Overview CLI FAQ

Agent Skills 排行榜 · 关键词 + 语义搜索

/ 聚焦搜索框
正在使用 AI 进行语义搜索...
24,409
总 Skills
88.3M
总安装量
2,574
贡献者
# Skill 仓库 描述 安装量
2401 competitive-ads-extractor composiohq/awesome-claude-skills
Competitive Ads Extractor This skill extracts your competitors' ads from ad libraries and analyzes what's working—the problems they're highlighting, use cases they're targeting, and copy/creative that's resonating. When to Use This Skill Researching competitor ad strategies Finding inspiration for your own ads Understanding market positioning Identifying successful ad patterns Analyzing messaging that works Discovering new use cases or pain points Planning ad campaigns with proven concepts Wha...
 3K
2402 messages-ops affaan-m/everything-claude-code
Messages Ops Use this when the task is live-message retrieval: iMessage, DMs, recent one-time codes, or thread inspection before a follow-up. This is not email work. If the dominant surface is a mailbox, use email-ops . Skill Stack Pull these ECC-native skills into the workflow when relevant: email-ops when the message task is really mailbox work connections-optimizer when the DM thread belongs to outbound network work lead-intelligence when the live thread should inform targeting or warm-path o...
 3K
2403 evm-token-decimals affaan-m/everything-claude-code
EVM Token Decimals Silent decimal mismatches are one of the easiest ways to ship balances or USD values that are off by orders of magnitude without throwing an error. When to Use Reading ERC-20 balances in Python, TypeScript, or Solidity Calculating fiat values from on-chain balances Comparing token amounts across multiple EVM chains Handling bridged assets Building portfolio trackers, bots, or aggregators How It Works Never assume stablecoins use the same decimals everywhere. Query decimals() a...
 3K
2404 constant-time-analysis trailofbits/skills
Constant-Time Analysis Analyze cryptographic code to detect operations that leak secret data through execution timing variations. When to Use User writing crypto code? ──yes──> Use this skill │ no │ v User asking about timing attacks? ──yes──> Use this skill │ no │ v Code handles secret keys/tokens? ──yes──> Use this skill │ no │ v Skip this skill Concrete triggers: User implements si...
 3K
2405 cargo-fuzz trailofbits/skills
cargo-fuzz cargo-fuzz is the de facto choice for fuzzing Rust projects when using Cargo. It uses libFuzzer as the backend and provides a convenient Cargo subcommand that automatically enables relevant compilation flags for your Rust project, including support for sanitizers like AddressSanitizer. When to Use cargo-fuzz is currently the primary and most mature fuzzing solution for Rust projects using Cargo. Fuzzer Best For Complexity cargo-fuzz Cargo-based Rust projects, quick setup Low AFL++...
 3K
2406 md-to-office claude-office-skills/skills
Markdown to Office Skill Overview This skill enables conversion from Markdown to various Office formats using Pandoc - the universal document converter. Convert your Markdown files to professional Word documents, PowerPoint presentations, PDFs, and more while preserving formatting and structure. How to Use Provide the Markdown content or file Specify the target format (docx, pptx, pdf, etc.) Optionally provide a reference template for styling I'll convert using Pandoc with optimal settings Examp...
 3K
2407 address-sanitizer trailofbits/skills
AddressSanitizer (ASan) AddressSanitizer (ASan) is a widely adopted memory error detection tool used extensively during software testing, particularly fuzzing. It helps detect memory corruption bugs that might otherwise go unnoticed, such as buffer overflows, use-after-free errors, and other memory safety violations. Overview ASan is a standard practice in fuzzing due to its effectiveness in identifying memory vulnerabilities. It instruments code at compile time to track memory allocations an...
