Security & Testing Claude 스킬

Wycheproof Crypto Testing

Validates cryptographic implementations against known attack vectors and edge cases using Project Wycheproof test vectors.

Burp Suite Security Testing

Performs professional web application security auditing and HTTP traffic manipulation using Burp Suite's core testing tools.

Security Variant Analysis

Identifies similar vulnerabilities and bugs across codebases using systematic pattern-based analysis and advanced security tool integration.

Deep Audit Context Builder

Facilitates ultra-granular, line-by-line code analysis to build comprehensive architectural context for security audits.

Entry Point Analyzer

Identifies and categorizes state-changing entry points in smart contract codebases to streamline security audits and map attack surfaces.

OSS-Fuzz Integration

Integrates OSS-Fuzz continuous fuzzing infrastructure into open-source projects for automated vulnerability detection and security auditing.

LibAFL Security Fuzzing

Builds and configures custom, modular fuzzers for advanced security research and vulnerability detection.

Fuzzing Obstacle Bypass

Patches System Under Test (SUT) code to bypass checksums, non-determinism, and validation barriers during fuzzing.

Constant-Time Security Testing

Detects and analyzes timing side-channel vulnerabilities in cryptographic code to prevent secret data leakage.

Testing Handbook Generator

Generates specialized Claude Code skills for security testing tools and techniques by analyzing the Trail of Bits Testing Handbook.

Constant-Time Analysis

Detects timing side-channel vulnerabilities in cryptographic code to prevent sensitive data leakage through execution timing.

Cargo Fuzz for Rust Security

Facilitates automated fuzz testing and vulnerability detection for Rust projects using the libFuzzer backend and Cargo.

Cosmos Vulnerability Scanner

Scans Cosmos SDK modules and CosmWasm contracts to identify security vulnerabilities and consensus-critical issues.

DWARF Debug Format Expert

Provides deep technical expertise for analyzing, parsing, and verifying DWARF debug information in compiled binaries.

Fuzzing Dictionary Generator

Guides fuzzing engines toward deep code paths by providing domain-specific tokens and protocol-specific keywords.

Fuzzing Harness Writing

Provides expert guidance and implementation patterns for creating effective fuzzing harnesses across multiple programming languages.

Atheris Python Fuzzer

Perform coverage-guided fuzz testing for pure Python code and C extensions to detect security vulnerabilities and memory corruption.

Code Maturity Assessor

Evaluates codebase security and architectural maturity using the Trail of Bits 9-category framework to generate evidence-based scorecards and improvement roadmaps.

AFL++ Security Fuzzer

Automates high-performance multi-core fuzzing for C/C++ projects to detect security vulnerabilities and memory corruption issues.

CodeQL Security Analysis

Performs deep static analysis and interprocedural taint tracking to detect complex security vulnerabilities across multi-function code paths.

Property-Based Testing

Implements advanced property-based testing patterns to identify edge cases and security vulnerabilities in code and smart contracts.

Semgrep Static Analysis

Performs high-speed static analysis to identify security vulnerabilities and enforce coding standards across your codebase.

Burp Suite Project Parser

Searches and extracts security data from Burp Suite project files using regex patterns and command-line tools.

Semgrep Rule Creator

Generates and optimizes production-quality Semgrep rules for advanced vulnerability detection and security auditing.

Semgrep Security & Static Analysis

Performs rapid security scanning and pattern-based vulnerability detection using Semgrep and Trail of Bits security rules.

libFuzzer C/C++ Security Testing

Implements coverage-guided fuzzing for C/C++ projects using the LLVM-integrated libFuzzer toolchain.

Differential Security Review

Performs high-integrity security audits of pull requests and code changes by analyzing risk, blast radius, and historical context.

Sharp Edges Security Analysis

Identifies security footguns and error-prone API designs to ensure software is secure by default.

Security Fix Review

Verifies that git commits correctly address security audit findings without introducing new bugs or regressions.

SARIF Analysis & Parsing

Parse and process Static Analysis Results Interchange Format (SARIF) files to automate security audits and vulnerability management.