trailofbits

Configures mewt or muton mutation testing campaigns — scopes targets, tunes timeouts, and optimizes long-running runs. Use when the user mentions mewt, muton, mutation testing, or wants to configure or optimize a mutation testing campaign.

Builds multi-language source code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, and entry point enumeration. Generates Mermaid diagrams (call graphs, class hierarchies, dependency maps, heatmaps). Compares code graph snapshots for structural diff and evolution analysis. Runs graph-informed mutation testing triage (genotoxic). Generates mutation-driven test vectors (vector-forge). Extracts crypto protocol message flows and converts Mermaid diagrams to ProVerif models. Projects SARIF and weAudit findings onto code graphs. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, or augmenting audits with static analysis findings.

Clarify ambiguous requirements by asking questions before implementing. Only when invoked explicitly.

Build deep architectural context through ultra-granular code analysis before vulnerability hunting

Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework. Includes vulnerability scanners for 6 blockchains and 5 development guideline assistants.

Search and extract data from Burp Suite project files (.burp) for security analysis

Diagnose and fix Claude in Chrome MCP extension connectivity issues

Detect compiler-induced timing side-channels in cryptographic code

Interprets Culture Index survey results for individuals and teams

Debug Buttercup Kubernetes deployments

Create pre-configured devcontainers with Claude Code and language-specific tooling

Security-focused differential review of code changes with git history analysis and blast radius estimation

Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.

Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI.

Interact with and understand the DWARF debugging format

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level, and generates structured audit reports.

Property-based testing guidance for multiple languages and smart contracts

Create custom Semgrep rules for detecting bug patterns and security vulnerabilities

Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation

Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes

Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection

Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis

Skills from the Trail of Bits Application Security Testing Handbook (appsec.guide)

Find similar vulnerabilities and bugs across codebases using pattern-based analysis

Modern Python best practices. Use when creating new Python projects, and writing Python scripts, or migrating existing projects from legacy tools.

Detects insecure default configurations including hardcoded credentials, fallback secrets, weak authentication defaults, and dangerous values in production

Runs code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits. Bundles Codex's built-in MCP server for direct tool access.

YARA-X detection rule authoring with linting and quality analysis

Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work.

Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills

Generate minimal macOS Seatbelt sandbox configurations for applications

Audit supply-chain threat landscape of project dependencies for exploitation or takeover risk

Detects missing or compiler-optimized zeroization of sensitive data with assembly and control-flow analysis

Draws Tarot cards using cryptographic randomness to add entropy to vague or underspecified planning. Interprets the spread to guide next steps. Use when feeling lucky, invoking heart-of-the-cards energy, or when prompts are ambiguous.

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference)

Automatically reviews and fixes Claude Code skills through iterative refinement until they meet quality standards. Requires plugin-dev plugin.

Systematic false positive verification for security bug analysis with mandatory gate reviews

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.