Static Analysis

This skill provides comprehensive guidance for setting up and configuring ShellCheck, a static analysis tool for shell scripts. It covers installation, configuration files (.shellcheckrc), common error codes and fixes, CI/CD integration patterns, and best practices for maintaining shell script quality.

A comprehensive documentation resource for writing production-grade Bash scripts. It covers defensive programming techniques, POSIX compliance, Bats testing patterns, and ShellCheck configuration for static analysis and code quality.

Comprehensive PR review toolkit with 6 specialized agents for analyzing code comments, test coverage, error handling, type design, code quality, and simplification. Each agent focuses on a specific aspect of code quality and provides actionable feedback.

Integrates the Pyright language server to provide static type checking and code intelligence for Python files. Adds support for .py and .pyi extensions with advanced type analysis.

A comprehensive guide for using Semgrep, a fast static analysis tool for finding bugs and security vulnerabilities. Covers installation, custom rule writing, CI/CD integration with GitHub Actions, and best practices for security scanning without sharing code with third parties.

CodeQL is a powerful static analysis framework that queries code as a database for security vulnerabilities and code patterns. This skill provides comprehensive documentation on creating CodeQL databases, writing custom queries, integrating with CI/CD pipelines, and using the framework for interprocedural control flow and data flow analysis across C/C++, Go, Java, JavaScript, Python, and other supported languages.

This skill automates the creation of Claude Code skills from the Trail of Bits Testing Handbook (appsec.guide). It analyzes handbook content for security testing tools (static analysis, fuzzers), techniques (sanitizers, coverage), and domains (cryptography, web security), then generates properly structured skills using templates. The generator includes a two-pass system for content and cross-references, automated validation, and self-improvement workflows.

A comprehensive skill for parsing and analyzing SARIF (Static Analysis Results Interchange Format) files from security scanning tools. It provides ready-to-use jq queries, Python helper functions for extracting findings, and best practices for aggregating, deduplicating, and integrating SARIF data into CI/CD pipelines.

This skill helps security engineers port existing Semgrep rules to new programming languages. It provides a structured 4-phase workflow including applicability analysis, test-first development, rule creation, and validation. The skill includes detailed guidance for translating patterns between languages and ensuring rules are properly tested.

This skill guides users through creating production-quality Semgrep rules for detecting security vulnerabilities and bug patterns. It follows a test-first approach: write test cases, analyze AST structure, write the rule, and iterate until all tests pass. Supports both taint mode for data flow analysis and pattern matching for syntactic detection.

This skill helps identify timing side-channel vulnerabilities in cryptographic implementations by analyzing compiled assembly or bytecode for dangerous instructions like variable-time division, secret-dependent branches, and non-constant-time comparisons. It supports C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, and Ruby, and provides remediation guidance using patterns like Barrett reduction and constant-time selection.

This skill helps developers prepare their codebase for professional security audits using Trail of Bits' checklist methodology. It runs static analysis tools appropriate to your platform (Solidity, Rust, Go), analyzes test coverage, identifies dead code, and generates comprehensive documentation including flowcharts, user stories, and glossaries.

Ultimate Bug Scanner (UBS) is a comprehensive static analysis tool that automatically scans your code for bugs, security issues, and code quality problems. It integrates with Claude Code via hooks to run scans on file saves and blocks dangerous git commands like 'git reset --hard' or 'rm -rf' to prevent accidental data loss.