Skills for vulnerability research, fuzzing, static analysis, and security auditing
Most starred: Entry Point Analyzer (5,099), Audit Context Building (5,099), Differential Review (5,099)
Analyzes smart contract codebases to identify state-changing entry points for security auditing — categorizes by access level and generates structured audit reports.
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.
Security-focused differential review of code changes (PRs, commits, diffs) — calculates blast radius and generates markdown reports.
Find similar vulnerabilities across codebases using pattern-based analysis — hunt bug variants, build CodeQL/Semgrep queries, and perform systematic code audits.
Detects timing side-channel vulnerabilities in cryptographic code across C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JS, TS, Python, and Ruby.
Detects fail-open insecure defaults — hardcoded secrets, weak authentication, and permissive security configurations that allow apps to run insecurely in production.
Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes — evaluates "secure by default" principles.
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns.
Creates language variants of existing Semgrep rules — ports rules to target languages with independent test directories.
Guidance for property-based testing across multiple languages and smart contracts — stronger coverage than example-based tests.
Identifies dependencies at heightened risk of exploitation or takeover — assesses supply chain attack surface and dependency health.
Guides authoring of high-quality YARA-X detection rules for malware identification — naming conventions, string selection, performance, and false positive reduction.
Detects missing zeroization of sensitive data in source code and zeroization removed by compiler optimizations — assembly-level analysis.
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations — detects prompt injection via env var patterns and dangerous sandbox configs.
Scans Android APKs for Firebase security misconfigurations — open databases, storage buckets, authentication issues, and exposed cloud functions.
Skill for searching and exploring Burp Suite project files (.burp) from the command line, including regex search over response bodies and audit finding extraction.
Expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5).
Techniques for writing effective fuzzing harnesses across languages — creating new fuzz targets and improving existing harness code.
AFL++ fuzzer with advanced features — multi-core fuzzing of C/C++ projects with better performance than original AFL.
De facto fuzzing tool for Rust projects using Cargo with libFuzzer backend.
Coverage-guided Python fuzzer based on libFuzzer — fuzzing pure Python code and Python C extensions.
Scans codebases for security vulnerabilities using CodeQL interprocedural data flow and taint tracking — supports full and important-only scan modes.
Runs Semgrep static analysis with parallel subagents — full ruleset and high-confidence security scan modes with Semgrep Pro cross-file taint analysis.