Search Results

Source: ~/.claude/skills/tob-differential-review/skills/differential-review/SKILL.md name: differential-review description: > Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git...

Source: ~/.claude/skills/tob-fix-review/skills/fix-review/SKILL.md name: fix-review description: > Verifies that git commits address security audit findings without introducing bugs. This skill should be used when the user asks to "verify these commits fix th...

Source: ~/.claude/skills/tob-insecure-defaults/skills/insecure-defaults/SKILL.md name: insecure-defaults description: "Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use...

Source: ~/.claude/skills/tob-property-based-testing/skills/property-based-testing/SKILL.md name: property-based-testing description: Provides guidance for property-based testing across multiple languages and smart contracts. Use when writing tests, reviewing ...

Source: ~/.claude/skills/tob-second-opinion/skills/second-opinion/SKILL.md name: second-opinion description: "Runs external LLM code reviews (OpenAI Codex or Google Gemini CLI) on uncommitted changes, branch diffs, or specific commits. Use when the user asks ...

Source: ~/.claude/skills/tob-sharp-edges/skills/sharp-edges/SKILL.md name: sharp-edges description: "Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schema...

Source: ~/.claude/skills/tob-static-analysis/skills/codeql/SKILL.md name: codeql description: >- Runs CodeQL static analysis for security vulnerability detection using interprocedural data flow and taint tracking. Applicable when finding vulnerabilities, runn...

Source: ~/.claude/skills/tob-static-analysis/skills/sarif-parsing/SKILL.md name: sarif-parsing description: Parse, analyze, and process SARIF (Static Analysis Results Interchange Format) files. Use when reading security scan results, aggregating findings from...

Source: ~/.claude/skills/tob-static-analysis/skills/semgrep/SKILL.md name: semgrep description: Run Semgrep static analysis scan on a codebase using parallel subagents. Automatically detects and uses Semgrep Pro for cross-file analysis when available. Use whe...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/address-sanitizer/SKILL.md name: address-sanitizer type: technique description: > AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-a...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/aflpp/SKILL.md name: aflpp type: fuzzer description: > AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects. AFL++ AFL++ is a for...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/atheris/SKILL.md name: atheris type: fuzzer description: > Atheris is a coverage-guided Python fuzzer based on libFuzzer. Use for fuzzing pure Python code and Python C extensions. Atheris Atheris is ...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/cargo-fuzz/SKILL.md name: cargo-fuzz type: fuzzer description: > cargo-fuzz is the de facto fuzzing tool for Rust projects using Cargo. Use for fuzzing Rust code with libFuzzer backend. cargo-fuzz ca...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/constant-time-testing/SKILL.md name: constant-time-testing type: domain description: > Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementatio...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/coverage-analysis/SKILL.md name: coverage-analysis type: technique description: > Coverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuz...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md name: fuzzing-dictionary type: technique description: > Fuzzing dictionaries guide fuzzers with domain-specific tokens. Use when fuzzing parsers, protocols, or format-spec...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md name: fuzzing-obstacles type: technique description: > Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/harness-writing/SKILL.md name: harness-writing type: technique description: > Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving exis...