80,000+ Skills to Supercharge Claude
The open directory for GitHub-integrated capabilities, tools, and prompts for your AI workflows.
cargo-fuzz
by trailofbits
cargo-fuzz is the de facto fuzzing tool for Rust projects using Cargo. Use for fuzzing Rust code with libFuzzer backend.
address-sanitizer
by trailofbits
AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-afte...
ton-vulnerability-scanner
by trailofbits
Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Je...
property-based-testing
by trailofbits
Provides guidance for property-based testing across multiple languages and smart contracts. Use when writing tests, revi...
solana-vulnerability-scan...
by trailofbits
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ow...
ruzzy
by trailofbits
Ruzzy is a coverage-guided Ruby fuzzer by Trail of Bits. Use for fuzzing pure Ruby code and Ruby C extensions.
libfuzzer
by trailofbits
Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.
burpsuite-project-parser
by trailofbits
Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bod...
harness-writing
by trailofbits
Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving exi...
ask-questions-if-underspe...
by trailofbits
Clarify requirements before implementing. Use when serious doubts araise.
atheris
by trailofbits
Atheris is a coverage-guided Python fuzzer based on libFuzzer. Use for fuzzing pure Python code and Python C extensions.
burp-suite
by trailofbits
Burp Suite Professional is an HTTP interception proxy with numerous security testing features. Use when testing web appl...
guidelines-advisor
by trailofbits
Comprehensive smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate d...
fuzzing-obstacles
by trailofbits
Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fu...
codeql
by trailofbits
CodeQL is a static analysis framework that queries code as a database. Use when you need interprocedural analysis or com...
code-maturity-assessor
by trailofbits
Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety,...
aflpp
by trailofbits
AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projec...
semgrep
by trailofbits
Run Semgrep static analysis for fast security scanning and pattern matching. Use when asked to scan code with Semgrep, w...
spec-to-code-compliance
by trailofbits
Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whi...
differential-review
by trailofbits
Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase s...
audit-context-building
by trailofbits
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug findi...
constant-time-analysis
by trailofbits
Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encou...
coverage-analysis
by trailofbits
Coverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuzzin...
fix-review
by trailofbits
Verifies that git commits address security audit findings without introducing bugs. This skill should be used when the u...