sc-rce

What problem does it solve?

Remote code execution vectors are a critical class of security vulnerabilities where user-controlled input reaches dynamic code evaluation functions, enabling attackers to execute arbitrary code on a host.

Core Features & Use Cases

• Data-flow tracing from user input to eval/exec/Function-like calls across languages (Python, JavaScript, PHP, Java, C#, Go, Ruby)
• Language-specific pattern detection for common RCE vectors (eval, Function, vm.runInNewContext, ScriptEngine, etc.)
• Structured findings with severity classification and remediation guidance in a consistent format

Quick Start

Run the sc-rce skill against a codebase containing dynamic code evaluation patterns to identify exploitable RCE vectors