Security & Testing Claude 스킬

Guidelines Advisor

Analyzes smart contract codebases to provide comprehensive security and architectural guidance based on Trail of Bits' development standards.

Security Fix Reviewer

Verifies that security audit remediations are correctly implemented in git commits without introducing new vulnerabilities.

Constant-Time Crypto Testing

Detects and remediates timing side-channel vulnerabilities in cryptographic implementations to prevent secret data leakage.

Substrate Vulnerability Scanner

Scans Substrate and Polkadot pallets to identify critical security vulnerabilities like arithmetic overflows and panic-driven denial-of-service attacks.

Sharp Edges Security Auditor

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

Testing Handbook Skill Generator

Automates the creation of specialized security testing skills for Claude Code by analyzing the Trail of Bits Testing Handbook.

Constant-Time Analysis

Analyzes cryptographic code to identify and mitigate timing side-channel vulnerabilities across multiple programming languages.

Feature Status Tracker

Automates the detection and counting of failing Gherkin features to orchestrate autonomous coding loops.

Ruzzy Ruby Fuzzer

Performs coverage-guided fuzz testing on Ruby applications and C extensions to detect memory corruption and security vulnerabilities.

Cairo Vulnerability Scanner

Scans Cairo and StarkNet smart contracts for 6 critical security vulnerabilities including arithmetic overflows and L1-L2 messaging issues.

Claude Skill Reviewer

Audits and improves Claude Code Skills by providing quality reports, best practice analysis, and automated fixes.

LibFuzzer C/C++ Fuzzing Guide

Implements coverage-guided fuzz testing for C and C++ projects using the LLVM libFuzzer toolchain to identify security vulnerabilities.

Variant Analysis

Identifies similar vulnerabilities and security flaws across codebases using systematic, pattern-based analysis.

Burp Suite Project Parser

Extracts and analyzes security audit findings, proxy history, and HTTP traffic from Burp Suite project files via the command line.

Semgrep Security Analysis

Performs fast static analysis to detect security vulnerabilities, enforce code standards, and automate bug hunting.

Semgrep Static Analysis

Performs fast, pattern-based security scanning and static analysis to identify vulnerabilities and enforce coding standards.

Semgrep Rule Variant Creator

Ports existing Semgrep security rules to new programming languages with automated applicability analysis and test-driven validation.

Fuzzing Dictionary Guide

Enhances software fuzzing effectiveness by providing domain-specific tokens and keywords to reach deeper code paths and edge cases.

TON Vulnerability Scanner

Scans TON blockchain smart contracts for platform-specific security vulnerabilities including logic errors and token handling flaws.

Spec-to-Code Compliance Checker

Audits blockchain codebases against technical specifications and whitepapers to identify implementation gaps and logic divergences.

AFL++ Fuzzing Guide

Provides comprehensive guidance and implementation patterns for high-performance multi-core fuzzing of C/C++ projects using AFL++.

Semgrep Rule Creator

Generates production-quality Semgrep rules for security vulnerability detection and code pattern matching using a test-driven workflow.

PTS Hub Smoke Testing

Automates desktop smoke QA for PTS dashboards and hubs using Playwright to ensure UI integrity and functional consistency.

Coverage Analysis for Fuzzing

Measures and analyzes code execution paths during fuzzing to identify bottlenecks and improve test harness effectiveness.

LibAFL Fuzzing Framework

Builds highly customizable and high-performance fuzzers using a modular Rust-based library for advanced security testing.

Cargo Fuzz for Rust

Implements automated fuzz testing for Rust projects using the libFuzzer backend and Cargo integration.

Cosmos Vulnerability Scanner

Identifies consensus-critical vulnerabilities and security flaws in Cosmos SDK modules and CosmWasm smart contracts to prevent chain halts and fund loss.

Firebase APK Security Scanner

Audits Android APK files for Firebase security vulnerabilities and misconfigurations including exposed databases and storage buckets.

Subagent Quality Reviewer

Analyzes and optimizes Claude Code subagents based on industry best practices to ensure high-quality, reliable AI workflows.

Differential Security Review

Performs deep, security-focused differential analysis on code changes to identify risks, calculate blast radius, and prevent vulnerabilities.