differential-review

by trailofbits

differential-review is a security-focused code review skill for PRs, commits, and diffs. It uses baseline history, blast radius, test coverage, and structured reporting to help catch regressions in auth, crypto, external calls, and other high-risk paths. Use it for differential-review for Code Review when you need evidence-backed findings.

Stars5k

Favorites0

Comments0

AddedMay 4, 2026

CategoryCode Review

Install Command

npx skills add trailofbits/skills --skill differential-review

Curation Score

This skill scores 78/100, which means it is a solid but not top-tier listing candidate: directory users get a clearly security-focused differential review workflow with enough structure to justify installation, but they should expect some manual interpretation and limited onboarding help.

78/100

Strengths

Explicitly triggers on PRs, commits, and diffs for security-focused review, so agents know when to use it.
Strong operational guidance: risk-first rules, baseline context building, blast-radius analysis, adversarial modeling, and mandatory report generation.
Evidence-backed workflow with git history, line numbers, attack scenarios, and explicit confidence/coverage expectations, which improves agent leverage over a generic prompt.

Cautions

No install command and no support files, so adoption depends on reading the skill content rather than a packaged setup experience.
The description/frontmatter is sparse and there is no quick-start example, so agents may still need to infer the exact entrypoint and execution sequence from the body.

PR Review Git Security Workflow Markdown

Overview

Overview of differential-review skill

What differential-review does

The differential-review skill is a security-focused workflow for reviewing PRs, commits, and diffs with more rigor than a normal prompt. It is built for reviewers who need to decide whether a change introduces regressions, especially in auth, crypto, external calls, state changes, and other high-risk paths.

Who it fits best

Use the differential-review skill if you are reviewing security-sensitive code, inherited a large diff, or need a repeatable method that adapts to codebase size. It is a strong fit for engineers, security reviewers, and AI-assisted auditors who want evidence-backed findings instead of a shallow line-by-line skim.

What makes it different

The main value of differential-review is that it forces context before conclusions: baseline history, blast radius, test coverage, and explicit confidence limits. The repository also pushes output into a structured markdown report, so the skill is not just an analysis prompt; it is a review process with a deliverable.

How to Use differential-review skill

Install and load the skill

A typical differential-review install starts with the repository toolchain, then points the agent at the skill folder. For this package, the install path is plugins/differential-review/skills/differential-review. If you are using the Trail of Bits skills repo, install with the project’s skills command and then open SKILL.md first.

Give it a review-shaped input

For best differential-review usage, ask it to review a specific base/head range, commit, or PR, and name the security concern if you have one. Strong inputs look like: “Review base..head for auth bypass, reentrancy, and missing tests; focus on external call paths and state transitions.” Weak inputs like “check this diff” leave too much room for guesswork.

Read the right files first

A good differential-review guide starts with SKILL.md, then methodology.md, adversarial.md, patterns.md, and reporting.md. These files tell the agent how to build baseline context, what attack models to use, what patterns to scan for, and how to format the final report. There are no helper scripts or extra reference folders in this plugin, so the skill files are the source of truth.

Workflow tips that change output quality

Use the skill when you can provide a clean diff, a baseline commit, and enough repository context to inspect callers and tests. Tell it if the codebase is small, medium, or large, or let it infer scale, but do not skip the baseline/history step. For differential-review for Code Review, the highest-value inputs are concrete: changed files, likely trust boundaries, suspicious functions, and any regression history you already know about.

differential-review skill FAQ

Is differential-review only for security reviews?

Yes, primarily. It is designed for security-focused differential review, not general style cleanup or feature acceptance. You can still use it for ordinary code review, but the main value appears when the change could affect trust boundaries, data integrity, or exploitability.

How is it different from a normal prompt?

A normal prompt may summarize the diff; differential-review tries to prove or disprove risk with history, blast radius, and attacker modeling. It also expects a markdown report, which makes the output easier to hand off or archive.

Is it beginner-friendly?

It is usable for beginners, but it assumes the user can point to a specific diff and wants structured analysis. If you do not know the codebase well, the skill still helps because it demands baseline context and makes missing coverage explicit.

When should I not use it?

Do not use differential-review for trivial text changes, low-risk formatting-only PRs, or cases where you only need a one-paragraph summary. It is overkill when there is no meaningful security or regression risk, and its process adds value only if there is something worth checking deeply.

How to Improve differential-review skill

Provide stronger review context

The biggest improvement comes from giving the skill the exact review surface: PR number, commit range, target branch, and any suspected risk area. If you know the project domain, say so up front: a Solidity change, an API auth flow, or a payment path will steer the analysis toward the right attack model.

Ask for the right depth on the first pass

If you want better differential-review usage, specify whether you care more about correctness, exploitability, or regression risk. For example: “Focus on externally callable functions, changed validation, and any missing tests for new branches.” That narrows the search to the paths that matter most and reduces noisy findings.

Watch for the common failure modes

The most common misses are treating small diffs as low risk, ignoring removed code history, and forgetting transitive callers when judging blast radius. The skill is explicitly written to avoid those mistakes, but it still needs a concrete baseline and a clearly bounded diff to do that well.

