搜索结果
全部能力
找到 476 个相关结果 / 集成自动化
安全与治理 / 审核评估
安全与加固
security-and-hardening
强化代码以防范漏洞。适用于处理用户输入、身份验证、数据存储或外部集成。适用于构建任何……的功能。
安全与治理 / 审核评估
terraform-engineer
terraform-engineer
Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development (create reusable modules, manage module…
安全与治理 / 审核评估
entry-point-analyzer
entry-point-analyzer
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state,…
安全与治理 / 审核评估
semgrep-rule-creator
semgrep-rule-creator
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static…
安全与治理 / 审核评估
audit-prep-assistant
audit-prep-assistant
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes…
安全与治理 / 审核评估
fuzzing-obstacles
fuzzing-obstacles
Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.
安全与治理 / 审核评估
coverage-analysis
coverage-analysis
Coverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuzzing blockers.
安全与治理 / 审核评估
firebase-apk-scanner
firebase-apk-scanner
Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use…
安全与治理 / 审核评估
constant-time-analysis
constant-time-analysis
Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets,…
安全与治理 / 审核评估
fuzzing-dictionary
fuzzing-dictionary
Fuzzing dictionaries guide fuzzers with domain-specific tokens. Use when fuzzing parsers, protocols, or format-specific code.
安全与治理 / 审核评估
semgrep-rule-variant-creator
semgrep-rule-variant-creator
Creates language variants of existing Semgrep rules. Use when porting a Semgrep rule to specified target languages. Takes an existing rule and target languages…
安全与治理 / 审核评估
cosmos-vulnerability-scanner
cosmos-vulnerability-scanner
Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence. 25 core + 16 IBC…
安全与治理 / 审核评估
substrate-vulnerability-scanner
substrate-vulnerability-scanner
Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when…
安全与治理 / 审核评估
interpreting-culture-index
interpreting-culture-index
Interprets Culture Index (CI) surveys, behavioral profiles, and personality assessment data. Supports individual profile interpretation, team composition…
安全与治理 / 审核评估
dwarf-expert
dwarf-expert
Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information,…
安全与治理 / 审核评估
constant-time-testing
constant-time-testing
Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.
安全与治理 / 审核评估
libfuzzer
libfuzzer
Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.
安全与治理 / 审核评估
secure-code-guardian
secure-code-guardian
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations…
安全与治理 / 审核评估
linear
linear
Manage issues, projects & team workflows in Linear. Use when the user wants to read, create or updates tickets in Linear.
安全与治理 / 审核评估
libafl
libafl
LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targets.