Fp Check banner
Trail of Bits Trail of Bits

Fp Check

Security community Advanced
SOURCE https://github.com/trailofbits/skills/tree/main/plugins/fp-check

Description

A Claude Code plugin that enforces systematic false positive verification when verifying suspected security bugs.

Installation

Terminal
claude install-skill https://github.com/trailofbits/skills/tree/main/plugins/fp-check

README

fp-check

A Claude Code plugin that enforces systematic false positive verification when verifying suspected security bugs.

Overview

When Claude is asked to verify suspected security bugs, this plugin activates a rigorous per-bug verification process. Bugs are routed through one of two paths:

    undefined

Both paths end with six mandatory gate reviews. Each bug receives a **TRUE POSITIVE** or **FALSE POSITIVE** verdict with documented evidence.

Installation

/plugin install fp-check

Components

Skills

Skill Description
fp-check Systematic false positive verification for security bug analysis

Agents

Agent Phases Description
data-flow-analyzer 1.1–1.4 Traces data flow from source to sink, maps trust boundaries, checks API contracts and environment protections
exploitability-verifier 2.1–2.4 Proves attacker control, creates mathematical bounds proofs, assesses race condition feasibility
poc-builder 4.1–4.5 Creates pseudocode, executable, unit test, and negative PoCs

Hooks

Hook Event Purpose
Verification completeness Stop Blocks the agent from stopping until all bugs have completed all 5 phases, gate reviews, and verdicts
Agent output completeness SubagentStop Blocks agents from stopping until they produce complete structured output for their assigned phases

Reference Files

File Purpose

...

Related Skills

Defense in Depth preview

Defense in Depth

Implement multi-layered testing and security best practices.

obra Security community
SecLists Official Repository preview

SecLists Official Repository

[OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)

danielmiessler Security community
Threat Hunting with Sigma Rules preview

Threat Hunting with Sigma Rules

Use Sigma detection rules to hunt for threats and analyze security events

jthack Security community
Maintenance Walkthrough - 2026-03-29 preview

Maintenance Walkthrough - 2026-03-29

- Re-triaged the full 2026-03-15 security finding set against current `main` and wrote a fresh current-head report in `docs/maintainers/security-findings-triage-2026-03-29-refresh.md`. - Added a match

sickn33 Security community
Google Workspace Model Armor preview

Google Workspace Model Armor

Filter user-generated content for safety

Google Workspace Security community
Google Workspace Alert Center preview

Google Workspace Alert Center

Manage security alerts

Google Workspace Security community

Related Agents

Accessibility Audit

| You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive tec... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

wcag-audit-patterns

| Comprehensive guide to auditing web content against WCAG 2.2 guidelines with actionable remediation... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

Deps Audit

| You are a dependency security expert specializing in vulnerability scanning, license compliance, and... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent