EXPLORER LES COMPOSANTS

3.4k4 recipe(s)Essayer live

Runs CodeQL and Semgrep for automated security vulnerability detection in codebases.

codeqlsemgrepsast+1

Feb 20, 2026

À revoir bientôt

CodeQL Analysis

skilltrail-of-bitsstatic-analysis+2

Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Trig...

Agentic Actions Auditor

skilltrail-of-bitsagentic+2

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemi...

Semgrep Analysis

skilltrail-of-bitsstatic-analysis+2

Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full rules...

Constant Time Analysis

skilltrail-of-bitsconstant+2

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encou...

C/C++ Security Review

Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-spe...

skilltrail-of-bitsreview

YARA Rule Authoring

Author, test, and refine YARA rules for malware, exploit, and artifact detection while minimizing false positives.

skilltrail-of-bitsyara+2

Variant Analysis

skilltrail-of-bitsvariant+1

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, buil...

Trail of Bits Skills

security-auditvulnerabilitybinary-analysis+1

Security audit skill collection from Trail of Bits covering vulnerability detection, binary analysis, SAST, and secure c...

Mar 25, 2026

Frais

3.9kEssayer live

Dimensional Analysis

skilltrail-of-bitsdimensional+1

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when some...

Seatbelt Sandboxer

skilltrail-of-bitsseatbelt+1

Generates minimal macOS Seatbelt sandbox configurations. Use when sandboxing, isolating, or restricting macOS applicatio...

Burpsuite Project Parser

skilltrail-of-bitsburpsuite+2

Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bod...

Sharp Edges

skilltrail-of-bitssharp+1

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when revie...

Spec To Code Compliance

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whi...

skilltrail-of-bitsspec+2

SARIF Parsing

skilltrail-of-bitsstatic-analysis+3

Parses and processes SARIF files from static analysis tools like CodeQL, Semgrep, or other scanners. Triggers on "parse...

AddressSanitizer

skilltrail-of-bitsfuzzing+4

Use AddressSanitizer to find memory corruption bugs, configure instrumented builds, interpret sanitizer reports, and tur...

OSS-Fuzz Integration

skilltrail-of-bitsfuzzing+3

Prepare OSS-Fuzz integrations with build scripts, fuzz targets, seed corpora, dictionaries, and project metadata for con...

Coverage Analysis

skilltrail-of-bitsfuzzing+3

Measure fuzzing or test coverage, identify untested parser and protocol paths, and translate coverage gaps into better h...

Differential Review Skill

3.4k1 recipe(s)Essayer live

Security-focused review of code changes using git history analysis to find regressions.

diffgitregression+1

Feb 20, 2026

À revoir bientôt

cargo-fuzz

skilltrail-of-bitsfuzzing+4

Set up cargo-fuzz for Rust crates, write effective fuzz targets, manage corpora, and triage panics or sanitizer crashes.