Static Analysis Skill
90/100
@trailofbitsRuns CodeQL and Semgrep for automated security vulnerability detection in codebases.
Review Scores
Security34/35
Maintain.30/35
Usability26/30
Evidence:
high
Reviewed Feb 20, 2026Review soon
Reviewed Version
1.0.0
Latest Version
1.0.0
Freshness
Review is 120 days old; refresh it soon.
Scores reflect the version reviewed and may change with updates.
Security Audit - Pending
Security audit has not been performed yet for this version.
Live Playground
Open Full PageLive Sandbox
Run this skill in an isolated environment
$ ls
skill.md src/ package.json
$ claude -p "review the code in src/"
Analyzing source files...
Sign in to try this skill in a live sandbox.
Overview
When to Use
When NOT to Use
Setup
ls /workspaceTroubleshooting
Scenes
Tags
Used in Recipes
- Security Pipeline(Scans codebase for vulnerability patterns using SAST rules)
- AI-Powered Review Pipeline(Scans for security vulnerabilities and code quality patterns)
- Agent Security Review(Finds unsafe code patterns in agent implementation)
- Secure File Operations(Reviews touched code for unsafe patterns)
More by Trail of Bits
- Agentic Actions AuditorSkill90/100
- C/C++ Security ReviewSkill90/100
- Constant Time AnalysisSkill90/100
- CodeQL AnalysisSkill90/100