Skills

fp-check

Installation
Summary

Systematically verify suspected security bugs and classify them as true or false positives with documented evidence.

  • Guides you through structured claim analysis, data flow tracing, and gate reviews to eliminate false positives before reporting
  • Supports two verification routes: standard (single-pass checklist for straightforward bugs) and deep (full task orchestration for complex, cross-component, or concurrent bugs)
  • Includes built-in escalation checkpoints, bug-class-specific verification requirements, and a 13-item false positive pattern checklist to catch common misclassifications
  • Produces final verdicts with counts, vulnerability descriptions, and rejection reasons for each bug analyzed
SKILL.md

False Positive Check

When to Use

  • "Is this bug real?" or "is this a true positive?"
  • "Is this a false positive?" or "verify this finding"
  • "Check if this vulnerability is exploitable"
  • Any request to verify or validate a specific suspected bug

When NOT to Use

  • Finding or hunting for bugs ("find bugs", "security analysis", "audit code")
  • General code review for style, performance, or maintainability
  • Feature development, refactoring, or non-security tasks
  • When the user explicitly asks for a quick scan without verification

Rationalizations to Reject

If you catch yourself thinking any of these, STOP.

Related skills

More from trailofbits/skills

Installs
2.8K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Mar 3, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass