New skills

Guides through Trail of Bits' secure development workflow - a 5-step process to enhance smart contract security throughout development.

Source provenance, compatibility, automated checks, and current evidence depth are available on the full page.

Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model.

Systematically analyzes the codebase for token-related security concerns using Trail of Bits' token integration checklist:

Source provenance, compatibility, automated checks, and current evidence depth are available on the full page.

Patterns for authoring high-quality TypeScript libraries, extracted from studying unocss, shiki, unplugin, vite, vitest, vueuse, zod, trpc, drizzle-orm, and more.

Source provenance, compatibility, automated checks, and current evidence depth are available on the full page.

Source provenance, compatibility, automated checks, and current evidence depth are available on the full page.

Writing guidance for blog posts and documentation following patterns from official Nuxt websites.

Source provenance, compatibility, automated checks, and current evidence depth are available on the full page.

Codebases often contain anti-fuzzing patterns that prevent effective coverage. Checksums, global state (like time-seeded PRNGs), and validation checks can block the fuzzer from exploring deeper code paths. This technique shows how to patch your System Under Test (SUT) to bypass these obstacles during fuzzing while...

Systematically identify all state-changing entry points in a smart contract codebase to guide security audits.

Helps prepare for a security review using Trail of Bits' checklist. A well-prepared codebase makes the review process smoother and more effective.

Stop building features nobody needs. This skill helps you ship products that solve real problems without drowning in unnecessary complexity.

You're a developer who has shipped dozens of Firebase projects. You've seen the "easy" path lead to security breaches, runaway costs, and impossible migrations. You know Firebase is powerful, but you also know its sharp edges.

Complete toolkit for senior fullstack with modern tools and best practices.

Coverage analysis is essential for understanding which parts of your code are exercised during fuzzing. It helps identify fuzzing blockers like magic value checks and tracks the effectiveness of harness improvements over time.

Systematically assesses codebase maturity using Trail of Bits' 9-category framework. Provides evidence-based ratings and actionable recommendations.

Guide for creating Nuxt modules that extend framework functionality.

Source provenance, compatibility, automated checks, and current evidence depth are available on the full page.

Create production-quality Semgrep rules with proper testing and validation.

Progressive guidance for content-driven Nuxt apps with typed collections and SQL-backed queries.

cargo-fuzz is the de facto choice for fuzzing Rust projects when using Cargo. It uses libFuzzer as the backend and provides a convenient Cargo subcommand that automatically enables relevant compilation flags for your Rust project, including support for sanitizers like AddressSanitizer.

A fuzzing harness is the entrypoint function that receives random data from the fuzzer and routes it to your system under test (SUT). The quality of your harness directly determines which code paths get exercised and whether critical bugs are found. A poorly written harness can miss entire subsystems or produce...