ReddRadar
Agent skill
crypto-analyzer
Cryptographic implementation analysis and validation for encryption algorithms, key sizes, and certificate management
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/crypto-analyzer
SKILL.md
Crypto Analyzer Skill
Purpose
Analyze and validate cryptographic implementations to ensure proper algorithm usage, key sizes, certificate validity, and compliance with cryptographic best practices and standards.
Capabilities
Encryption Implementation Analysis
- Analyze symmetric encryption usage (AES, ChaCha20)
- Review asymmetric encryption implementations (RSA, ECDSA)
- Check encryption mode selection (GCM, CBC, CTR)
- Validate initialization vector (IV) handling
- Verify padding schemes
- Identify insecure encryption patterns
Algorithm Strength Validation
- Check algorithm deprecation status
- Validate against NIST recommendations
- Compare with FIPS 140-3 requirements
- Assess quantum resistance readiness
- Flag weak or deprecated algorithms
- Recommend algorithm upgrades
Key Size Verification
- Validate RSA key lengths (minimum 2048-bit)
- Check ECC curve selections
- Verify symmetric key sizes
- Assess key derivation functions
- Check PBKDF2/scrypt/bcrypt parameters
- Validate key stretching implementations
Deprecated Algorithm Detection
- Identify MD5 and SHA-1 usage
- Flag DES and 3DES usage
- Detect RC4 stream cipher
- Find weak random number generation
- Identify export-grade cryptography
- Flag custom/homegrown crypto
Certificate Analysis
- Verify certificate validity periods
- Check certificate chain completeness
- Validate certificate key usage
- Detect wildcard certificate risks
- Check certificate transparency logs
- Monitor certificate expiration
Cryptographic Recommendations
- Suggest algorithm replacements
- Recommend key size upgrades
- Provide implementation guidance
- Map to compliance requirements
- Generate migration plans
- Prioritize remediation efforts
Algorithm Assessment
Symmetric Encryption
| Algorithm | Status | Recommendation |
|---|---|---|
| AES-256-GCM | Approved | Preferred |
| AES-128-GCM | Approved | Acceptable |
| ChaCha20-Poly1305 | Approved | Preferred for mobile |
| AES-CBC | Caution | Use with HMAC |
| 3DES | Deprecated | Replace immediately |
| DES | Prohibited | Critical risk |
Asymmetric Encryption
| Algorithm | Min Key Size | Recommendation |
|---|---|---|
| RSA | 2048-bit | 3072+ preferred |
| ECDSA | P-256 | P-384 preferred |
| Ed25519 | N/A | Recommended |
Hash Functions
| Algorithm | Status | Use Case |
|---|---|---|
| SHA-256/384/512 | Approved | General use |
| SHA-3 | Approved | High security |
| BLAKE2 | Approved | Performance |
| SHA-1 | Deprecated | Legacy only |
| MD5 | Prohibited | Never use |
Integrations
- OpenSSL: Cryptographic library analysis
- testssl.sh: TLS configuration testing
- SSL Labs API: Certificate and TLS analysis
- Cryptographic libraries: Language-specific crypto review
- HSM interfaces: Hardware security module validation
Target Processes
- Cryptography and Key Management Process
- Security Code Review
- TLS Configuration Hardening
- Certificate Lifecycle Management
Input Schema
{
"type": "object",
"properties": {
"analysisType": {
"type": "string",
"enum": ["code-review", "tls-config", "certificate", "implementation", "compliance"],
"description": "Type of cryptographic analysis"
},
"targetPath": {
"type": "string",
"description": "Path to code or configuration to analyze"
},
"endpoints": {
"type": "array",
"items": { "type": "string" },
"description": "TLS endpoints to analyze"
},
"certificates": {
"type": "array",
"items": { "type": "string" },
"description": "Certificate files or URLs to analyze"
},
"languages": {
"type": "array",
"items": { "type": "string" },
"description": "Programming languages to analyze"
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["NIST", "FIPS-140-3", "PCI-DSS", "HIPAA", "FedRAMP"]
}
},
"includeQuantumAssessment": {
"type": "boolean",
"description": "Include post-quantum readiness assessment"
}
},
"required": ["analysisType"]
}
Output Schema
{
"type": "object",
"properties": {
"analysisId": {
"type": "string"
},
"analysisType": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"summary": {
"type": "object",
"properties": {
"totalFindings": { "type": "integer" },
"critical": { "type": "integer" },
"high": { "type": "integer" },
"medium": { "type": "integer" },
"low": { "type": "integer" }
}
},
"algorithmFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"algorithm": { "type": "string" },
"usage": { "type": "string" },
"status": { "type": "string", "enum": ["approved", "caution", "deprecated", "prohibited"] },
"location": { "type": "string" },
"recommendation": { "type": "string" }
}
}
},
"keySizeFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"algorithm": { "type": "string" },
"currentSize": { "type": "string" },
"minimumRequired": { "type": "string" },
"recommendation": { "type": "string" }
}
}
},
"certificateFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"subject": { "type": "string" },
"issuer": { "type": "string" },
"validFrom": { "type": "string" },
"validTo": { "type": "string" },
"keySize": { "type": "string" },
"issues": { "type": "array" }
}
}
},
"tlsFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoint": { "type": "string" },
"protocols": { "type": "array" },
"cipherSuites": { "type": "array" },
"grade": { "type": "string" },
"issues": { "type": "array" }
}
}
},
"complianceStatus": {
"type": "object"
},
"quantumReadiness": {
"type": "object",
"properties": {
"atRiskAlgorithms": { "type": "array" },
"migrationPriority": { "type": "string" },
"recommendations": { "type": "array" }
}
},
"remediationPlan": {
"type": "array",
"items": {
"type": "object",
"properties": {
"finding": { "type": "string" },
"action": { "type": "string" },
"priority": { "type": "string" },
"effort": { "type": "string" }
}
}
}
}
}
Usage Example
skill: {
name: 'crypto-analyzer',
context: {
analysisType: 'code-review',
targetPath: './src',
languages: ['Java', 'Python'],
complianceFrameworks: ['NIST', 'PCI-DSS'],
includeQuantumAssessment: true
}
}
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?