Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Code Maturity Assessor

Skill Aktiv
Teil von:Building Secure Contracts

Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.

Zweck

To provide a systematic and evidence-based assessment of software codebase maturity, identifying strengths and weaknesses across critical security and development categories to guide improvement efforts.

Funktionen

  • Systematic code maturity assessment
  • Utilizes Trail of Bits' 9-category framework
  • Analyzes arithmetic safety, auditing, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing
  • Produces a professional scorecard with ratings and recommendations
  • Provides detailed analysis with evidence and an improvement roadmap

Anwendungsfälle

  • Assessing the security and quality of smart contracts before deployment
  • Evaluating existing codebases for areas of technical debt and security risks
  • Gaining a comprehensive understanding of a project's development practices and maturity
  • Prioritizing code improvement efforts with actionable recommendations

Nicht-Ziele

  • Performing real-time vulnerability scanning or exploitation
  • Acting as a replacement for comprehensive security audits by human experts
  • Providing automated code fixes directly, only recommendations
  • Assessing project management or business aspects outside of code quality

Workflow

  1. Explore codebase to understand project structure, contracts, tests, and documentation.
  2. Analyze each of the 9 categories by searching code, reading key files, and presenting findings.
  3. Ask clarifying questions about processes not visible in the code.
  4. Determine ratings based on defined criteria and interactive discussion.
  5. Generate a report including an executive summary, scorecard, detailed analysis, and improvement roadmap.

Praktiken

  • Code Quality Assessment
  • Security Auditing
  • Developer Workflow Improvement

Trust

  • warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate of approximately 31% and potentially slow maintainer response.

Practical Utility

  • info:Usage examplesWhile the SKILL.md describes the process and output format, concrete, copy-pasteable end-to-end examples with claimed outputs are missing.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install building-secure-contracts@trailofbits

Qualitätspunktzahl

75 /100
Analysiert about 16 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Soul Guardian

100

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

Skill
prompt-security

Audit Dependency Versions

100

Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.

Skill
pjt222

Janitor Tokens

100

Zeigt an, wie viele Token im Kontextfenster jede Fähigkeit verbraucht. Verwenden Sie dies, wenn der Benutzer nach Token-Kosten, Budget, Kapazität oder nach Fähigkeiten fragt, die am meisten Kontextspeicherplatz verschwenden.

Skill
khendzel

Codex Diff Develop

100

Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.

Skill
j4rk0r

Investigate Capa Root Cause

100

Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.

Skill
pjt222

Toprank Weekly Review

100

Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.

Skill
nowork-studio