Differential Review
技能 活跃Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git history for context, calculates blast radius, checks test coverage, and generates comprehensive markdown reports. Automatically detects and prevents security regressions.
To provide a rigorous, security-centric differential code review process that identifies vulnerabilities, assesses risk, and generates actionable reports, ensuring the integrity of code changes.
功能
- Security-focused differential code review
- Adaptive analysis depth by codebase size
- Git history analysis for context
- Blast radius calculation
- Test coverage analysis
- Automated security regression detection
- Comprehensive markdown report generation
使用场景
- Reviewing PRs for security vulnerabilities before merging
- Auditing commits for potential security regressions
- Analyzing code diffs to understand security impact
- Identifying critical changes needing deeper adversarial analysis
非目标
- Performing general code formatting or linting
- Reviewing documentation-only changes
- Providing a quick, superficial summary without deep analysis
- Reviewing greenfield code without a baseline for comparison
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 closed, indicating a low closure rate (approx. 24%) and potentially slow response to open issues.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install differential-review@trailofbits质量评分
类似扩展
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex PR Review
100Revisa pull requests en proyectos Drupal 11 (u otro) siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "revisión Codex", "revisión de PR", "revisar PR", "revisar PR"
Create Pull Request
99Create and manage pull requests using GitHub CLI. Covers branch preparation, writing PR titles and descriptions, creating PRs, handling review feedback, and merge/cleanup workflows. Use when proposing changes from a feature or fix branch for review, merging completed work into the main branch, requesting code review from collaborators, or documenting the purpose and scope of a set of changes.
Git Commit
99Create a git commit with a good message. Use when the user says "commit", "save changes", "commit this", or asks to create a commit after making code changes.