trailofbits/skills
These skills were imported into SkillJury from the public skills ecosystem.
dimensional-analysis
This skill orchestrates a dimensional-analysis pipeline for codebases that perform numeric computations with mixed units, precisions, or scaling factors. The main skill context is a workflow controller only: it delegates scanning, vocabulary discovery, annotation, propagation, and validation to specialized subagents,...
ask-questions-if-underspecified
Ask clarifying questions before implementing when requirements are ambiguous or incomplete.
modern-python
Modern Python project setup with uv, ruff, and ty for Python 3.11+.
semgrep
Parallel static analysis scanner with automatic language detection, Pro cross-file taint tracking, and merged SARIF output.
agentic-actions-auditor
Static security analysis for GitHub Actions workflows invoking AI coding agents.
audit-context-building
Ultra-granular, line-by-line code analysis to build stable architectural context before vulnerability discovery.
audit-prep-assistant
Prepares codebases for security audits using Trail of Bits' checklist across four structured phases.
code-maturity-assessor
Systematic code maturity evaluation across 9 security and engineering categories with evidence-based ratings.
codeql
Interprocedural security vulnerability scanning with data flow analysis and customizable query suites.
coverage-analysis
Measure code exercised during fuzzing to assess harness effectiveness and identify blockers.
differential-review
Security-focused differential analysis of code changes with adaptive depth, blast radius calculation, and markdown reporting.
entry-point-analyzer
Smart contract entry point detector for security audit surface mapping.
fp-check
Systematically verify suspected security bugs and classify them as true or false positives with documented evidence.
fuzzing-obstacles
Patch code to bypass checksums, global state, and validation barriers that block fuzzer progress.
guidelines-advisor
Smart contract development advisor applying Trail of Bits' security and design guidelines to analyze codebases systematically.
insecure-defaults
Detects fail-open security vulnerabilities where applications run insecurely with missing or weak default configuration.
property-based-testing
Guidance for property-based testing across languages and smart contracts.
sarif-parsing
Parse, filter, deduplicate, and aggregate SARIF files from static analysis tools.
secure-workflow-guide
Smart contract security review through Trail of Bits' 5-step workflow with automated scanning, visual analysis, and property documentation.
semgrep-rule-creator
Custom Semgrep rule creation with test-driven validation and AST-guided pattern development.
sharp-edges
Identifies error-prone APIs, configurations, and designs that enable developer security mistakes.
solana-vulnerability-scanner
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, and missing security checks.
spec-to-code-compliance
Verifies code implements exactly what documentation specifies for blockchain audits.
supply-chain-risk-auditor
Identifies high-risk dependencies vulnerable to exploitation or takeover through systematic supply chain analysis.