Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
View on GitHubFebruary 1, 2026
Select agents to install to:
npx add-skill https://github.com/trailofbits/skills/blob/main/plugins/building-secure-contracts/skills/audit-prep-assistant/SKILL.md -a claude-code --skill audit-prep-assistantInstallation paths:
.claude/skills/audit-prep-assistant/# Audit Prep Assistant ## Purpose Helps prepare for a security review using Trail of Bits' checklist. A well-prepared codebase makes the review process smoother and more effective. **Use this**: 1-2 weeks before your security audit --- ## The Preparation Process ### Step 1: Set Review Goals Helps define what you want from the review: **Key Questions**: - What's the overall security level you're aiming for? - What areas concern you most? - Previous audit issues? - Complex components? - Fragile parts? - What's the worst-case scenario for your project? Documents goals to share with the assessment team. --- ### Step 2: Resolve Easy Issues Runs static analysis and helps fix low-hanging fruit: **Run Static Analysis**: For Solidity: ```bash slither . --exclude-dependencies ``` For Rust: ```bash dylint --all ``` For Go: ```bash golangci-lint run ``` For Go/Rust/C++: ```bash # CodeQL and Semgrep checks ``` Then I'll: - Triage all findings - Help fix easy issues - Document accepted risks **Increase Test Coverage**: - Analyze current coverage - Identify untested code - Suggest new tests - Run full test suite **Remove Dead Code**: - Find unused functions/variables - Identify unused libraries - Locate stale features - Suggest cleanup **Goal**: Clean static analysis report, high test coverage, minimal dead code --- ### Step 3: Ensure Code Accessibility Helps make code clear and accessible: **Provide Detailed File List**: - List all files in scope - Mark out-of-scope files - Explain folder structure - Document dependencies **Create Build Instructions**: - Write step-by-step setup guide - Test on fresh environment - Document dependencies and versions - Verify build succeeds **Freeze Stable Version**: - Identify commit hash for review - Create dedicated branch - Tag release version - Lock dependencies **Identify Boilerplate**: - Mark copied/forked code - Highlight your modifications - Document third-party code - Focus review on your code --- ### S