Technical & DevelopmentIntermediate

differential-review

Security-focused diff review with git history analysis

Developer Setup

Setup & Installation

bash

npx skills add https://github.com/trailofbits/skills --skill differential-review

npx skills add https://github.com/trailofbits/skills --skill differential-review

Or paste this URL into your assistant to install:

https://github.com/trailofbits/skills/tree/main/plugins/differential-review View on GitHub

Overview

What This Skill Does

Runs security-focused differential reviews on PRs, commits, and diffs. Scales analysis depth to codebase size, calculates blast radius for high-risk changes, checks test coverage gaps, and writes a markdown report file. Detects security regressions by tracing git history on removed code.

Application

When to use this Skill

Configuring integration settings for custom agent workflows.
Optimizing query execution and response latency in production.
Developing clean, standard-compliant implementations for enterprise services.
Troubleshooting connection timeouts and authentication handshakes.
Monitoring API rate limits and execution pipelines programmatically.

Documentation

Show Skills.md file

Differential Review

Security-focused differential review of code changes with git history analysis and blast radius estimation.

Author: Omar Inuwa

When to Use

Use this skill when you need to:

Review PRs, commits, or diffs for security vulnerabilities
Detect security regressions (re-introduced vulnerabilities)
Analyze the blast radius of code changes
Check test coverage gaps for modified code

What It Does

This skill performs comprehensive security review of code changes:

Risk-First Analysis - Prioritizes auth, crypto, value transfer, external calls
Git History Analysis - Uses blame to understand why code existed and detect regressions
Blast Radius Calculation - Quantifies impact by counting callers
Test Coverage Gaps - Identifies untested changes
Adaptive Depth - Scales analysis based on codebase size (small/medium/large)

Installation

Lines 1 - 25 of 109

Recommendations

Explore other random skills

TechnicalAdvanced

two-factor-authentication-best-practices

Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better Auth's twoFactor plugin. Use when users need MFA, multi-factor authentication, authenticator setup, or login security with Better Auth.

TechnicalIntermediate

create-auth-skill

Scaffold and implement authentication in TypeScript/JavaScript apps using Better Auth. Detect frameworks, configure database adapters, set up route handlers, add OAuth providers, and create auth UI pages. Use when users want to add login, sign-up, or authentication to a new or existing project with Better Auth.

EnterpriseBeginner

best-practices

Best practices for Better Auth integration

All skills My patterns