Trail of Bits

Scan Substrate/Polkadot pallets for critical vulnerabilities to enhance security.

Analyzes smart contract codebases to identify state-changing entry points for security audits.

Configures Python projects with modern tooling for streamlined development.

Iteratively improves Claude Code skills by fixing quality issues through automated review cycles.

Design and structure multi-step workflow skills for Claude Code effectively.

Create high-quality YARA-X detection rules for effective malware identification.

Prepares codebases for security reviews using Trail of Bits' checklist, enhancing code quality and documentation.

Learn techniques for writing effective fuzzing harnesses across multiple programming languages.

Systematic assessment of code maturity using a 9-category framework.

Scan Android APKs for Firebase security misconfigurations and vulnerabilities.

AFL++ enhances fuzzing performance with multi-core support for C/C++ projects.

Fuzzing dictionaries enhance fuzzers with domain-specific tokens for effective testing.

LibAFL is a modular fuzzing library for building custom fuzzers with advanced features.

Enables ultra-granular, line-by-line code analysis for deep architectural context before vulnerability discovery.

Clarify requirements before implementation to avoid miscommunication and errors.

Scans Algorand smart contracts for 11 common vulnerabilities to enhance security.

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations.

Scans Cairo/StarkNet smart contracts for critical vulnerabilities.

Scans Cosmos SDK modules and CosmWasm contracts for critical vulnerabilities that can halt chains or cause fund loss.

Enhance smart contract security with a structured 5-step workflow.

Techniques for patching code to overcome fuzzing obstacles like checksums and global state.

Smart contract development advisor that analyzes codebases and provides actionable recommendations based on best practices.

Parses and processes SARIF files from static analysis tools for actionable insights.

Scan Solana programs for critical vulnerabilities to enhance security.

Analyzes token implementations and integrations for security and conformity using a comprehensive checklist.

Scans TON smart contracts for critical vulnerabilities in FunC code.

Diagnose and fix connectivity issues for the Claude in Chrome MCP extension.

Command-line tool for searching and analyzing Burp Suite project files (.burp).

Detects timing side-channel vulnerabilities in cryptographic code.

Creates devcontainers with Claude Code and language-specific tooling for isolated development.

Interprets Culture Index surveys and behavioral profiles for team and individual insights.

Debugs the Buttercup CRS on Kubernetes to diagnose service failures and resource issues.

Conducts security-focused differential reviews of code changes to prevent vulnerabilities.

Annotates codebases with dimensional analysis to prevent formula bugs and dimensional mismatches.

Expertise for analyzing DWARF debug files and understanding the DWARF standard (v3-v5).

Injects randomness into decision-making by drawing Tarot cards for vague prompts.

Safely analyze and clean up local git branches and worktrees by categorizing them.

Systematically verifies suspected security bugs to eliminate false positives with documented evidence.

Detects insecure defaults that allow applications to run with weak security configurations.

Configures mutation testing campaigns with mewt or muton, optimizing performance and scope.

Guidance for implementing property-based testing across multiple languages and smart contracts.

Generates minimal macOS Seatbelt sandbox configurations for application isolation.

Runs external LLM code reviews on code changes using OpenAI Codex or Google Gemini.

Create custom Semgrep rules to detect security vulnerabilities and code patterns.

Create language variants of existing Semgrep rules for targeted applications.

Identifies error-prone APIs and configurations to prevent security mistakes.

Verifies code compliance with documentation for blockchain audits.

Scans codebases for security vulnerabilities using CodeQL's advanced analysis techniques.

Run Semgrep static analysis scans on codebases with parallel execution for enhanced performance.

Evaluates project dependencies for risk of exploitation or takeover.

AddressSanitizer detects memory errors during fuzzing C/C++ code.

Atheris is a coverage-guided fuzzer for Python code and C extensions, leveraging libFuzzer.

cargo-fuzz is the leading fuzzing tool for Rust projects using Cargo, leveraging libFuzzer for effective testing.

Constant-time testing identifies timing side channels in cryptographic code to enhance security.

Coverage analysis measures code exercised during fuzzing to enhance harness effectiveness and identify blockers.

Coverage-guided fuzzer for C/C++ projects integrated with LLVM.

OSS-Fuzz offers free continuous fuzzing for open source projects, streamlining the testing process.

Ruzzy is a coverage-guided fuzzer for Ruby, enabling effective testing of Ruby code and C extensions.

Generate Claude Code skills from the Trail of Bits Testing Handbook for security testing tools and techniques.

Augments Trailmark code graphs with external audit findings for enhanced analysis.

Wycheproof provides test vectors for validating cryptographic implementations against known attacks.

Graph-informed mutation testing triage for identifying test gaps and fuzzing targets.

Generates Mermaid diagrams from Trailmark code graphs for visualizing code architecture.

Compares code graphs across snapshots to identify security-relevant changes.

Generates sequence diagrams for cryptographic protocols from source code or specifications.

Translates Mermaid sequence diagrams of cryptographic protocols into ProVerif models for formal verification.

Generates mutation-driven test vectors for cryptographic algorithms to improve coverage.

Analyzes codebases to provide a quick structural overview with language detection and entry point count.

Conducts comprehensive structural analysis for codebases using Trailmark.

Builds and queries multi-language source code graphs for security analysis.

Identify and analyze similar vulnerabilities across codebases using pattern-based techniques.

Audits C/C++/Rust code for missing zeroization of sensitive data, ensuring secure handling of secrets.

A marketplace of skills from Trail of Bits enhancing AI-assisted security analysis and development workflows.