 3K
2408 pdf converter claude-office-skills/skills
PDF Converter Convert PDF files to various formats and vice versa while preserving formatting. Overview This skill helps you: Convert PDFs to editable formats (Word, Excel) Convert documents to PDF Extract images from PDFs Optimize conversion quality Handle batch conversions Supported Conversions PDF to Other Formats Target Format Best For Quality Word (.docx) Text-heavy documents ⭐⭐⭐⭐ Excel (.xlsx) Tables and data ⭐⭐⭐⭐ PowerPoint (.pptx) Presentations ⭐⭐⭐ Images (.png/.jpg) Visual snapshots ⭐⭐⭐...
 3K
2409 testing-handbook-generator trailofbits/skills
Testing Handbook Skill Generator Generate and maintain Claude Code skills from the Trail of Bits Testing Handbook. When to Use Invoke this skill when: Creating new security testing skills from handbook content User mentions "testing handbook", "appsec.guide", or asks about generating skills Bulk skill generation or refresh is needed Do NOT use for: General security testing questions (use the generated skills) Non-handbook skill creation Handbook Location The skill needs the Testing Handbo...
 3K
2410 semgrep-rule-variant-creator trailofbits/skills
Semgrep Rule Variant Creator Port existing Semgrep rules to new target languages with proper applicability analysis and test-driven validation. When to Use Ideal scenarios: Porting an existing Semgrep rule to one or more target languages Creating language-specific variants of a universal vulnerability pattern Expanding rule coverage across a polyglot codebase Translating rules between languages with equivalent constructs When NOT to Use Do NOT use this skill for: Creating a new Semgrep rul...
 3K
2411 tanstack-query tanstack-skills/tanstack-skills
Overview TanStack Query (formerly React Query) manages server state - data that lives on the server and needs to be fetched, cached, synchronized, and updated. It provides automatic caching, background refetching, stale-while-revalidate patterns, pagination, infinite scrolling, and optimistic updates out of the box. Package: @tanstack/react-query Devtools: @tanstack/react-query-devtools Current Version: v5 Installation npm install @tanstack/react-query npm install -D @tanstack/react-query-devtoo...
 3K
2412 top-design wondelai/skills
Top-Design: Award-Winning Digital Experiences Create websites and applications at the level of world-class digital agencies. This skill embodies the craft of studios that consistently win FWA, Awwwards, CSS Design Awards, and Webby Awards. Core Philosophy The agencies you're emulating share these traits: Every pixel is intentional — nothing default, nothing accidental Typography IS the design — not decoration, but architecture Motion creates emotion — animation serves narrative, not novelty Whit...
 3K
2413 surf asksurf-ai/surf-skills
Surf — One Skill, All Crypto Data surf is a global CLI for querying crypto data. Run it directly (NOT via npx surf ). CLI flags use kebab-case (e.g. --sort-by , --token-address ), NOT snake_case. Setup Install the Surf CLI following the guide at https://agents.asksurf.ai/docs/cli/introduction surf install surf sync Always run surf install and surf sync at the start of every session — install updates the CLI binary, sync refreshes the API spec cache. After surf install , check the Minimum skill v...
 3K
2414 fuzzing-dictionary trailofbits/skills
Fuzzing Dictionary A fuzzing dictionary provides domain-specific tokens to guide the fuzzer toward interesting inputs. Instead of purely random mutations, the fuzzer incorporates known keywords, magic numbers, protocol commands, and format-specific strings that are more likely to reach deeper code paths in parsers, protocol handlers, and file format processors. Overview Dictionaries are text files containing quoted strings that represent meaningful tokens for your target. They help fuzzers by...
 3K
2415 code-review getsentry/skills
Code Review When to use this skill Reviewing pull requests Checking code quality Providing feedback on implementations Identifying potential bugs Suggesting improvements Security audits Performance analysis Instructions Step 1: Understand the context Read the PR description : What is the goal of this change? Which issues does it address? Are there any special considerations? Check the scope : How many files changed? What type of changes? (feature, bugfix, refactor) Are tests included? Step 2: Hi...
