Security & Testing Agent Skills

Entry Point Analyzer

Identifies and categorizes all state-changing entry points in smart contract codebases to streamline security audits and map attack surfaces.

Audit Prep Assistant

Prepares codebases for professional security reviews by automating static analysis, test coverage checks, and architectural documentation based on industry-standard checklists.

Wycheproof Crypto Testing

Validates cryptographic implementations using a comprehensive suite of test vectors to prevent known vulnerabilities and edge cases.

SMTP Penetration Testing

Conducts comprehensive security audits of SMTP servers to identify vulnerabilities like open relays, user enumeration flaws, and weak authentication.

Guidelines Advisor

Analyzes smart contract codebases to provide comprehensive security and architectural guidance based on Trail of Bits' development standards.

Security Fix Reviewer

Verifies that security audit remediations are correctly implemented in git commits without introducing new vulnerabilities.

Constant-Time Crypto Testing

Detects and remediates timing side-channel vulnerabilities in cryptographic implementations to prevent secret data leakage.

Substrate Vulnerability Scanner

Scans Substrate and Polkadot pallets to identify critical security vulnerabilities like arithmetic overflows and panic-driven denial-of-service attacks.

Sharp Edges Security Auditor

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

Testing Handbook Skill Generator

Automates the creation of specialized security testing skills for Claude Code by analyzing the Trail of Bits Testing Handbook.

Constant-Time Analysis

Analyzes cryptographic code to identify and mitigate timing side-channel vulnerabilities across multiple programming languages.

SMTP Penetration Testing

Performs comprehensive security assessments and penetration testing on SMTP mail servers to identify vulnerabilities and misconfigurations.

Ruzzy Ruby Fuzzer

Performs coverage-guided fuzz testing on Ruby applications and C extensions to detect memory corruption and security vulnerabilities.

Cairo Vulnerability Scanner

Scans Cairo and StarkNet smart contracts for 6 critical security vulnerabilities including arithmetic overflows and L1-L2 messaging issues.

Claude Skill Reviewer

Audits and improves Claude Code Skills by providing quality reports, best practice analysis, and automated fixes.

LibFuzzer C/C++ Fuzzing Guide

Implements coverage-guided fuzz testing for C and C++ projects using the LLVM libFuzzer toolchain to identify security vulnerabilities.

Variant Analysis

Identifies similar vulnerabilities and security flaws across codebases using systematic, pattern-based analysis.

Burp Suite Project Parser

Extracts and analyzes security audit findings, proxy history, and HTTP traffic from Burp Suite project files via the command line.

Semgrep Security Analysis

Performs fast static analysis to detect security vulnerabilities, enforce code standards, and automate bug hunting.

Semgrep Static Analysis

Performs fast, pattern-based security scanning and static analysis to identify vulnerabilities and enforce coding standards.

Semgrep Rule Variant Creator

Ports existing Semgrep security rules to new programming languages with automated applicability analysis and test-driven validation.

Fuzzing Dictionary Guide

Enhances software fuzzing effectiveness by providing domain-specific tokens and keywords to reach deeper code paths and edge cases.

TON Vulnerability Scanner

Scans TON blockchain smart contracts for platform-specific security vulnerabilities including logic errors and token handling flaws.

Spec-to-Code Compliance Checker

Audits blockchain codebases against technical specifications and whitepapers to identify implementation gaps and logic divergences.

AFL++ Fuzzing Guide

Provides comprehensive guidance and implementation patterns for high-performance multi-core fuzzing of C/C++ projects using AFL++.

Semgrep Rule Creator

Generates production-quality Semgrep rules for security vulnerability detection and code pattern matching using a test-driven workflow.

PTS Hub Smoke Testing

Automates desktop smoke QA for PTS dashboards and hubs using Playwright to ensure UI integrity and functional consistency.

Coverage Analysis for Fuzzing

Measures and analyzes code execution paths during fuzzing to identify bottlenecks and improve test harness effectiveness.

LibAFL Fuzzing Framework

Builds highly customizable and high-performance fuzzers using a modular Rust-based library for advanced security testing.

Cargo Fuzz for Rust

Implements automated fuzz testing for Rust projects using the libFuzzer backend and Cargo integration.