GitHub
Skills harvested from GitHub repositories
14810 skills availabletoken-integration-analyzer
Systematically analyzes the codebase for token-related security concerns using Trail of Bits' token integration checklis...
substrate-vulnerability-scanner
Systematically scan Substrate runtime modules (pallets) for platform-specific security vulnerabilities that can cause no...
solana-vulnerability-scanner
Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related...
secure-workflow-guide
Guides through Trail of Bits' secure development workflow - a 5-step process to enhance smart contract security througho...
guidelines-advisor
Systematically analyzes the codebase and provides guidance based on Trail of Bits' development guidelines: Generate docu...
cosmos-vulnerability-scanner
Scan Cosmos SDK modules and CosmWasm contracts for vulnerabilities that cause chain halts, consensus failures, or fund l...
code-maturity-assessor
Systematically assesses codebase maturity using Trail of Bits' 9-category framework. Provides evidence-based ratings and...
cairo-vulnerability-scanner
Systematically scan Cairo smart contracts on StarkNet for platform-specific security vulnerabilities related to arithmet...
audit-prep-assistant
Helps prepare for a security review using Trail of Bits' checklist. A well-prepared codebase makes the review process sm...
algorand-vulnerability-scanner
Systematically scan Algorand smart contracts (TEAL and PyTeal) for platform-specific security vulnerabilities documented...
audit-augmentation
Projects findings from external tools (SARIF) and human auditors (weAudit) onto Trailmark code graphs as annotations and...
dimensional-analysis
This skill orchestrates a dimensional-analysis pipeline for codebases that perform numeric computations with mixed units...
variant-analysis
You are a variant analysis expert. Your role is to help find similar vulnerabilities and bugs across a codebase after id...
let-fate-decide
When the path forward is unclear, let the cards speak. Run the drawing script: uv run --no-config {baseDir}/scripts/draw...
libafl
LibAFL is a modular fuzzing library that implements features from AFL-based fuzzers like AFL++. Unlike traditional fuzze...
differential-review
Security-focused code review for PRs, commits, and diffs. Risk-First: Focus on auth, crypto, value transfer, external ca...
modern-python
Guide for modern Python tooling and best practices, based on trailofbits/cookiecutter-python. Creating a new Python proj...
entry-point-analyzer
Systematically identify all state-changing entry points in a smart contract codebase to guide security audits. Use this ...
insecure-defaults
Finds fail-open vulnerabilities where apps run insecurely with missing configuration. Distinguishes exploitable defaults...
devcontainer-setup
Creates a pre-configured devcontainer with Claude Code and language-specific tooling. User asks to "set up a devcontaine...
c-review
Runs in the main conversation (invoke via /c-review:c-review). Orchestrator owns the Task ledger as bookkeeping for retr...
crypto-protocol-diagram
Produces a Mermaid sequenceDiagram (written to file) and an ASCII sequence diagram (printed inline) from either: Source ...
agentic-actions-auditor
Static security analysis guidance for GitHub Actions workflows that invoke AI coding agents. This skill teaches you how ...
fp-check
"Is this bug real?" or "is this a true positive?" "Is this a false positive?" or "verify this finding" "Check if this vu...