variant-analysis

The variant-analysis skill acts as an expert assistant for identifying recurring security vulnerabilities and bugs within a project. Once an initial issue is discovered, this tool guides the analyst through a structured process to generalize the vulnerability pattern, ensuring that developers catch not just the symptoms, but the root cause across all affected modules. It is designed for security engineers, auditors, and developers performing systematic code reviews or responding to vulnerability reports.

• Perform pattern-based vulnerability discovery by iteratively generalizing specific instances of known flaws.

• Support for multiple analysis engines including ripgrep for fast surface scans, Semgrep for pattern matching, and CodeQL for complex interprocedural data flow tracking.

• Implementation of a rigorous five-step process: understanding root causes, creating initial exact matches, identifying abstraction points, iterative generalization, and triage of results.

• Comprehensive coverage for various vulnerability classes, including logic errors, injection flaws, and authorization bypasses.

• Always start with an exact match to ensure the pattern is correct before generalizing to avoid overwhelming false positives.

• Stop generalization when the false positive rate exceeds 50% to maintain high-signal analysis.

• The tool is not intended for initial discovery; use audit-context-building for architectural reconnaissance first.

• Recommended inputs include specific vulnerable code snippets or identified bug reports; outputs consist of a triaged list of similar locations requiring investigation, categorized by confidence and exploitability.

• Leverages built-in resource templates for CodeQL and Semgrep in various languages such as Python, JavaScript, Java, Go, and C++ to accelerate the search process.