Trailofbits
45 skills · 134K stars total
45 skills
This skill helps you write robust fuzzing harnesses across languages to maximize coverage, determinism, and bug reproducibility.
This skill scans APKs for Firebase misconfigurations and surfaces exposed databases, auth gaps, and cloud functions risks to guide mobile security audits.
This skill verifies code matches documentation and identifies gaps between spec and implementation in blockchain audits.
This skill helps you fuzz Rust projects quickly with cargo-fuzz, enabling libFuzzer-backed testing and sanitizer integration for robust code.
This skill helps you craft production-quality Semgrep rules with tests, taint mode, and validation to detect vulnerabilities and enforce standards.
This skill analyzes code maturity using Trail of Bits framework to produce evidence-based ratings and actionable improvement recommendations.
This skill helps fuzzers detect memory errors in C/C++ code using AddressSanitizer to find overflows and use-after-free issues.
This skill analyzes token implementations and integrations against ERC20/ERC721 standards, identifies 20+ weird patterns, and flags on-chain risks for secure
This skill helps you locate variant vulnerabilities across codebases by pattern-based analysis and systematic auditing guidance.
This skill analyzes smart contract codebases using Trail of Bits guidelines to generate docs, assess architecture, upgradeability, testing, and provide
This skill helps identify API misuses and dangerous defaults to ensure secure-by-default design and resist footgun configurations.
This skill helps clarify ambiguous requests by generating concise must-have questions to ensure accurate implementation.
This skill iteratively reviews and fixes Claude Code skills using the skill-reviewer agent to meet quality standards and improve descriptions.
This skill helps resolve vague prompts by drawing and interpreting a 4-card Tarot spread to guide next steps.
This skill detects missing zeroization of sensitive data in C/C++/Rust code and verifies compiler-induced zeroize removals with assembly evidence.
This skill generates minimal macOS Seatbelt sandbox configurations to isolate applications with allowlist-based profiles for secure, confined execution.
This skill guides designing workflow-based Claude Code skills with multi-step phases, decision trees, and progressive disclosure to ensure robust routing and
This skill analyzes local git branches and worktrees, groups related work, and guides safe cleanup with user approval.
This skill helps you interact with GitHub resources using the gh CLI, replacing curl or WebFetch for repos, PRs, issues, and API data.
This skill provides an independent code review by integrating Codex and Gemini CLIs for uncommitted changes, diffs, or specific commits.
This skill creates pre-configured devcontainers with Claude Code and language tooling for Python, Node, Rust, or Go, enabling isolated, persistent development
This skill guides authoring of high quality YARA-X rules for malware detection, focusing on performance, accuracy, and safe migration.
This skill detects fail-open insecure defaults such as weak secrets and permissive config to help audit production readiness and secure deployments.
This skill runs CodeQL analysis to detect security vulnerabilities across languages using interprocedural taint tracking and data flow insights.
This skill helps you apply property-based testing to serialization, parsing, validation, and smart contracts to improve coverage.
This skill prepares codebases for security reviews by guiding goals, running static analysis, boosting test coverage, removing dead code, and generating
This skill helps identify timing side-channel vulnerabilities in cryptographic code by flagging secret-dependent timing and branch behavior.
This skill helps you validate crypto implementations against known attacks using Wycheproof test vectors across AES-GCM, ECDSA, RSA, and more.
This skill helps you bypass anti-fuzzing obstacles by patching code for fuzzing builds while preserving production behavior.
This skill guides security analysis using Trail of Bits' 5-step workflow, runs Slither checks, generates diagrams, and documents security properties.
This skill helps you analyze DWARF debug information across v3-v5, answer standards questions, and assist code interacting with DWARF data.
This skill scans TON FunC contracts for three critical vulnerabilities, reports findings, and suggests fixes to improve security.
This skill helps you craft targeted fuzzing dictionaries to improve parser and protocol coverage by injecting domain-specific tokens.
This skill enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability hunting, reducing hallucinations and
This skill helps you quickly fuzz Python code and C extensions using Atheris to uncover memory issues with libFuzzer integration.
This skill helps identify timing side-channel leaks in cryptographic code by guiding statistical, dynamic, and formal analyses.
This skill helps you configure modern Python projects with uv, ruff, and ty, streamlining setup, tooling, and migrations.
This skill scans Algorand smart contracts for 11 vulnerabilities, delivering actionable findings and fixes to strengthen TEAL and PyTeal security.
This skill scans Solana programs for 6 critical vulnerabilities, identifies issues in CPI, PDA validation, signer checks, and sysvar spoofing.
This skill performs security-focused differential reviews of PRs and diffs, adapts depth by codebase size, and generates comprehensive markdown audit reports.
This skill helps you fuzz C/C++ code quickly using libFuzzer with Clang integration, enabling fast, single-project coverage exploration.
This skill ports existing Semgrep rules to new languages, generating independent rule and test directories per target.
This skill scans Cairo/StarkNet contracts for 6 critical vulnerabilities and provides actionable fixes to strengthen security before deployment.
This skill helps you build and customize fuzzers with LibAFL for advanced research, custom mutations, and fine-grained fuzzing control.
This skill verifies that remediation commits address security findings without introducing bugs by comparing changes to audit reports.