Iterate after the first report

Use the first report to refine the next pass. If the result is too broad, ask for a narrower attacker model or a deeper inspection of one subsystem. If it is too shallow, ask it to re-run with more history, stronger test scrutiny, or a stricter focus on invariants and regression paths.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

laravel-tdd

by affaan-m

laravel-tdd is a Laravel test-driven-development guide for PHPUnit and Pest. It helps with unit, feature, and integration test choices, database strategy, fakes, coverage targets, and a practical workflow for test automation.

Test Automation

Favorites 0GitHub 156.2k

codeql

by trailofbits

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

Security Audit

Favorites 0GitHub 5k

semgrep-rule-creator

by trailofbits

semgrep-rule-creator creates production-quality Semgrep rules for security vulnerabilities, bug patterns, taint-flow detections, and coding standards. Use the semgrep-rule-creator skill for Security Audit work when you need precise rules, test cases, and validation instead of a generic draft.

Security Audit

Favorites 0GitHub 5k

insecure-defaults

by trailofbits

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

Security Audit

Favorites 0GitHub 5k

constant-time-analysis

by trailofbits

constant-time-analysis is a security-audit skill for finding timing side-channel risks in cryptographic code before they become exploitable bugs. Use it to review secret-dependent math, branches, comparisons, and compiled output when checking C, C++, Go, Rust, Swift, Java, Kotlin, PHP, JavaScript, TypeScript, Python, or Ruby.

Security Audit

Favorites 0GitHub 5k

react-native-best-practices

by callstackincubator

react-native-best-practices is a practical React Native performance optimization guide for slow startup, dropped frames, heavy renders, memory leaks, bundle bloat, and animation jank. Use it when you need evidence-backed fixes for Hermes, bridge overhead, FlashList, native modules, or profiling a release regression.

Performance Optimization

Favorites 0GitHub 1.3k

frontend-design-review

by microsoft

frontend-design-review is a GitHub skill for reviewing frontend UI work and creating distinctive, production-grade interfaces from scratch. It helps assess design system compliance, accessibility, visual quality, and whether a UI feels generic or intentionally designed. Use it for PR reviews, component reviews, and frontend-design-review for UI Design.

UI Design

Favorites 0GitHub 0

sarif-parsing

by trailofbits

sarif-parsing is a post-scan skill for reading, filtering, deduplicating, summarizing, and converting SARIF 2.1.0 results from tools like CodeQL and Semgrep. Use it when you already have scan output and need clear parsing, aggregation, or CI/CD-ready transformation. It is not for running scans.

Code Editing

Favorites 0GitHub 5k

property-based-testing

by trailofbits

property-based-testing skill guide for writing, reviewing, and improving PBT across languages and smart contracts. Use this property-based-testing guide to spot roundtrip, idempotence, invariant, parser, validator, and normalization cases, choose generators, and decide when property-based-testing is stronger than example-based tests.

Skill Testing

Favorites 0GitHub 5k

ruzzy

by trailofbits

ruzzy is a coverage-guided Ruby fuzzing skill for testing pure Ruby code and Ruby C extensions. Use the ruzzy guide to set up a supported Linux environment, verify sanitizer wiring, and build practical fuzzing workflows for Security Audit work.

Security Audit

Favorites 0GitHub 5k

vue-best-practices

by vuejs-ai

vue-best-practices is a Vue 3 skill for code generation, review, and refactoring. It guides agents toward Composition API, <script setup lang="ts">, explicit data flow, SSR-aware choices, and core references for reactivity, SFCs, composables, Router, Pinia, and Vite-based apps.

Frontend Development

Favorites 0GitHub 2.1k

variant-analysis

by trailofbits

variant-analysis helps you find similar vulnerabilities and bugs across a codebase after one issue is confirmed. Use it to build CodeQL or Semgrep queries, follow a root-cause-first workflow, and run a focused variant-analysis guide for Security Audit work. It is best for post-discovery searches, not broad initial review.

Security Audit

Favorites 0GitHub 0

subagent-driven-development

by obra

subagent-driven-development is a skill for executing implementation plans with a fresh subagent per task, then reviewing each result in two passes: spec compliance first, code quality second. It includes prompt templates for the implementer, spec reviewer, and code quality reviewer.

Agent Orchestration

Favorites 0GitHub 121.8k

dotnet-patterns

by affaan-m

dotnet-patterns is a practical .NET pattern guide for backend development. It helps you write and review idiomatic C# with stronger defaults for immutability, explicit dependencies, async/await, and maintainable ASP.NET Core services. Use it for code generation, refactoring, and review when you want repeatable patterns, not generic advice.

Backend Development

Favorites 1GitHub 156.1k

verification-loop

by affaan-m

verification-loop is a Claude Code verification workflow for checking builds, types, lint, tests, security, and diffs after code changes. This verification-loop skill is useful before PRs and after refactors when you want a structured post-change guide instead of a generic prompt.

Verification

Favorites 0GitHub 156.3k

pytorch-patterns

by affaan-m

pytorch-patterns helps you write, review, and debug PyTorch code with device-agnostic patterns, reproducible experiments, and explicit tensor handling. Use the pytorch-patterns skill for cleaner training loops, model refactors, and practical PyTorch guidance.

Code Editing

Favorites 0GitHub 156.2k