This is for hunting security vulnerabilities and their variants across your codebase. It combines two approaches: finding "sharp edges" like dangerous APIs, insecure defaults, and footgun patterns (think strcpy, pickle.loads, or hardcoded crypto), then doing variant analysis to find similar bugs once you've spotted one. You get checklists for common vulnerability classes, language-specific gotchas for JavaScript, Python, Rust, and Solidity, plus grep patterns and Semgrep examples to systematically search for problems. Useful during security audits, pre-audit reconnaissance, or when you need to check if that SQL injection you found has cousins elsewhere. The approach is clearly inspired by Trail of Bits methodology, and it shows in the structured hunting process.
npx skills add https://github.com/sendaifun/skills --skill vulnhunter