trailofbits

A comprehensive guide for using Semgrep, a fast static analysis tool for finding bugs and security vulnerabilities. Covers installation, custom rule writing, CI/CD integration with GitHub Actions, and best practices for security scanning without sharing code with third parties.

CodeQL is a powerful static analysis framework that queries code as a database for security vulnerabilities and code patterns. This skill provides comprehensive documentation on creating CodeQL databases, writing custom queries, integrating with CI/CD pipelines, and using the framework for interprocedural control flow and data flow analysis across C/C++, Go, Java, JavaScript, Python, and other supported languages.

A comprehensive guide for modern Python development using uv, ruff, ty, and pytest. It covers project setup, dependency management, testing, security tooling (pre-commit hooks, secret detection, vulnerability scanning), and migration from legacy tools like pip, black, mypy, and pre-commit.

A variant analysis skill that helps security researchers find similar vulnerabilities across a codebase after discovering an initial bug. It provides a structured methodology for pattern-based searching, ready-to-use Semgrep rule templates for multiple languages (Python, JavaScript, Java, Go, C++), and documentation templates for tracking findings.

Wycheproof is a documentation skill that teaches developers how to validate cryptographic implementations using test vectors. It covers testing workflows for AES-GCM, ECDSA, ECDH, RSA, and other algorithms, with examples in Python and JavaScript.

This skill automates the creation of Claude Code skills from the Trail of Bits Testing Handbook (appsec.guide). It analyzes handbook content for security testing tools (static analysis, fuzzers), techniques (sanitizers, coverage), and domains (cryptography, web security), then generates properly structured skills using templates. The generator includes a two-pass system for content and cross-references, automated validation, and self-improvement workflows.

Ruzzy is a reference skill that teaches how to use Trail of Bits' coverage-guided Ruby fuzzer. It provides installation instructions, harness writing patterns, and sanitizer configuration for finding memory corruption bugs in Ruby code and C extensions.

OSS-Fuzz is a technique skill that guides users through setting up continuous fuzzing for open source projects using Google's free distributed infrastructure. It covers project enrollment, running harnesses locally with the helper.py CLI, coverage analysis, and integrating with multiple fuzzing engines including libFuzzer, AFL++, and Atheris for Python projects.

A comprehensive reference guide for libFuzzer, the LLVM-integrated coverage-guided fuzzer for C/C++ projects. Covers harness writing, compilation, corpus management, sanitizer integration, and running fuzzing campaigns with practical examples and troubleshooting tips.

LibAFL is a comprehensive guide for using the modular LibAFL fuzzing library. It covers installation, writing fuzz harnesses, building custom fuzzers in Rust, and running fuzzing campaigns with features like multi-core support, dictionary fuzzing, and crash deduplication.

A comprehensive guide for writing effective fuzzing harnesses in C++, Rust, and Go. Covers harness patterns, input structuring with FuzzedDataProvider, tool-specific guidance for libFuzzer, AFL++, cargo-fuzz, and go-fuzz, plus troubleshooting tips.

This skill teaches developers techniques for modifying source code to overcome common fuzzing obstacles. It covers conditional compilation patterns in C/C++ and Rust to bypass checksums, deterministic PRNG seeding, and validation checks during fuzzing builds while preserving production behavior.

This skill provides comprehensive guidance on creating fuzzing dictionaries - specialized files containing domain-specific tokens that help fuzzers discover bugs in parsers, protocols, and file format handlers. It covers dictionary format syntax, generation methods from various sources (LLM, headers, binaries), and integration with popular fuzzers like libFuzzer, AFL++, and cargo-fuzz.

A comprehensive guide to code coverage analysis during fuzzing. It explains how to instrument code with LLVM or GCC coverage flags, generate coverage reports, and interpret results to improve fuzzing harness effectiveness and identify hard-to-reach code paths.

A comprehensive guide for auditing cryptographic code for timing side-channel vulnerabilities. It covers constant-time testing theory, common vulnerability patterns like secret-dependent branches and cache-timing attacks, and provides practical workflows using tools like dudect for statistical analysis and timecop for dynamic tracing.

A comprehensive guide for fuzzing Rust projects using cargo-fuzz with libFuzzer backend. Covers installation, harness writing, sanitizer integration, coverage analysis, and provides real-world examples for finding bugs in Rust code.

Atheris is a comprehensive reference skill for Python fuzzing using Google's Atheris library. It provides installation guides, harness writing patterns, Docker configurations, corpus management strategies, and AddressSanitizer integration for detecting memory corruption in Python code and C extensions.

AFL++ is a documentation skill that teaches how to use the AFL++ fuzzer for finding bugs in C/C++ code. It covers installation, harness writing, compilation, multi-core fuzzing campaigns, sanitizer integration, and coverage analysis with practical examples.

This skill provides comprehensive documentation on AddressSanitizer (ASan), a memory error detection tool used during software testing and fuzzing. It covers compilation flags, configuration options, integration with popular fuzzing tools (libFuzzer, AFL++, cargo-fuzz, honggfuzz), and troubleshooting guidance.

Guides blockchain auditors through verifying that smart contract code implements exactly what specification documents describe. Uses a 6-phase methodology with intermediate representations to systematically compare whitepapers and design docs against actual code implementation, identifying gaps, mismatches, and undocumented behavior.

A comprehensive skill for parsing and analyzing SARIF (Static Analysis Results Interchange Format) files from security scanning tools. It provides ready-to-use jq queries, Python helper functions for extracting findings, and best practices for aggregating, deduplicating, and integrating SARIF data into CI/CD pipelines.

Sharp Edges is a security analysis skill that identifies error-prone APIs, dangerous configurations, and footgun designs that enable developer mistakes. It provides comprehensive reference documentation covering cryptographic API pitfalls, configuration security patterns, authentication footguns, and language-specific sharp edges across 11 programming languages.

This skill helps security engineers port existing Semgrep rules to new programming languages. It provides a structured 4-phase workflow including applicability analysis, test-first development, rule creation, and validation. The skill includes detailed guidance for translating patterns between languages and ensuring rules are properly tested.

This skill guides users through creating production-quality Semgrep rules for detecting security vulnerabilities and bug patterns. It follows a test-first approach: write test cases, analyze AST structure, write the rule, and iterate until all tests pass. Supports both taint mode for data flow analysis and pattern matching for syntactic detection.

A comprehensive property-based testing (PBT) guide that helps Claude detect PBT opportunities, generate tests, review existing tests, and apply Property-Driven Development across Python, JavaScript, Rust, Go, Java, and 10+ other languages including Solidity smart contracts.

Entry Point Analyzer is a security auditing skill for smart contracts. It systematically identifies all state-changing entry points (externally callable functions that modify state) in smart contract codebases across Solidity, Vyper, Solana, Move, TON, and CosmWasm. The skill classifies each entry point by access control level and generates structured audit reports to guide security analysis.

This skill provides technical knowledge about the DWARF debugging standard (versions 3-5) used in compiled binaries. It helps with parsing DWARF debug information using tools like dwarfdump and readelf, answering questions about the DWARF specification, and writing code that interacts with DWARF data using libraries like pyelftools (Python), gimli (Rust), or libdwarf (C/C++).

A differential analysis skill for verifying that git commits properly address security audit findings. It helps map code changes to specific findings (like TOB-XXX format), detect potential bug introductions, and generate comprehensive fix review reports.

A comprehensive Firebase security scanner for Android APKs that identifies misconfigurations in authentication, Realtime Database, Firestore, Storage, Cloud Functions, and Remote Config. It extracts Firebase configuration from decompiled APKs and tests endpoints for common vulnerabilities like open signups, unauthenticated database access, and exposed storage buckets.

A comprehensive security-focused code review skill for analyzing pull requests, commits, and diffs. It uses git history for context, calculates blast radius of changes, checks test coverage, performs adversarial vulnerability analysis, and generates detailed markdown security reports with findings and recommendations.

A comprehensive skill for interpreting Culture Index (CI) behavioral assessment surveys. It extracts profile data from CI PDFs using computer vision, then provides detailed analysis including individual trait interpretation, team composition assessment, burnout detection, hiring profile creation, and conflict mediation based on CI methodology.

