Skip to main content

Trail of Bits

Organisation Active

Security research and consulting firm specializing in software assurance and blockchain security.

Website GitHub

Skills (29)

Guidelines Advisor

Skill Blockchain & Web3
Low

Smart contract development advisor based on Trail of Bits best practices — analyzes architecture, upgradeability, dependencies, and testing.

Smart Contracts
MIT 1 permission

Semgrep Scanner

Skill Security Research
Medium

Runs Semgrep static analysis with parallel subagents — full ruleset and high-confidence security scan modes with Semgrep Pro cross-file taint analysis.

Semgrep Subagent
MIT 3 permissions

CodeQL

Skill Security Research
Medium

Scans codebases for security vulnerabilities using CodeQL interprocedural data flow and taint tracking — supports full and important-only scan modes.

MIT 2 permissions

Atheris Python Fuzzer

Skill Security Research
Medium

Coverage-guided Python fuzzer based on libFuzzer — fuzzing pure Python code and Python C extensions.

Fuzzing Python
MIT 1 permission

Cargo Fuzz

Skill Security Research
Medium

De facto fuzzing tool for Rust projects using Cargo with libFuzzer backend.

Fuzzing Rust
MIT 1 permission

AFL++

Skill Security Research
Medium

AFL++ fuzzer with advanced features — multi-core fuzzing of C/C++ projects with better performance than original AFL.

Fuzzing
MIT 1 permission

Harness Writing

Skill Security Research
Low

Techniques for writing effective fuzzing harnesses across languages — creating new fuzz targets and improving existing harness code.

Fuzzing
MIT 1 permission

Code Maturity Assessor

Skill Blockchain & Web3
Low

Systematic 9-category code maturity assessment for smart contracts — arithmetic safety, access controls, complexity, MEV risks, and testing.

Smart Contracts
MIT 1 permission

Token Integration Analyzer

Skill Blockchain & Web3
Low

Analyzes token implementations for ERC20/ERC721 conformity, checks 20+ weird token patterns, and evaluates protocol handling of non-standard tokens.

Smart Contracts
MIT 1 permission

Audit Prep Assistant

Skill Blockchain & Web3
Low

Prepares codebases for security review using Trail of Bits checklist — sets review goals, runs static analysis, increases test coverage.

Smart Contracts
MIT 1 permission

DWARF Expert

Skill Security Research
Low

Expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5).

MIT 2 permissions

Burp Suite Project Parser

Skill Security Research
Medium

Searches and explores Burp Suite project files (.burp) from the command line — searches response bodies with regex, extracts audit findings.

Network
MIT 2 permissions

Firebase APK Scanner

Skill Security Research
High

Scans Android APKs for Firebase security misconfigurations — open databases, storage buckets, authentication issues, and exposed cloud functions.

Mobile Network
MIT 2 permissions

Agentic Actions Auditor

Skill Security Research
Medium

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations — detects prompt injection via env var patterns and dangerous sandbox configs.

Git AI
MIT 1 permission

Zeroize Audit

Skill Security Research
Medium

Detects missing zeroization of sensitive data in source code and zeroization removed by compiler optimizations — assembly-level analysis.

Rust
MIT 2 permissions

YARA Rule Authoring

Skill Security Research
Low

Guides authoring of high-quality YARA-X detection rules for malware identification — naming conventions, string selection, performance, and false positive reduction.

MIT 1 permission

Supply Chain Risk Auditor

Skill Security Research
Medium

Identifies dependencies at heightened risk of exploitation or takeover — assesses supply chain attack surface and dependency health.

MIT 2 permissions

Property-Based Testing

Skill Security Research
Low

Guidance for property-based testing across multiple languages and smart contracts — stronger coverage than example-based tests.

MIT 1 permission

Modern Python

Skill Developer Tools
Low

Configures Python projects with modern tooling (uv, ruff, ty) — creating projects, standalone scripts, and migrating from pip/Poetry/mypy/black.

Python
MIT 1 permission

Semgrep Rule Variant Creator

Skill Security Research
Medium

Creates language variants of existing Semgrep rules — ports rules to target languages with independent test directories.

Semgrep
MIT 2 permissions

Semgrep Rule Creator

Skill Security Research
Medium

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns.

Semgrep
MIT 2 permissions

Sharp Edges

Skill Security Research
Low

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes — evaluates "secure by default" principles.

MIT 1 permission

Insecure Defaults

Skill Security Research
Low

Detects fail-open insecure defaults — hardcoded secrets, weak authentication, and permissive security configurations that allow apps to run insecurely in production.

MIT 1 permission

Spec to Code Compliance

Skill Blockchain & Web3
Low

Verifies code implements exactly what documentation specifies for blockchain audits — finds gaps between specs and implementation.

Smart Contracts
MIT 1 permission

Constant Time Analysis

Skill Security Research
Low

Detects timing side-channel vulnerabilities in cryptographic code across C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JS, TS, Python, and Ruby.

MIT 1 permission

Variant Analysis

Skill Security Research
Low

Find similar vulnerabilities across codebases using pattern-based analysis — hunt bug variants, build CodeQL/Semgrep queries, and perform systematic code audits.

Semgrep
MIT 1 permission

Differential Review

Skill Security Research
Low

Security-focused differential review of code changes (PRs, commits, diffs) — calculates blast radius and generates markdown reports.

Git
MIT 1 permission

Audit Context Building

Skill Security Research
Low

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

MIT 1 permission

Entry Point Analyzer

Skill Security Research
Low

Analyzes smart contract codebases to identify state-changing entry points for security auditing — categorizes by access level and generates structured audit reports.

Smart Contracts
MIT 1 permission