Security & Testing Agent Skills

Radar Site Auditor

Automates website testing, bug resolution, and professional reporting using Playwright for both clients and developers.

Auto Review & Fix Loop

Automates the end-to-end code review process by identifying issues, triaging findings, and autonomously applying fixes until the code stabilizes.

PlayRalph Diagnostic Loop

Automates website diagnostics and bug-fixing loops using Playwright and server-side log analysis.

Security Posture & API Safety

Enforces 16 critical security invariants across API boundaries, authentication flows, and data handling to ensure production-grade security.

TDD Enforcement

Enforces the Red-Green-Refactor methodology to ensure all production code is verified by failing tests before implementation.

Systematic Debugging

Enforces a disciplined 4-phase methodology for root cause analysis and regression testing to eliminate bugs permanently.

Pre-Commit Quality Gate

Enforces institutional quality standards and automated validation checks before code is committed or pushed.

Review Skill Backtester

Evaluates the effectiveness of AI code review skills by replaying historical bugs and measuring detection accuracy.

Plan Audit & Risk Guard

Performs a rigorous 44-gate audit of implementation plans to catch architectural flaws, security gaps, and mathematical errors before code is written.

Chrome QA & Testing Suite

Automates web application QA, bug discovery, and performance monitoring within the Google Chrome browser.

Guidelines Advisor

Analyzes smart contract codebases to provide comprehensive security and architectural guidance based on Trail of Bits' development standards.

Sharp Edges Security Auditor

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

AFL++ Fuzzing Guide

Provides comprehensive guidance and implementation patterns for high-performance multi-core fuzzing of C/C++ projects using AFL++.

SARIF Parsing & Analysis

Parses and processes Static Analysis Results Interchange Format (SARIF) files to aggregate findings, deduplicate alerts, and integrate security data into development workflows.

Ruzzy Ruby Fuzzer

Performs coverage-guided fuzz testing on Ruby applications and C extensions to detect memory corruption and security vulnerabilities.

Variant Analysis

Identifies similar vulnerabilities and security flaws across codebases using systematic, pattern-based analysis.

Semgrep Static Analysis

Performs fast, pattern-based security scanning and static analysis to identify vulnerabilities and enforce coding standards.

TON Vulnerability Scanner

Scans TON blockchain smart contracts for platform-specific security vulnerabilities including logic errors and token handling flaws.

Burp Suite Project Parser

Extracts and analyzes security audit findings, proxy history, and HTTP traffic from Burp Suite project files via the command line.

Constant-Time Crypto Testing

Detects and remediates timing side-channel vulnerabilities in cryptographic implementations to prevent secret data leakage.

Cosmos Vulnerability Scanner

Identifies consensus-critical vulnerabilities and security flaws in Cosmos SDK modules and CosmWasm smart contracts to prevent chain halts and fund loss.

Differential Security Review

Performs deep, security-focused differential analysis on code changes to identify risks, calculate blast radius, and prevent vulnerabilities.

Fuzzing Obstacle Bypass

Bypasses anti-fuzzing patterns like checksums and non-deterministic logic using conditional compilation to improve code coverage during security testing.

LibAFL Fuzzing Framework

Builds highly customizable and high-performance fuzzers using a modular Rust-based library for advanced security testing.

Subagent Quality Reviewer

Analyzes and optimizes Claude Code subagents based on industry best practices to ensure high-quality, reliable AI workflows.

DWARF Debug Expert

Analyzes DWARF debug files and provides expert guidance on DWARF standards (v3-v5) for binary analysis and tool development.

Atheris Python Fuzzer

Performs coverage-guided fuzz testing for pure Python code and C extensions to detect memory corruption and complex logic errors.

Claude Skill Reviewer

Audits and improves Claude Code Skills by providing quality reports, best practice analysis, and automated fixes.

Audit Context Builder

Facilitates ultra-granular, line-by-line architectural analysis to build comprehensive system context for security audits.

Wycheproof Crypto Testing

Validates cryptographic implementations using a comprehensive suite of test vectors to prevent known vulnerabilities and edge cases.