This skill helps identify timing side-channel vulnerabilities in cryptographic implementations by analyzing compiled assembly or bytecode for dangerous instructions like variable-time division, secret-dependent branches, and non-constant-time comparisons. It supports C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, and Ruby, and provides remediation guidance using patterns like Barrett reduction and constant-time selection.

A security auditing skill for TON blockchain smart contracts written in FunC. It detects three critical vulnerability patterns: integer-as-boolean misuse (where positive integers used as booleans cause logic errors), fake Jetton contract attacks (missing sender validation on transfer notifications), and gas drainage vulnerabilities (unchecked forward TON amounts). The skill provides detailed detection patterns, mitigation code, and testing recommendations.

A comprehensive token integration security analyzer based on Trail of Bits' checklist. Guides users through systematic analysis of ERC20/ERC721 tokens for conformity issues, weird token patterns (fee-on-transfer, rebasing, missing returns, etc.), owner privileges, and integration safety concerns. Provides structured report templates and checklists.

This skill provides comprehensive security auditing guidelines for Substrate/FRAME blockchain runtime modules (pallets). It documents 7 critical vulnerability patterns including arithmetic overflow, panic DoS, incorrect weights, and origin validation issues, with detection patterns, mitigations, and testing recommendations.

A specialized security scanner for Solana blockchain programs that detects 6 critical vulnerability patterns including arbitrary cross-program invocations, improper PDA validation, and missing signer/ownership checks. It provides detailed vulnerability reports with code examples and mitigation strategies for both native Solana and Anchor framework programs.

This skill guides Solidity developers through Trail of Bits' 5-step secure development workflow. It helps run Slither security scans, check upgradeability and ERC conformance, generate visual security diagrams, document security properties for fuzzing/verification, and review manual security areas like front-running and DeFi risks.

A comprehensive smart contract development advisor based on Trail of Bits' best practices. It systematically analyzes blockchain codebases to review architecture, check upgradeability patterns, identify common security pitfalls, assess dependencies, and evaluate testing coverage, providing prioritized recommendations for improvement.

A comprehensive security scanner for Cosmos SDK blockchains that identifies 9 consensus-critical vulnerabilities including non-determinism, incorrect signers, ABCI panics, and rounding errors. It provides detection patterns, mitigation strategies, and testing recommendations for auditing Cosmos chains and CosmWasm contracts.

This skill systematically assesses codebase maturity using Trail of Bits' Building Secure Contracts framework. It evaluates 9 categories including arithmetic safety, access controls, complexity management, documentation, and testing, producing a detailed scorecard with ratings (0-4) and actionable improvement recommendations.

A comprehensive security auditing skill for Cairo/StarkNet smart contracts. It systematically scans for 6 critical vulnerability patterns including arithmetic overflow, L1-L2 messaging issues, signature replay attacks, and unchecked access control, providing detailed remediation guidance and integration with the Caracal static analyzer.

This skill helps developers prepare their codebase for professional security audits using Trail of Bits' checklist methodology. It runs static analysis tools appropriate to your platform (Solidity, Rust, Go), analyzes test coverage, identifies dead code, and generates comprehensive documentation including flowcharts, user stories, and glossaries.

A security auditing skill for Algorand blockchain smart contracts. It guides users through scanning TEAL and PyTeal code for 11 critical vulnerability patterns including rekeying attacks, unchecked transaction fees, and access control issues, with detailed detection patterns and mitigation strategies.

This skill enables deep, line-by-line code analysis for security audits and architecture reviews. It provides structured frameworks including First Principles, 5 Whys, and 5 Hows methodologies to build comprehensive understanding of codebases before vulnerability hunting. The skill focuses purely on context building and explicitly excludes vulnerability findings or exploit reasoning.

This skill helps ensure requirements are properly understood before implementation begins. It provides a structured workflow for identifying when requests are underspecified, asking targeted clarifying questions (1-5 at a time), and confirming interpretation before proceeding with work. Useful for avoiding wasted effort on misunderstood requirements.