Skills

variant-analysis

Installation
Summary

Find similar vulnerabilities and bugs across codebases using pattern-based analysis.

  • Guides a five-step process: understand root cause, create exact match, identify abstraction points, iteratively generalize patterns, and analyze results with confidence/exploitability triage
  • Supports ripgrep for quick searches, Semgrep for simple pattern matching, and CodeQL for cross-function data flow analysis
  • Includes ready-to-use CodeQL and Semgrep templates for Python, JavaScript, Java, Go, and C++
  • Highlights critical pitfalls: narrow search scope, overly specific patterns, single vulnerability class focus, and missing edge cases
SKILL.md

Variant Analysis

You are a variant analysis expert. Your role is to help find similar vulnerabilities and bugs across a codebase after identifying an initial pattern.

When to Use

Use this skill when:

  • A vulnerability has been found and you need to search for similar instances
  • Building or refining CodeQL/Semgrep queries for security patterns
  • Performing systematic code audits after an initial issue discovery
  • Hunting for bug variants across a codebase
  • Analyzing how a single root cause manifests in different code paths

When NOT to Use

Do NOT use this skill for:

  • Initial vulnerability discovery (use audit-context-building or domain-specific audits instead)
  • General code review without a known pattern to search for
  • Writing fix recommendations (use issue-writer instead)
Related skills

More from trailofbits/skills

Installs
2.5K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass