Fp Check
Skill Verified ActiveSystematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug.
To help security analysts and developers eliminate false positives from suspected security bugs, ensuring accurate assessment of vulnerabilities with documented evidence.
Features
- Systematic verification of security bug claims
- Differentiates true positives from false positives
- Provides documented evidence for each verdict
- Supports both standard and deep verification paths
- Incorporates gate reviews for final verdicts
Use Cases
- When asked to verify a specific suspected security bug
- When needing to determine if a vulnerability is a true positive or false positive
- When requiring documented evidence for security findings
- When needing to validate the exploitability of a claimed vulnerability
Non-Goals
- Finding or hunting for new bugs
- Performing general code review for style or performance
- Feature development or refactoring
- Quick scans without thorough verification
Practical Utility
- info:Usage examplesWhile the skill defines a clear workflow, explicit end-to-end usage examples demonstrating input, invocation, and output for a specific bug verification are not readily apparent in the SKILL.md.
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install fp-check@trailofbitsQuality Score
VerifiedTrust Signals
Similar Extensions
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
CodeQL Static Analysis
99Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
Semgrep
75Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.
Janitor Usage
100Show which skills you use and which you never use
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.