 3K
2416 autofix coderabbitai/skills
CodeRabbit Autofix Fetch CodeRabbit review comments for your current branch's PR and fix them interactively or in batch. Prerequisites Required Tools gh (GitHub CLI) - Installation guide git Verify: gh auth status Required State Git repo on GitHub Current branch has open PR PR reviewed by CodeRabbit bot ( coderabbitai , coderabbit[bot] , coderabbitai[bot] ) Workflow Step 0: Load Repository Instructions ( AGENTS.md ) Before any autofix actions, search for AGENTS.md in the current repository and l...
 3K
2417 create-viz anthropics/knowledge-work-plugins
/create-viz - Create Visualizations If you see unfamiliar placeholders or need to check which tools are connected, see CONNECTORS.md . Create publication-quality data visualizations using Python. Generates charts from data with best practices for clarity, accuracy, and design. Usage /create-viz <data source> [chart type] [additional instructions] Workflow 1. Understand the Request Determine: Data source : Query results, pasted data, CSV/Excel file, or data to be queried Chart type : Explicitly r...
 3K
2418 algorand-vulnerability-scanner trailofbits/skills
Algorand Vulnerability Scanner 1. Purpose Systematically scan Algorand smart contracts (TEAL and PyTeal) for platform-specific security vulnerabilities documented in Trail of Bits' "Not So Smart Contracts" database. This skill encodes 11 critical vulnerability patterns unique to Algorand's transaction model. 2. When to Use This Skill Auditing Algorand smart contracts (stateful applications or smart signatures) Reviewing TEAL assembly or PyTeal code Pre-audit security assessment of Algorand pro...
 3K
2419 constant-time-testing trailofbits/skills
Constant-Time Testing Timing attacks exploit variations in execution time to extract secret information from cryptographic implementations. Unlike cryptanalysis that targets theoretical weaknesses, timing attacks leverage implementation flaws - and they can affect any cryptographic code. Background Timing attacks were introduced by Kocher in 1996. Since then, researchers have demonstrated practical attacks on RSA (Schindler), OpenSSL (Brumley and Boneh), AES implementations, and even post-qua...
 3K
2420 context7-cli upstash/context7
ctx7 CLI The Context7 CLI does three things: fetches up-to-date library documentation, manages AI coding skills, and sets up Context7 MCP for your editor. Make sure the CLI is up to date before running commands: npm install -g ctx7@latest Or run directly without installing: npx ctx7@latest < command > What this skill covers Documentation — Fetch current docs for any library. Use when writing code, verifying API signatures, or when training data may be outdated. Skills management — Install, searc...
 3K
2421 software-architecture sickn33/antigravity-awesome-skills
Software Architecture Development Skill This skill provides guidance for quality focused software development and architecture. It is based on Clean Architecture and Domain Driven Design principles. Code Style Rules General Principles Early return pattern : Always use early returns when possible, over nested conditions for better readability Avoid code duplication through creation of reusable functions and modules Decompose long (more than 80 lines of code) components and functions into multiple...
 3K
2422 news-monitor claude-office-skills/skills
News Monitor Skill Overview I help you set up effective news monitoring strategies, analyze media coverage, and synthesize news into actionable intelligence. I can help with brand monitoring, industry tracking, and competitive intelligence. What I can do: Design news monitoring strategies Recommend monitoring tools and RSS feeds Create news digest templates Analyze media coverage patterns Synthesize news into briefings Set up alert configurations What I cannot do: Access real-time news feeds Exe...
 3K
2423 visualization-expert shubhamsaboo/awesome-llm-apps
Visualization Expert You are an expert in data visualization and effective visual communication of data insights. When to Apply Use this skill when: Selecting appropriate chart types Designing effective visualizations Creating dashboards Improving existing charts Presenting data insights visually Chart Selection Guide Comparison : Bar charts, column charts Distribution : Histograms, box plots Relationship : Scatter plots, bubble charts Composition : Pie charts (use sparingly), stacked bars Trend...
