, signing-domain separation.

2026-05-13240

consensus-math-correctness.md

from "PlamenTSV/plamen"

L1 trigger - audits consensus arithmetic for truncation, unused bounds, EMA direction, and threshold edge errors.

2026-05-13240

package.json

"author": "PlamenTSV"

"repository": "PlamenTSV/plamen"

Abrir repositório GitHub Ver repositórios do creator

$ install --global

$ download --local

Executar no Manus

$ useful --forSOC

Analistas de garantia de qualidade de software e testadoresInformática e Matemática15-1253L4

Injectable Skill: Config Correctness

L1 trigger: L1_PATTERN=true AND (config/ OR settings OR constants OR DEFAULT_ OR MAX_ OR MIN_ OR protocol docs/comments detected) Inject Into: depth-edge-case, depth-state-trace Language: Go and Rust Finding prefix: [CFG-N]

Purpose

1. Configuration Inventory

Build a table of security-relevant constants and runtime config fields:

Config/Constant

Declared Value

Documented Value / Comment

Runtime Use Sites

Verdict

Include:

DEFAULT_*, MAX_*, MIN_*, *_LIMIT, *_TIMEOUT, *_INTERVAL, *_FACTOR;

chain parameters, genesis/testnet/mainnet defaults, peer/network limits, RPC limits, difficulty/EMA/oracle knobs;

feature-flag or platform-conditional values that affect serialization, consensus, object layout, or API output.

2. Required Checks

For each row:

Doc/code drift: compare the declared value with nearby comments, docs, config examples, and protocol constants.

Unused limit: if a max/min/factor exists, find the enforcement site. If no enforcement path exists, flag it.

Network-mode drift: verify testnet/devnet defaults cannot silently apply to production mode.

Unit drift: verify seconds vs milliseconds, bytes vs chunks, slots vs blocks, and percentage vs basis-point units.

Feature/platform drift: verify feature flags or OS-specific types do not change externally visible enum values, byte layout, consensus fields, or API semantics.

Boundary effect: substitute the configured min/max/equality point into the function that consumes it.

Tag evidence as [CFG-DOC-DRIFT:{file}:{line}], [CFG-UNUSED-LIMIT:{file}:{line}], [CFG-UNIT:{file}:{line}], or [CFG-FEATURE-DRIFT:{file}:{line}].

3. Non-Finding Rules

4. Output

Use normal finding format. If no finding exists, still emit the inventory table with SAFE rows and concrete file:line evidence for the checked constants.

config-correctness

Injectable Skill: Config Correctness

Purpose

1. Configuration Inventory

2. Required Checks

3. Non-Finding Rules

4. Output

Mais deste repositório

Mais deste repositório

Injectable Skill: Config Correctness

Purpose

1. Configuration Inventory

2. Required Checks

3. Non-Finding Rules

4. Output