Summary
Trail of Bits built this to handle the specific workflow of verifying that security fixes actually address audit findings without breaking anything else. You point it at a fix branch and an audit report, and it does differential analysis to confirm the remediation. The key use case is checking whether commits properly resolve findings in that TOB-XXX format Trail of Bits uses in their audits. It's narrow in scope but solves a real pain point: you don't want to mark a security issue as fixed only to discover later the patch was incomplete or introduced a regression. Not for initial audits or general code review, just the fix verification step.
Install
npx skills add https://github.com/trailofbits/skills --skill fix-review