 3K
2424 story-setup worldwonderer/oh-story-claudecode
story-setup:网文写作工具集基础设施部署 你是写作基础设施部署器。将网文写作工具集的全套基础设施(hooks、rules、agents、CLAUDE.md)部署到用户项目目录。 执行铁律:不覆盖用户已有配置,合并而非替换。 Phase 1:检测项目状态 检查当前目录是否已部署过(存在 .story-deployed ) 如果已存在 → 使用 AskUserQuestion 确认是否重新部署 检查是否有书名目录(包含 追踪/ 子目录的目录,或用户自定义结构) 有 → 识别为长篇项目,显示当前项目信息 无 → 识别为新项目或短篇项目 检查 .claude/settings.local.json 是否存在 存在 → 读取现有配置,后续合并 不存在 → 后续创建新文件 检查 .active-book 文件是否存在 存在 → 显示当前活跃书目 不存在 → 跳过 Phase 2:部署基础设施 使用 AskUserQuestion 确认部署位置后,依次执行: 2.1 部署 CLAUDE.md 读取 skills/story-setup/references/templates/CLAUDE...
 3K
2425 nx-workspace nrwl/nx-ai-agents-config
Nx Workspace Exploration This skill provides read-only exploration of Nx workspaces. Use it to understand workspace structure, project configuration, available targets, and dependencies. Keep in mind that you might have to prefix commands with npx / pnpx / yarn if nx isn't installed globally. Check the lockfile to determine the package manager in use. Listing Projects Use nx show projects to list projects in the workspace. The project filtering syntax ( -p / --projects ) works across many Nx com...
 3K
2426 tailwind-4-docs lombiq/tailwind-agent-skills
Tailwind 4 Docs Overview Use this skill to navigate a locally synced Tailwind CSS v4 documentation snapshot and answer development, configuration, and migration questions with official guidance. The docs snapshot is not bundled with this skill because the upstream repository is source-available but not open-source. Users must initialize the snapshot themselves and are responsible for complying with the upstream license. Quick start Check whether the docs snapshot is initialized ( references/docs...
 3K
2427 spot binance/binance-skills-hub
Binance Spot Skill Spot request on Binance using authenticated API endpoints. Requires API key and secret key for certain endpoints. Return the result in JSON format. Quick Reference Endpoint Description Required Optional Authentication /api/v3/exchangeInfo (GET) Exchange information None symbol, symbols, permissions, showPermissionSets, symbolStatus No /api/v3/ping (GET) Test connectivity None None No /api/v3/time (GET) Check server time None None No /api/v3/aggTrades (GET) Compressed/Aggregate...
 2.9K
2428 agentcore vercel-labs/agent-browser
AWS Bedrock AgentCore Run agent-browser on cloud browser sessions hosted by AWS Bedrock AgentCore. All standard agent-browser commands work identically; the only difference is where the browser runs. Setup Credentials are resolved automatically: Environment variables ( AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY , optionally AWS_SESSION_TOKEN ) AWS CLI fallback ( aws configure export-credentials ), which supports SSO, IAM roles, and named profiles No additional setup is needed if the user already ...
 2.9K
2429 monetize-service coinbase/agentic-wallet-skills
Build an x402 Payment Server Create an Express server that charges USDC for API access using the x402 payment protocol. Callers pay per-request in USDC on Base — no accounts, API keys, or subscriptions needed. Your service is automatically discoverable by other agents via the x402 Bazaar. How It Works x402 is an HTTP-native payment protocol. When a client hits a protected endpoint without paying, the server returns HTTP 402 with payment requirements. The client signs a USDC payment and retries w...
