Auditing

seo-drift is a GitHub skill for tracking SEO-critical page elements over time, comparing baselines, and catching regressions after deploys, CMS edits, or template changes. Use the seo-drift skill for SEO Content, technical on-page checks, and practical seo-drift usage when you need a clear answer to whether anything broke.

constant-time-testing is a practical skill for auditing cryptographic code for timing side channels. Use the constant-time-testing skill to inspect secret-dependent branches, memory access patterns, and microarchitectural behavior, then apply a focused constant-time-testing guide for Security Audit workflows.

Semgrep skill for static analysis on codebases with automatic language detection, parallel workers, merged SARIF output, and plan-first approval. Built for semgrep for Security Audit workflows, it supports run all and important only modes, uses --metrics=off, and can leverage Semgrep Pro when available.

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

constant-time-analysis is a security-audit skill for finding timing side-channel risks in cryptographic code before they become exploitable bugs. Use it to review secret-dependent math, branches, comparisons, and compiled output when checking C, C++, Go, Rust, Swift, Java, Kotlin, PHP, JavaScript, TypeScript, Python, or Ruby.

ton-vulnerability-scanner is a focused audit skill for TON smart contracts written in FunC. It helps identify integer-as-boolean misuse, fake Jetton contract handling, and missing gas checks when forwarding TON. Use it for a fast first-pass Security Audit before deeper manual review.

substrate-vulnerability-scanner helps audit Substrate and FRAME pallets for critical issues like arithmetic overflow, panic DoS, bad origin checks, incorrect weights, and unsafe unsigned extrinsics. Use this substrate-vulnerability-scanner skill for Security Audit reviews of runtimes, pallet extrinsics, and weight logic.

guidelines-advisor is a smart contract development advisor based on Trail of Bits best practices. It analyzes a codebase to generate documentation, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Use the guidelines-advisor guide for clear, evidence-based recommendations.