Trail of Bits

Scans custom x/ modules, IBC integrations, and CosmWasm contracts against 54 known vulnerability patterns that cause halts, fund loss, or state divergence.

Walks through Trail of Bits' 5-step secure dev workflow: runs Slither scans, checks token/ERC compliance, diagrams threat vectors, and flags manual review gaps in one pass.

Scans FRAME pallet code for 7 known vulnerability patterns—overflow, panic DoS, weight miscalculation, origin checks—and flags line numbers and severity.

Reads Culture Index profiles and surfaces the behavioral signals that matter: team dynamics (who accelerates vs. stabilizes), burnout risk, and hiring fit. Works with individual or bulk data.

Explains DWARF format (v3–v5), translates raw debug sections into readable info, and helps you parse or troubleshoot DWARF-related code without memorizing the standard.

Walks through the most common causes of "Browser extension is not connected" or silent failures — permission gaps, outdated extension, conflicting tabs — with step-by-step fixes for each.

Runs libFuzzer against your Rust crate to generate random inputs and catch panics, segfaults, and logic errors that manual tests miss.

Analyzes your codebase for injection flaws, auth bypasses, and data-flow mistakes using interprocedural taint tracking. Reports ranked by severity with code snippets.

Analyzes code structure to identify privilege boundaries, taint flows, and attack surface. Highlights which functions pose the highest risk and how an exploit could spread.

Reviews a token's code against the Trail of Bits checklist: checks ERC conformity, detects 20+ known attack patterns, flags owner privileges, and verifies on-chain scarcity claims.

Maps out the phases, decision branches, and handoff points for a complex skill — think: intake → triage → assign → execute → report. Prevents scope creep and orphaned edge cases.

Analyzes your parser code or protocol spec and generates a domain-specific fuzzing dictionary with edge-case tokens and malformed inputs tailored to your format.

Ingests SARIF output from CodeQL, Semgrep, or any static analyzer; deduplicates false positives, groups by severity and type, and surfaces the real vulnerabilities worth fixing first.

Walks through harness design patterns and language-specific tooling to catch edge cases your test suite misses. Generates working starter code.

Compares your code before and after a commit or pull request to flag new attack paths, privilege boundary changes, and data-flow shifts that increase blast radius or exposure.

Runs coverage-guided fuzzing on your Clang-compiled C/C++ project to find edge cases and crashes. Generates minimal test cases that trigger bugs.

Runs automated fuzzing on Ruby methods and C extensions to uncover edge cases and crashes you'd miss in manual testing, with detailed crash reports.

Reads the Trail of Bits Testing Handbook and auto-generates Claude Code skills for specific appsec tools and techniques, complete with examples and safeguards.

Routes GitHub API calls through the authenticated gh CLI instead of raw HTTP, so you can read PRs, issues, and repo data without managing secrets in prompts.

Pauses a project to surface hidden ambiguities—scope creep, conflicting success metrics, missing edge cases—and asks targeted questions to nail down the real requirement.

Runs a pre-audit checklist against your repo: static analysis, test-coverage gaps, dead code, accessibility issues, and missing docs. Flags what a third-party reviewer will find first.

Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git history for context, calculates blast radius, checks test coverage, and generates comprehensive markdown reports. Automatically detects and preve…

Generates a devcontainer config for your language stack with Claude Code support, all dependencies pre-installed, and persistent file storage — no local setup needed.

Audits your local git branches and worktrees, identifies which ones are merged, superseded, or abandoned, and suggests safe deletion targets with a safety check.

When you're stuck between options or don't know where to start, draws a 12-card tarot spread and interprets it to surface a concrete next move.

Takes a Semgrep rule written for one language and generates equivalent rules for Java, Python, Go, or JavaScript with matching test cases for each.

Runs a skill through automated review cycles, flags quality issues, and suggests rewrites for descriptions, triggers, and logic—then applies fixes until the skill meets standards.

Analyzes your dependencies for unmaintained packages, single maintainers, and known vulnerabilities. Flags the ones most likely to be exploited and ranks them by blast radius.

Generates a minimal Seatbelt sandbox config that restricts app permissions to only what it needs—file access, network, system calls—with an allowlist approach.

Scans C/C++/Rust code for secrets, keys, or passwords that aren't zeroed after use, including cases where compiler optimizations accidentally skip the wipe.

Runs mutation testing on a cryptographic implementation, identifies which mutations escape your current test suite, then generates new test vectors that kill those mutants.

Reads protocol specs, code, or academic papers and outputs an annotated sequence diagram showing each message, cipher operation, and verification step in order.

Scaffolds a new Python project or migrates an existing one to uv, ruff, and type checking. Handles pyproject.toml, linting rules, and dependency locks in one pass.

Parses a .burp project file to surface vulnerabilities, insecure headers, and suspicious patterns in captured HTTP traffic—no Burp GUI needed.

Helps engineers write property-based tests that check invariants across random inputs instead of hard-coded cases. Works for serialization, parsing, validation, and smart contracts.

Scaffolds a LibAFL-based fuzzer with custom mutators and feedback loops tuned to your specific target—not a generic off-the-shelf tool.

Scans your repo with line-by-line precision to extract data flow, dependency patterns, and control logic—then uses that map to find bugs or security gaps Claude might miss cold.

Scans code for numeric operations on untagged values and adds comments that track units, decimals, and scaling. Catches DeFi math errors and off-by-one-billion bugs.

Scans TEAL or PyTeal code for 11 known vulnerability classes—rekeying attacks, unchecked fees, missing validations, access control flaws—and flags each with remediation guidance.

Scans StarkNet Cairo code for 6 critical vulnerabilities: felt252 arithmetic overflow, L1-L2 messaging, address conversion, signature replay, and related gotchas specific to the Cairo language.

Reviews cryptographic implementations across languages and flags operations that take variable time based on secret values—division, branches, table lookups—with concrete fixes.

Connects to your cluster, inspects pod logs and metrics, checks Redis and disk pressure, and identifies the root cause of crashes or restart loops in the crs namespace.

Takes a suspected vulnerability and methodically tests it against the code, documenting each check. Returns TRUE POSITIVE or FALSE POSITIVE with evidence.

Scans native C/C++ for memory corruption, integer overflows, race conditions, and platform-specific exploits. Flags high-risk patterns with the exact line and a remediation path.

Describe a security flaw or code pattern in plain English, and get a working Semgrep rule with the YAML structure, regex, and test cases already baked in.

Reviews an API, config schema, or library interface for footguns—calls that are easy to get wrong, defaults that leak risk, or patterns that punish the secure choice.

Compares your implementation line-by-line against the spec document and flags every gap—missing edge cases, divergent logic, uncovered requirements. Built for blockchain and protocol audits.

Runs Semgrep across your repo in parallel, highlighting security vulnerabilities and common bugs. Choose "important only" to skip low-confidence findings and focus on real risk.

Runs automated fuzzing on your Python functions to surface crashes and assertion failures the test suite misses, prioritizing high-coverage paths first.

Analyzes cryptographic implementations to detect whether execution time reveals secrets—common in password checks, signature verification, and key comparison routines.