 2.9K
2430 office-automation texiaoyao/office-automation-skill
Office 自动化技能 使用 Python 脚本自动化处理 Word (.docx) 和 Excel (.xlsx/xlsm) 文件。 快速开始 1. 安装依赖 pip install python-docx openpyxl pandas 2. 基本用法 处理 Word 文档: python scripts/word_processor.py read document.docx python scripts/word_processor.py write output.docx --content "Hello World" python scripts/word_processor.py template fill.docx --data '{"name": "张三", "date": "2026-02-22"}' 处理 Excel 表格: python scripts/excel_processor.py read data.xlsx python scripts/excel_processor.py write output.xlsx --sheet "Sheet1" py...
 2.9K
2431 desktop-computer-automation web-infra-dev/midscene-skills
Desktop Computer Automation CRITICAL RULES — VIOLATIONS WILL BREAK THE WORKFLOW: Never run midscene commands in the background. Each command must run synchronously so you can read its output (especially screenshots) before deciding the next action. Background execution breaks the screenshot-analyze-act loop. Run only one midscene command at a time. Wait for the previous command to finish, read the screenshot, then decide the next action. Never chain multiple commands together. Allow enough time ...
 2.9K
2432 ui-design-system samhvw8/dot-claude
UI/UX Design & Development Expert Comprehensive UI/UX design, review, and improvement for modern web applications. Production-ready implementations with TailwindCSS + Radix UI + shadcn/ui and modern React patterns. Stack Architecture The Three Pillars Layer 1: TailwindCSS (Styling Foundation) Utility-first CSS framework with build-time generation Zero runtime overhead, minimal production bundles Design tokens: colors, spacing, typography, breakpoints Responsive utilities and dark mode support La...
 2.9K
2433 authsome manojbajaj95/authsome
Authsome Skill Authsome connects your agent to external services with zero secret handling. The workflow is: setup → list → login → run . Step 0 — Setup Prefer uvx authsome@latest — it runs in an isolated environment and always picks up the latest version without a separate install step. Fall back to pipx (also isolated), then pip as a last resort: if command -v uvx &> /dev/null ; then AUTHSOME = "uvx authsome@latest" elif command -v pipx &> /dev/null ; then AUTHSOME = "pipx run authsome" elif c...
 2.9K
2434 macos-design-guidelines ehmo/platform-design-skills
macOS Human Interface Guidelines Mac apps serve power users who expect deep keyboard control, persistent menu bars, resizable multi-window layouts, and tight system integration. These guidelines codify Apple's HIG into actionable rules with SwiftUI and AppKit examples. 1. Menu Bar (CRITICAL) Every Mac app must have a menu bar. It is the primary discovery mechanism for commands. Users who cannot find a feature will look in the menu bar before anywhere else. Rule 1.1 — Provide Standard Menus Every...
 2.9K
2435 web-research langchain-ai/deepagents
Web Research Skill This skill provides a structured approach to conducting comprehensive web research using the task tool to spawn research subagents. It emphasizes planning, efficient delegation, and systematic synthesis of findings. When to Use This Skill Use this skill when you need to: Research complex topics requiring multiple information sources Gather and synthesize current information from the web Conduct comparative analysis across multiple subjects Produce well-sourced research rep...
 2.9K
2436 email-marketing claude-office-skills/skills
Email Marketing Comprehensive email marketing skill covering campaign creation, automated sequences, A/B testing, segmentation, and deliverability optimization. Overview This skill covers: Email campaign creation and templates Automated drip sequences A/B testing frameworks List segmentation strategies Deliverability best practices Email Types & Templates 1. Welcome Sequence sequence : "Welcome Series" trigger : subscriber_signup duration : 14_days emails : - day_0 : subject : "Welcome to {Brand...
 2.9K
2437 linkedin automation claude-office-skills/skills
LinkedIn Automation Comprehensive skill for automating LinkedIn marketing and B2B lead generation. Core Workflows 1. Content Pipeline LINKEDIN CONTENT FLOW: ┌─────────────────┐ │ Content Plan │ │ - Topics │ │ - Calendar │ └────────┬────────┘ ▼ ┌─────────────────┐ │ Create Post │ │ - Text │ │ - Visual │ │ - Document │ └────────┬────────┘ ▼ ┌─────────────────┐ │ Optimize │ │ - Hook │ │ - Hashtags │ │ - CTA │ └────────┬────────┘...
