Loading...
Loading...
Found 80 Skills
Guidance for extracting secrets from protected or obfuscated binaries through systematic static and dynamic analysis. This skill should be used when tasks involve reverse engineering executables, extracting hidden flags or keys, analyzing binary protections, or decoding obfuscated data within compiled programs.
Clarity smart contract security audit — structured review covering correctness, security vulnerabilities, design concerns, and deployment readiness.
Execution-aware preflight analysis (control-flow, timing/energy) on existing callees using compiled artifacts, to catch problems while the design is still cheap to change.
Scan C# source files for hard-to-test static dependencies — DateTime.Now/UtcNow, File.*, Directory.*, Environment.*, HttpClient, Console.*, Process.*, and other untestable statics. Produces a ranked report of static call sites by frequency. USE FOR: find untestable statics, scan for static dependencies, testability audit, identify hard-to-mock code, find DateTime.Now usage, detect static coupling, testability report, static analysis for testability. DO NOT USE FOR: generating wrappers (use generate-testability-wrappers), migrating code (use migrate-static-to-wrapper), general code review, or finding statics that are already behind abstractions.
Uses Managed Agents' 14.5-hour runtime to audit an entire codebase overnight. Security, performance, accessibility, dependency issues. You wake up to a full report.
Codebase intelligence for JavaScript and TypeScript. Free static layer finds unused code (files, exports, types, dependencies), code duplication, circular dependencies, complexity hotspots, architecture boundary violations, and feature flag patterns. Optional paid runtime layer (Fallow Runtime) merges production execution data into the same health report for hot-path review, cold-path deletion confidence, and stale-flag evidence. 90 framework plugins, zero configuration, sub-second static analysis. Use when asked to analyze code health, find unused code, detect duplicates, check circular dependencies, audit complexity, check architecture boundaries, detect feature flags, clean up the codebase, auto-fix issues, merge production coverage, or run fallow.
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
7-layer architecture design guidelines for Laravel applications. Covers layer responsibilities, dependency rules, and Laravel-native patterns. Reference this skill when planning backend architecture decisions during Phase 1 (Planning & Review).
Identify unused code, imports, variables, and functions for safe removal.
Run Semgrep SAST scans on code. Supports 30+ languages with OWASP, security, and custom rulesets. Parses results and provides remediation guidance.
General coding best practices and software engineering principles to build robust, maintainable, and scalable software.
Detect codebase bloat through progressive analysis: dead code, duplication, complexity, documentation bloat. Use when context usage high, quarterly maintenance, pre-release cleanup, before refactoring. Do not use when active feature development, time-sensitive bugs, codebase < 1000 lines.