trailofbits

Facilitates the creation of custom Semgrep rules to detect security vulnerabilities and code patterns through a structured approach.

Audits GitHub Actions workflows for security vulnerabilities in AI integrations, ensuring CI/CD pipeline safety against prompt injection risks.

Facilitates detailed, line-by-line code analysis for enhanced architectural understanding before identifying vulnerabilities.

Scans TON smart contracts for critical vulnerabilities, ensuring secure deployment and compliance in blockchain applications.

Sets up isolated development environments with language-specific tooling using Claude Code for efficient project development.

Verifies security bugs to eliminate false positives, providing documented evidence for each finding.

Guides property-based testing across languages and smart contracts, enhancing test coverage and code validation.

Generates minimal macOS Seatbelt sandbox configurations for isolating applications, enhancing security through allowlist-based profiles.

Evaluates APIs and configurations for security vulnerabilities, ensuring developers follow secure design principles to prevent misuse.

Verifies blockchain code compliance with documentation, ensuring alignment with specifications and identifying gaps in implementation.

Analyzes codebases for security vulnerabilities using CodeQL's advanced data flow and taint tracking techniques.

Conducts static analysis scans on codebases using Semgrep to identify vulnerabilities and bugs efficiently.

Evaluates project dependencies to identify risks of exploitation or takeover, enhancing supply chain security assessments.

Conducts security-focused differential reviews of code changes, adapting analysis depth and generating comprehensive markdown reports.

Provides expertise in analyzing DWARF debug files and understanding the DWARF standard for effective debugging and code analysis.

Analyzes smart contract codebases to identify state-changing entry points for security auditing and generates structured reports.

Analyzes Android APKs for Firebase security misconfigurations, aiding in mobile app security audits and vulnerability assessments.

Identifies insecure defaults in applications, enhancing security audits and configuration reviews to prevent vulnerabilities in production.

Facilitates the creation of language-specific variants of Semgrep rules, ensuring proper applicability and test-driven validation.

This skill automates dimensional analysis in codebases, ensuring accurate unit annotations and preventing arithmetic errors in financial and scientific computat