 2.9K
2438 report-generator claude-office-skills/skills
Report Generator Skill Overview This skill enables automatic generation of professional data reports. Create dashboards, KPI summaries, and analytical reports with charts, tables, and insights from your data. How to Use Provide data (CSV, Excel, JSON, or describe it) Specify the type of report needed I'll generate a formatted report with visualizations Example prompts: "Generate a sales report from this data" "Create a monthly KPI dashboard" "Build an executive summary with charts" "Produce a da...
 2.9K
2439 userinterface-wiki raphaelsalaja/userinterface-wiki
User Interface Wiki Comprehensive UI/UX best practices guide for web interfaces. Contains 119 rules across 11 categories, prioritized by impact to guide automated code review and generation. When to Apply Reference these guidelines when: Implementing or reviewing animations (CSS transitions, Motion/Framer Motion) Choosing between springs, easing curves, or no animation Working with AnimatePresence and exit animations Writing CSS with pseudo-elements or View Transitions API Adding audio feedback ...
 2.9K
2440 product-manager-toolkit sickn33/antigravity-awesome-skills
Product Manager Toolkit Essential tools and frameworks for modern product management, from discovery to delivery. Quick Start For Feature Prioritization python scripts/rice_prioritizer.py sample Create sample CSV python scripts/rice_prioritizer.py sample_features.csv --capacity 15 For Interview Analysis python scripts/customer_interview_analyzer.py interview_transcript.txt For PRD Creation Choose template from references/prd_templates.md Fill in sections based on discovery work Review with stak...
 2.9K
2441 wechat-article-writer iamzhihuix/happy-claude-skills
公众号文章写作流程 4 步完成高质量公众号文章:搜索资料 → 撰写文章 → 生成标题 → 排版优化 Step 1: 搜索资料 使用 WebSearch 工具搜索主题相关资料: 搜索要求: 1. 并行搜索多个来源(官方文档、X/Twitter、Reddit、技术论坛) 2. 优先获取最新资料(当月/当季) 3. 可启动多个并行 Task 加速搜索 4. 深度总结搜索结果 Step 2: 撰写文章 必须先读取用户的 CLAUDE.md 获取写作风格 撰写要求: 1000-1500 字 故事化开头,带情感色彩(兴奋/焦虑/好奇) 准备 2-3 个备选标题 结构:效果展示 → 问题描述 → 步骤教学 → 升华总结 遵循 CLAUDE.md 中定义的写作风格和结尾语 Step 3: 生成标题 生成 5 个爆款标题,特点: 痛点明确:直击读者痛处("还在手动...") 数字吸引:具体数字更有说服力("3分钟"、"5个技巧") 结果导向:承诺具体收益("效率暴涨10倍") 情绪调动:惊、神技、秘籍等词汇 悬念设置:引发好奇心 Step 4: 排版优化 优化建议: 段落结构:每...
 2.9K
2442 eval-driven-dev github/awesome-copilot
Eval-Driven Development with pixie This skill is about doing the work, not describing it. When a user asks you to set up evals for their app, you should be reading their code, editing their files, running commands, and producing a working test pipeline — not writing a plan for them to follow later. All pixie-generated files live in a single pixie_qa directory at the project root: pixie_qa/ MEMORY.md your understanding and eval plan observations.db SQLite trace DB (auto-crea...
 2.9K
2443 dcf-valuation claude-office-skills/skills
DCF Valuation Skill Overview I help you build Discounted Cash Flow (DCF) models to estimate the intrinsic value of companies. DCF is the gold standard for fundamental valuation used by investment banks, hedge funds, and professional investors. What I can do: Build complete DCF models from financial data Calculate WACC (Weighted Average Cost of Capital) Project future free cash flows Estimate terminal value (Gordon Growth or Exit Multiple) Run sensitivity analysis on key assumptions Generate prof...
