@trailofbits

codeql performs interprocedural security vulnerability scanning across eight languages using data flow analysis, database quality checks, and custom query suites to avoid silent result filtering.

semgrep runs parallel static analysis with automatic language detection, pro cross-file taint tracking fallback to oss mode, and merged sarif output. requires explicit user approval before execution.

harness-writing covers fuzzing harness design across c/c++, rust, go, and python with entry point patterns, input parsing strategies, and tool-specific implementations for libfuzzer, afl++, cargo-fuzz, and go-fuzz.

token-integration-analyzer systematically identifies token security risks across erc20/erc721 implementations and integrations using trail of bits methodology, detects 24+ non-standard token behaviors, and delivers prioritized remediation guidance with defensive transfer patterns.

ton-vulnerability-scanner identifies three security patterns in ton smart contracts (integer-as-boolean misuse, fake jetton handlers, unsafe gas forwarding). detects funC code via file extensions and project structure, then surfaces vulnerable code with pocs and fix recommendations.

secure-workflow-guide covers smart contract security through slither scanning, architectural diagram generation, property documentation, and manual review guidance aligned with trail of bits' methodology.

second-opinion delegates code review to external llm cli tools (openai codex or google gemini) on git diffs and uncommitted changes. useful for cross-model validation and specific review angles before pr submission.

firebase-apk-scanner extracts firebase configuration from decompiled android apks and tests realtime databases, firestore, storage, and cloud functions for unauthenticated access, with fallback curl procedures for failed automated scans.

trailmark builds directed graphs of source code structure (functions, classes, calls, metadata) for security analysis, audit prep, and attack surface mapping across multiple languages.

code-maturity-assessor applies trail of bits' 9-category framework to evaluate blockchain codebases, mapping security posture against arithmetic safety, auditing, access controls, and other engineering dimensions. output is a scored maturity card with improvement roadmap.

insecure-defaults identifies configuration vulnerabilities where applications default to weak or missing secrets rather than failing safely. detects fail-open patterns in env variable handling and hardcoded credentials across audit and deployment contexts.

cosmos-vulnerability-scanner audits cosmos sdk modules and cosmwasm contracts against consensus-critical failures (chain halts, fund loss, state divergence). supports go and rust with parallel specialised agents and structured remediation output.

entry-point-analyzer documents a workflow for identifying state-changing external functions in smart contracts during security audits. the skill lacks actionable steps, specific detection methods, or guidance on edge cases like proxy patterns or delegatecall risks.

diagramming-code converts code graph metadata into mermaid diagrams. claude selects diagram types and parameters while delegating syntax generation to a pre-made script. five use cases documented, none explicitly excluded.

address-sanitizer documents memory error detection via compile-time instrumentation and shadow memory tracking, but lacks actionable procedure, trigger conditions, and failure mode coverage.

atheris is a coverage-guided fuzzer for python code and c extensions, providing memory corruption detection via integrated AddressSanitizer support, but lacks actionable setup and execution guidance.

ruzzy is a coverage-guided fuzzer for ruby built on libfuzzer, supporting pure ruby code and c extensions with sanitizer integration for memory corruption detection.

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a…

Generates minimal macOS Seatbelt sandbox configurations. Use when sandboxing, isolating, or restricting macOS applications with allowlist-based profiles.

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and…

Draws 4 Tarot cards to inject entropy into planning when prompts are vague, ambiguous, or casually delegated. Interprets the spread to guide next steps. Use…

>-

>

Iteratively reviews and fixes Claude Code skill quality issues until they meet standards. Runs automated fix-review cycles using the skill-reviewer agent. Use…

Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work.

Creates devcontainers with Claude Code, language-specific tooling (Python/Node/Rust/Go), and persistent volumes. Use when adding devcontainer support to a…

Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting…

Diagnose and fix Claude in Chrome MCP extension connectivity issues. Use when mcp__claude-in-chrome__* tools fail, return "Browser extension is not connected",…

>

>

>

>

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets,…

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when…

>

Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information,…

Creates language variants of existing Semgrep rules. Use when porting a Semgrep rule to specified target languages. Takes an existing rule and target languages…

Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems,…

>

>

>

>

Interprets Culture Index (CI) surveys, behavioral profiles, and personality assessment data. Supports individual profile interpretation, team composition…

Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access…

>

>

>

semgrep-rule-creator — an installable skill for AI agents, published by trailofbits/skills.

>-

Smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture,…

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs…

audit-prep-assistant — an installable skill for AI agents, published by trailofbits/skills.

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing.…

variant-analysis — an installable skill for AI agents, published by trailofbits/skills.

Enforces authenticated gh CLI workflows over unauthenticated curl/WebFetch patterns. Use when working with GitHub URLs, API access, pull requests, or issues.

Provides guidance for property-based testing across multiple languages and smart contracts. Use when writing tests, reviewing code with…

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration…

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for…

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI…

differential-review — an installable skill for AI agents, published by trailofbits/skills.

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or…

Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.

Clarify requirements before implementing. Use when serious doubts arise.

Mutation-driven test vector generation. Finds implementations of a cryptographic algorithm or protocol, runs mutation testing to identify escaped mutants, then…

>

Extracts protocol message flow from source code, RFCs, academic papers, pseudocode, informal prose, ProVerif (.pv), or Tamarin (.spthy) models and generates…

Graph-informed mutation testing triage. Parses codebases with Trailmark, runs mutation testing and necessist, then uses survived mutants, unnecessary test…

mermaid-to-proverif — an installable skill for AI agents, published by trailofbits/skills.

Configures mewt or muton mutation testing campaigns — scopes targets, tunes timeouts, and optimizes long-running runs. Use when the user mentions mewt, muton,…

Runs full Trailmark structural analysis on Trailmark 0.2.x by building a graph, running `preanalysis()`, and reporting hotspots, taint, blast radius, privilege…

graph-evolution — an installable skill for AI agents, published by trailofbits/skills.

Runs a Trailmark summary analysis on a codebase. Returns auto-detected languages, entry point count, and dependency list. Use when vivisect or galvanize needs…

>

Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when…