跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

Variant Analysis

插件 活跃
属于:Trailofbits

Find similar vulnerabilities and bugs across codebases using pattern-based analysis

1 个 Skill 0 个 MCP
目的

To systematically find and analyze similar vulnerabilities and bugs across codebases after an initial issue has been identified.

功能

  • Pattern-based analysis for vulnerability variants
  • Structured five-step methodology
  • Tool selection guidance (Semgrep, CodeQL, ripgrep)
  • Ready-to-use templates for multiple languages
  • Detailed documentation on pitfalls and principles

使用场景

  • Hunting for bug variants after finding an initial vulnerability
  • Building CodeQL or Semgrep queries from a known bug pattern
  • Performing systematic code audits across large codebases
  • Analyzing security vulnerabilities and finding similar instances

非目标

  • Initial vulnerability discovery
  • General code review without a known pattern
  • Writing fix recommendations
  • Understanding unfamiliar code without a prior pattern

Trust

  • warning:Issues Attention13 issues opened in the last 90 days, with 4 closed. The closure rate is approximately 23.5%, indicating slow response times for open issues.

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills
/plugin install variant-analysis@trailofbits

包含 1 个扩展

Skill (1)

Variant Analysis 技能

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

75

质量评分

79 /100
about 11 hours ago 分析

信任信号

最近提交3 days ago
GitHub 所有者 trailofbits (opens in new tab)
星标5.2k
许可证CC-BY-SA-4.0
状态
查看源代码

类似扩展

Static Analysis

93

Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection

插件
trailofbits

C4 Architecture

99

Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation

插件
wshobson

Dimensional Analysis

99

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

插件
trailofbits

Ruflo Knowledge Graph

99

Knowledge graph construction — entity extraction, relation mapping, and pathfinder graph traversal

插件
ruvnet

Vulnetix

98

Vulnerability intelligence and remediation skills for Claude Code — 7 skills for exploit analysis, fix proposals, scoring, exploits, and package security via the Vulnetix VDB API

插件
davepoon

Semgrep Rule Variant Creator

94

Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation

插件
trailofbits