trailofbits/skills

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

Use this skill proactively during development when you encounter patterns where PBT provides stronger coverage than example-based tests.

Supported languages: Python, JavaScript/TypeScript, Go, Java/Kotlin, C/C++, C#, Ruby, Swift.

This skill governs how Claude thinks during the context-building phase of an audit.

Source details, install context, and public review data are available on the full page.

Guides through Trail of Bits' secure development workflow - a 5-step process to enhance smart contract security throughout development.

Source details, install context, and public review data are available on the full page.

Guide for modern Python tooling and best practices, based on trailofbits/cookiecutter-python .

Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model.

Systematically analyzes the codebase for token-related security concerns using Trail of Bits' token integration checklist:

Source details, install context, and public review data are available on the full page.

Source details, install context, and public review data are available on the full page.

Codebases often contain anti-fuzzing patterns that prevent effective coverage. Checksums, global state (like time-seeded PRNGs), and validation checks can block the fuzzer from exploring deeper code paths. This technique shows how to patch your System Under Test (SUT) to bypass these obstacles during fuzzing while...

Systematically identify all state-changing entry points in a smart contract codebase to guide security audits.

Helps prepare for a security review using Trail of Bits' checklist. A well-prepared codebase makes the review process smoother and more effective.

Coverage analysis is essential for understanding which parts of your code are exercised during fuzzing. It helps identify fuzzing blockers like magic value checks and tracks the effectiveness of harness improvements over time.

Systematically assesses codebase maturity using Trail of Bits' 9-category framework. Provides evidence-based ratings and actionable recommendations.

Create production-quality Semgrep rules with proper testing and validation.

cargo-fuzz is the de facto choice for fuzzing Rust projects when using Cargo. It uses libFuzzer as the backend and provides a convenient Cargo subcommand that automatically enables relevant compilation flags for your Rust project, including support for sanitizers like AddressSanitizer.

A fuzzing harness is the entrypoint function that receives random data from the fuzzer and routes it to your system under test (SUT). The quality of your harness directly determines which code paths get exercised and whether critical bugs are found. A poorly written harness can miss entire subsystems or produce...

Source details, install context, and public review data are available on the full page.

Systematically scan Cosmos SDK blockchain modules and CosmWasm smart contracts for platform-specific security vulnerabilities that can cause chain halts, consensus failures, or fund loss. This skill encodes 9 critical vulnerability patterns unique to Cosmos-based chains.

Generate and maintain Claude Code skills from the Trail of Bits Testing Handbook.

Analyze cryptographic code to detect operations that leak secret data through execution timing variations.