Audit Prep Assistant
Skill Verifiziert AktivPrepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
To streamline and enhance the security review process by ensuring codebases are thoroughly prepared, well-documented, and meet predefined review goals.
Funktionen
- Sets security review goals
- Runs static analysis tools
- Increases test coverage
- Removes dead code
- Generates documentation (flowcharts, user stories, etc.)
- Ensures code accessibility and clarity
Anwendungsfälle
- Preparing a codebase 1-2 weeks before a scheduled security audit.
- Improving the clarity and effectiveness of security reviews through better preparation.
- Automating the generation of documentation essential for security audits.
Nicht-Ziele
- Performing the actual security audit.
- Fixing all identified static analysis issues (only triage and help fix easy ones).
- Providing a full replacement for a human security auditor.
Trust
- info:Issues Attention13 issues opened, 4 closed in the last 90 days, indicating a closure rate below 50% and a moderate number of open issues.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install building-secure-contracts@trailofbitsQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex PR Review
100Überprüft Pull Requests in Drupal 11 (oder anderen) Projekten gemäß der Codex-Methodik (Geschäftslogik, Edge Cases von Hooks/Queries, Sicherheit, Performance, Vollständigkeit). Generiert einen .md-Bericht im erkannten IDE-Ordner (.antigravity/, .cursor/, .vscode/ oder docs/) mit Befunden nach Schweregrad und umsetzbaren Lösungen. Verwenden Sie dies, wenn der Benutzer "Codex-Überprüfung", "PR-Überprüfung", "PR überprüfen", "PR überprüfen" anfordert.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Toprank Weekly Review
100Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.