Fp Check
Skill Verifiziert AktivSystematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug.
To help security analysts and developers eliminate false positives from suspected security bugs, ensuring accurate assessment of vulnerabilities with documented evidence.
Funktionen
- Systematic verification of security bug claims
- Differentiates true positives from false positives
- Provides documented evidence for each verdict
- Supports both standard and deep verification paths
- Incorporates gate reviews for final verdicts
Anwendungsfälle
- When asked to verify a specific suspected security bug
- When needing to determine if a vulnerability is a true positive or false positive
- When requiring documented evidence for security findings
- When needing to validate the exploitability of a claimed vulnerability
Nicht-Ziele
- Finding or hunting for new bugs
- Performing general code review for style or performance
- Feature development or refactoring
- Quick scans without thorough verification
Practical Utility
- info:Usage examplesWhile the skill defines a clear workflow, explicit end-to-end usage examples demonstrating input, invocation, and output for a specific bug verification are not readily apparent in the SKILL.md.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install fp-check@trailofbitsQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
CodeQL Static Analysis
99Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
Semgrep
75Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.
Janitor Usage
100Zeigt, welche Skills Sie verwenden und welche Sie nie verwenden
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.