Does it only work with Trail of Bits reports?

While it is optimized for the Trail of Bits (TOB-XXX) format, it can also parse other report structures including numbered findings and severity-based sections.

Why use this instead of standard code review?

This skill provides a structured, automated framework for cross-referencing audit findings with specific code changes, ensuring no vulnerabilities are missed due to reviewer fatigue or oversight.

Can it detect new bugs introduced by a security fix?

Yes, the skill includes specialized logic to scan commits for security anti-patterns, such as weakened access controls, removed validations, or improper error handling.

What report formats does Fix Review support?

Fix Review can parse local files including PDF, Markdown, JSON, and HTML, as well as web-based content and Google Drive links via the WebFetch tool and CLI integrations.

How does the skill assign finding statuses?

It assigns statuses like FIXED, PARTIALLY_FIXED, or NOT_ADDRESSED based on code evidence found in diffs, matching changes to the root cause described in the audit report.

Security Fix Review

Name: Security Fix Review
Author: trailofbits

bytrailofbits

•

937

보안 및 테스팅

Verifies that git commits correctly address security audit findings without introducing new bugs or regressions.

소개

The Fix Review skill automates the validation of security remediations by performing differential analysis between pre-fix and post-fix commit ranges. It cross-references code changes against security audit reports—supporting formats like PDF, Markdown, and web URLs—to ensure every vulnerability is thoroughly addressed. By detecting security anti-patterns and verifying the logic behind a fix rather than just relying on commit messages or passing tests, it provides a rigorous secondary check during the post-audit phase to prevent regressions.

주요 기능

Cross-references commits with specific security findings (TOB-XXX pattern)
Generates detailed verification reports with evidence-based status mapping
937 GitHub stars
Parses audit reports from PDF, Markdown, JSON, HTML, and web URLs
Detects security anti-patterns like access control weakening or validation removal
Performs differential analysis to identify potential bug introduction patterns

사용 사례

Analyzing commit ranges for regressions before merging security patches
Verifying that specific vulnerability IDs are fully resolved in a fix branch
Validating remediation commits after a professional security audit

소개

주요 기능

Cross-references commits with specific security findings (TOB-XXX pattern)
Generates detailed verification reports with evidence-based status mapping
937 GitHub stars
Parses audit reports from PDF, Markdown, JSON, HTML, and web URLs
Detects security anti-patterns like access control weakening or validation removal
Performs differential analysis to identify potential bug introduction patterns

사용 사례

Analyzing commit ranges for regressions before merging security patches
Verifying that specific vulnerability IDs are fully resolved in a fix branch
Validating remediation commits after a professional security audit