Skills

spec-to-code-compliance

Installation
Summary

Verifies code implements exactly what documentation specifies for blockchain audits.

  • Performs deterministic, line-by-line semantic analysis of code against specification documents, whitepapers, or design docs to identify gaps and misalignments
  • Extracts specification intent and code behavior into structured intermediate representations (Spec-IR, Code-IR, Alignment-IR) with full traceability and confidence scores
  • Classifies divergences by severity (critical, high, medium, low) with evidence links, exploit scenarios, and remediation recommendations
  • Detects undocumented code paths, unimplemented spec claims, invariant violations, math inconsistencies, and access control drift across the entire codebase
SKILL.md

When to Use

Use this skill when you need to:

  • Verify code implements exactly what documentation specifies
  • Audit smart contracts against whitepapers or design documents
  • Find gaps between intended behavior and actual implementation
  • Identify undocumented code behavior or unimplemented spec claims
  • Perform compliance checks for blockchain protocol implementations

Concrete triggers:

  • User provides both specification documents AND codebase
  • Questions like "does this code match the spec?" or "what's missing from the implementation?"
  • Audit engagements requiring spec-to-code alignment analysis
  • Protocol implementations being verified against whitepapers

When NOT to Use

Do NOT use this skill for:

  • Codebases without corresponding specification documents
Related skills

More from trailofbits/skills

Installs
2.4K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail