SecurityMédio

Variant Analysis

portrailofbits·trailofbits· v1.0.0 · atualizado em 2026-04-10

Score

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

vulnerability-analysiscode-auditsecurity-scanningpattern-matchingcodeqlsemgrepbug-hunting

0Stars

0Forks

0Usos

Fork

Documento do Skill

SKILL.mdvariant-analysis/workflow

1. Understand the root cause, conditions, and exploitability of the original vulnerability.

2. Create an exact match pattern using `rg` to confirm the initial instance.

3. Identify abstraction points (function names, variable names, literal values, arguments) for generalization.

4. Iteratively generalize the pattern, changing one element at a time.

5. Review all new matches and classify them as true or false positives.

6. Stop generalizing when the false positive rate exceeds 50%.

7. Document the location, confidence, exploitability, and priority of each match.

Telemetria de Agentes

Execuções

total

Taxa de Sucesso

últimos 30d

Latência Média

0.0s

p50

Alucinação

0.0%

detecção

Tokens Entrada

avg 0/exec

Tokens Saída

avg 0/exec

Uso por Plataforma

Skills Relacionados

Compõe comDeep Context Builder Skill (Ultra-Granular Pure Context Mode)

70%

Similar aWallet Policy Generator

60%

Similar aQuery Token Audit Skill

60%

Similar aSpring Boot Security Review

60%

Árvore do Skill

Variant Analysis

variant-analysis

Fases Cognitivas5

1.SENSE

2.CONTEXTUALIZE

3.HYPOTHESIZE

4.EVALUATE

5.RECOMMEND

Triggers7

find similar vulnerabilities in the codebasesearch for bug variantsbuild a CodeQL query for a security patternbuild a Semgrep query for a security patternperform a systematic code auditanalyze code for similar vulnerabilitiesidentify instances of a known vulnerability

Avaliar este Skill

Score Breakdown

⭐Avaliação Humana0%

🤖Sucesso de Agentes0%

🕐Atualidade100%

🔗Saúde de Dependências100%

🕸️Centralidade no Grafo0%

🛡️Segurança50%

CompositeScore = α·Humano + β·Agente + γ·Recência + δ·Deps + ε·Centralidade + ζ·Segurança

Instalação

$ synaptic mcp download variant-analysis

$ synaptic skills detail variant-analysis

$ synaptic skills live variant-analysis

Dependências

ripgrep Semgrep CodeQL

Links

GitHub Repository