Skills from trailofbits/skills
npx skills add trailofbits/skillsGitHub →Master Culture Index interpretation with this AI agent skill. Analyze CI profiles, behavioral data, team dynamics, and hiring suitability for optimal talent manageme
Master DWARF debug file analysis with this expert agent skill. Understand DWARF v3-v5 standards, parse debug info, and troubleshoot DWARF-related code for robust sof
Enhance your C/C++ and Rust projects with the AddressSanitizer (ASan) agent skill. Detect critical memory errors like buffer overflows and use-after-free bugs effici
Leverage the AFL++ Agent Skill for superior multi-core fuzzing performance. Ideal for large-scale security testing, this skill offers diverse mutation strategies and
Identify critical security flaws in Algorand smart contracts (TEAL/PyTeal) with this AI agent skill. Detect 11 common vulnerabilities, including rekeying attacks and
Leverage the Atheris Agent Skill to perform coverage-guided fuzzing for Python code and C extensions. Detect memory corruption issues with AddressSanitizer support f
Master deep architectural understanding with the Audit Context Building Agent Skill. Perform ultra-granular, line-by-line code analysis to establish a robust mental
Prepare your codebase for a security review with this AI Agent Skill. It leverages Trail of Bits' checklist to set goals, run static analysis, boost test coverage, a
Enhance your StarkNet project security. This agent skill scans Cairo smart contracts for 6 critical vulnerabilities, including arithmetic overflows and L1-L2 messagi
Enhance Rust project security with the cargo-fuzz Agent Skill. Automate fuzz testing, detect vulnerabilities, and integrate sanitizers for robust, reliable Rust code
Systematically assess codebase maturity with the Code Maturity Assessor Agent Skill. Uses Trail of Bits' 9-category framework to analyze security, testing, docs, and
Unlock advanced static code analysis with the CodeQL Agent Skill. Identify complex security vulnerabilities and code patterns across your codebase using sophisticate
Unlock advanced static code analysis with the CodeQL Agent Skill. Identify complex security vulnerabilities and code patterns across your codebase using sophisticate
Enhance cryptographic security with the Constant-Time Analysis Agent Skill. Detect and prevent timing side-channel vulnerabilities in your crypto implementations acr
Master the Constant-Time Testing Agent Skill to identify and mitigate timing vulnerabilities in cryptographic implementations. Enhance code security against side-cha
Scan Cosmos SDK blockchains and CosmWasm smart contracts for 9 consensus-critical vulnerabilities like non-determinism, ABCI panics, and rounding errors. Enhance you
Understand code execution during fuzzing with this coverage analysis agent skill. Identify blockers, track progress, and improve security harnesses efficiently.
Enhance your code review process with the Differential Security Review Agent Skill. Focus on critical security aspects of PRs and diffs, ensuring a risk-first, evide
Identify all state-changing entry points in smart contract codebases (Solidity, Vyper, Rust, Move) with the Entry Point Analyzer Agent Skill. Essential for security
Identify critical Firebase security misconfigurations in Android APKs. This agent skill scans for open databases, exposed storage, authentication flaws, and unauthen
Leverage the Fix Review Agent Skill to meticulously validate security bug fixes. Ensure remediation commits address findings without introducing new vulnerabilities.
Leverage the Fuzzing Dictionary Agent Skill to guide fuzzers with domain-specific tokens, improving vulnerability discovery in parsers, protocols, and file formats.
Learn how to effectively fuzz complex codebases by overcoming common obstacles like checksums, global state, and complex validation. This AI Agent Skill guides you t
Leverage the Trail of Bits Guidelines Advisor Agent Skill to enhance your smart contract security and quality. Get expert advice on architecture, upgradeability, tes
Master the art of writing effective fuzzing harnesses with this AI Agent Skill. Learn to create robust entry points for your System Under Test, enhance code coverage
Enhance your AI coding assistant with the LibAFL Agent Skill. Leverage modular Rust-based fuzzing for custom mutation strategies, novel security research, and target
Enhance your C/C++ project security with the libFuzzer agent skill. Leverage in-process, coverage-guided fuzzing for robust vulnerability discovery and code hardenin
Leverage the OSS-Fuzz Agent Skill to streamline continuous fuzz testing, build harnesses, and analyze coverage. Enhance your project's security and stability with AI
Enhance Ruby code and C extensions security with Ruzzy, a coverage-guided fuzzer built on libFuzzer. Detect memory corruption and undefined behavior efficiently with
Master SARIF file parsing with this agent skill. Efficiently analyze, aggregate, deduplicate, and integrate static analysis results into your CI/CD pipelines. Essent
Leverage the Secure Workflow Guide Agent Skill to implement Trail of Bits' 5-step process for smart contract security. Includes Slither scans, feature checks, diagra
Enhance your AI coding assistant with the Semgrep Agent Skill. Perform rapid static analysis, detect security vulnerabilities, enforce code standards, and refactor c
Enhance your AI coding assistant with the Semgrep Agent Skill. Perform rapid static analysis, detect security vulnerabilities, enforce code standards, and refactor c
Create custom Semgrep rules with this Agent Skill to detect security vulnerabilities, bug patterns, and enforce coding standards across your codebase. Build robust t
Port existing Semgrep rules to new target languages with the Semgrep Rule Variant Creator Agent Skill. Automate language-specific rule generation and testing for pol
Leverage the Sharp Edges Agent Skill to proactively identify security pitfalls in API designs, configurations, and cryptographic implementations. Ensure your code is
Efficiently search and analyze Burp Suite project files (.burp) from the command line. Extract security findings, HTTP history, and site map data with this powerful
Identify critical security flaws in Solana and Anchor programs with this AI Agent Skill. Scans for 6 common vulnerabilities like arbitrary CPI, PDA validation, and m
Ensure your code rigorously matches specifications with the Spec-to-Code Compliance Agent Skill. Ideal for blockchain audits, finding implementation gaps, and valida
Enhance your Substrate and Polkadot development with an AI agent skill that scans pallets for critical vulnerabilities like arithmetic overflows, DoS attacks, and or
Automate the creation and maintenance of security testing AI agent skills using the Trail of Bits Testing Handbook. Ideal for building new appsec.guide-based skills
Expertly analyze token implementations and integrations for ERC20/ERC721 conformity, identify weird token patterns, and assess security risks using Trail of Bits' ch
Boost TON smart contract security. This agent skill rigorously scans FunC code for critical vulnerabilities: integer-as-boolean misuse, fake Jetton contracts, and im
Leverage the Variant Analysis Agent Skill to proactively identify similar vulnerabilities and bugs across your codebase. Perfect for refining CodeQL/Semgrep queries
Enhance your coding assistant with the Wycheproof Agent Skill. Validate cryptographic implementations against extensive test vectors and uncover potential vulnerabil
Master property-based testing with this AI Agent Skill. Gain expert guidance for writing robust tests across multiple languages and smart contracts, ensuring stronge
Enhance your coding agent's ability to clarify ambiguous requests. This AI Agent Skill ensures requirements are understood, preventing wasted effort and improving ac