 2.9K
2444 dwarf-expert trailofbits/skills
Overview This skill provides technical knowledge and expertise about the DWARF standard and how to interact with DWARF files. Tasks include answering questions about the DWARF standard, providing examples of various DWARF features, parsing and/or creating DWARF files, and writing/modifying/analyzing code that interacts with DWARF data. When to Use This Skill Understanding or parsing DWARF debug information from compiled binaries Answering questions about the DWARF standard (v3, v4, v5) Writing...
 2.9K
2445 ton-vulnerability-scanner trailofbits/skills
TON Vulnerability Scanner 1. Purpose Systematically scan TON blockchain smart contracts written in FunC for platform-specific security vulnerabilities related to boolean logic, Jetton token handling, and gas management. This skill encodes 3 critical vulnerability patterns unique to TON's architecture. 2. When to Use This Skill Auditing TON smart contracts (FunC language) Reviewing Jetton token implementations Validating token transfer notification handlers Pre-launch security assessment of TON...
 2.9K
2446 interpreting-culture-index trailofbits/skills
<essential_principles> Culture Index measures behavioral traits, not intelligence or skills. There is no "good" or "bad" profile. The 0-10 scale is just a ruler. What matters is distance from the red arrow (population mean at 50th percentile). The arrow position varies between surveys based on EU. Why the arrow moves: Higher EU scores cause the arrow to plot further right; lower EU causes it to plot further left. This does not affect validity—we always measure distance from wherever the arrow...
 2.9K
2447 ossfuzz trailofbits/skills
OSS-Fuzz OSS-Fuzz is an open-source project developed by Google that provides free distributed infrastructure for continuous fuzz testing. It streamlines the fuzzing process and facilitates simpler modifications. While only select projects are accepted into OSS-Fuzz, the project's core is open-source, allowing anyone to host their own instance for private projects. Overview OSS-Fuzz provides a simple CLI framework for building and starting harnesses or calculating their coverage. Additionally...
 2.9K
2448 libfuzzer trailofbits/skills
libFuzzer libFuzzer is an in-process, coverage-guided fuzzer that is part of the LLVM project. It's the recommended starting point for fuzzing C/C++ projects due to its simplicity and integration with the LLVM toolchain. While libFuzzer has been in maintenance-only mode since late 2022, it is easier to install and use than its alternatives, has wide support, and will be maintained for the foreseeable future. When to Use Fuzzer Best For Complexity libFuzzer Quick setup, single-project fuzzing L...
 2.9K
2449 substrate-vulnerability-scanner trailofbits/skills
Substrate Vulnerability Scanner 1. Purpose Systematically scan Substrate runtime modules (pallets) for platform-specific security vulnerabilities that can cause node crashes, DoS attacks, or unauthorized access. This skill encodes 7 critical vulnerability patterns unique to Substrate/FRAME-based chains. 2. When to Use This Skill Auditing custom Substrate pallets Reviewing FRAME runtime code Pre-launch security assessment of Substrate chains (Polkadot parachains, standalone chains) Validating d...
 2.9K
2450 cairo-vulnerability-scanner trailofbits/skills
Cairo/StarkNet Vulnerability Scanner 1. Purpose Systematically scan Cairo smart contracts on StarkNet for platform-specific security vulnerabilities related to arithmetic, cross-layer messaging, and cryptographic operations. This skill encodes 6 critical vulnerability patterns unique to Cairo/StarkNet ecosystem. 2. When to Use This Skill Auditing StarkNet smart contracts (Cairo) Reviewing L1-L2 bridge implementations Pre-launch security assessment of StarkNet applications Validating cross-laye...
 2.9K