Skip to content
wyattowalsh/agents | AI Agent Configs
Docs
variant-analysis

variant-analysis

Curated third-party skill source. Run external-skill-auditor before repo promotion.

variant-analysis18 wordsInspect firstinspect-then-install
Curated third-party skill source. Run external-skill-auditor before repo promotion.

Quick Start

Install:

npx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode

Use: /variant-analysis

Works with Claude Code, Gemini CLI, OpenCode, and other agentskills.io-compatible agents.

What It Does

Section titled “What It Does”

5-step systematic variant analysis to find similar vulns/bugs from a seed: 1) understand root cause 2) exact match pattern 3) identify abstractions 4) iteratively generalize 5) analyze/triage. Includes tool guidance (rg/Semgrep/CodeQL), pitfalls, ready CodeQL/Semgrep templates (py,js,java,go,c++). Trail of Bits.

Harness Coverage

Section titled “Harness Coverage”

Targets verified harnesses: antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode.

Portable multi-harness install command:

Terminal window
npx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode

Trust / Audit

Section titled “Trust / Audit”

Trust tier: Inspect first (needs-inspection)

Curated status: inspect-then-install

Risk notes: Curated third-party skill source. Run external-skill-auditor before repo promotion.

Entry maintained via authoring + research for compose-external-wave-13; provenance and audit notes are authoritative there (research context is advisory).

Install Prerequisites

Section titled “Install Prerequisites”

In differential/agentic batch install. status=inspect-then-install.

FieldValue
Source Typecurated-external
Display Sourcetrailofbits/skills
Source Kindgithub
Installabilityportable command
Review Statecurated
Trust Tierneeds-inspection
Target Agentsantigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode
Curated catalog entry
docs/src/authoring/skills/variant-analysis.mdx (full SSOT excerpt)
---
name: "variant-analysis"
description: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
title: "Variant Analysis"
source_kind: "curated-external"
source: "trailofbits/skills"
install_source: "trailofbits/skills"
status: "inspect-then-install"
trust_tier: "needs-inspection"
provenance_status: "verified-install-command"
install_command: "npx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode"
target_agents: [antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode]
source_url: "https://github.com/trailofbits/skills"
notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
risk_notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
promotion_policy: "Inspect source, hooks, scripts, credentials, and dedupe before install."
provenance_evidence: "Curated `npx skills add` command with named `--skill` selectors under `inspect-then-install` in config/external-skills.md."
---


{/* GENERATED-AUTHORING: source=config/external-skills.md; entry=variant-analysis; re-run migration to refresh */}


Curated third-party skill source. Run external-skill-auditor before repo promotion.

Install / provenance (from authoring frontmatter + research):

FieldValue
install_commandnpx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode
sourcetrailofbits/skills
source_urlhttps://github.com/trailofbits/skills
trust_tierneeds-inspection
curated_statusinspect-then-install
target_agentsantigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode

Resources

Section titled “Resources”
Skill Catalog Browse custom and external skills.
CLI Reference Install and manage skills.
Built & designed by shadcn. Ported to Astro Starlight by Adrián UB. The source code is available on GitHub.
Home Start Here Skills Agents MCP CLI

Skills

Catalog Install Custom

Agents

Agents code-reviewer docs-writer orchestrator performance-profiler planner release-manager researcher security-auditor

MCP

MCP Servers mcphub

Hooks

Hooks codex-destructive-shell-guard codex-permission-request-guard codex-post-tool-verify-context codex-protected-file-guard codex-session-start-context codex-stop-truth-gate destructive-shell-guard post-edit-format post-edit-lint prompt-log protected-file-guard research-dangerous-shell-guard research-evidence-ledger research-prompt-triage-context research-readonly-write-guard research-stop-verifier session-start

Harness Config

Harness Config mcp-registry sync-manifest tooling-policy