spec-to-code-compliance

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.

16 stars

byplurigrid

View on GitHub Installation ↓

Best use case

spec-to-code-compliance is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using spec-to-code-compliance should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/spec-to-code-compliance/SKILL.md --create-dirs "https://raw.githubusercontent.com/plurigrid/asi/main/plugins/asi/skills/spec-to-code-compliance/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/spec-to-code-compliance/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How spec-to-code-compliance Compares

Feature / Agent	spec-to-code-compliance	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Spec To Code Compliance Skill

**Trit**: -1 (MINUS)
**Category**: spec-to-code-compliance
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis

Related Skills

tizen-security-compliance

from plurigrid/asi

Maps security requirements to implementation. Coordinates compliance against FIPS 140-3, OCF, CommonCriteria, and Tizen specification.

tizen-compliance-checker

from plurigrid/asi

Validates Tizen app compliance with TCT (Tizen Compliance Tests). Checks conformance to IoT, TV, or mobile profiles.

spectral-locale-debugging

from plurigrid/asi

Debug and simulate ghostly phenomena using ordered locale theory and trifurcated interactions

specter-acset

from plurigrid/asi

Specter-style bidirectional navigation for Julia Collections, S-expressions, and ACSets with inline caching

skill-specification

from plurigrid/asi

Agent Skills formal specification for cross-platform compatibility. Ensures skills are evolutionarily robust across Claude, Codex, Cursor, Amp, and future agents.

performing-ssl-tls-inspection-configuration

from plurigrid/asi

Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for threat detection while managing certificates, exemptions, and privacy compliance.

performing-graphql-introspection-attack

from plurigrid/asi

Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.

mcp-spec-checker

from plurigrid/asi

Predicate-level semantic diff for MCP protocol specs. Compares 0618 vs 1125 specs via Narya types, GF(3) evaluators, and Unison-style effects. Use for protocol verification, spec migration, or detecting breaking changes.

implementing-pci-dss-compliance-controls

from plurigrid/asi

PCI DSS 4.0.1 establishes 12 requirements across 6 control objectives for organizations that store, process, or transmit cardholder data. With PCI DSS 3.2.1 retiring April 2024 and 51 new requirements

implementing-nerc-cip-compliance-controls

from plurigrid/asi

This skill covers implementing North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance controls for Bulk Electric System (BES) cyber systems. It addresses asset categorization (CIP-002), electronic security perimeters (CIP-005), system security management (CIP-007), configuration management (CIP-010), supply chain risk management (CIP-013), and the 2025 updates including mandatory MFA for remote access and expanded low-impact asset requirements.

implementing-aws-security-hub-compliance

from plurigrid/asi

Implementing AWS Security Hub to aggregate security findings across AWS accounts, enable compliance standards like CIS AWS Foundations and PCI DSS, configure automated remediation with EventBridge and Lambda, and create custom security insights for organizational risk management.

implementing-aws-config-rules-for-compliance

from plurigrid/asi

Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom rules aligned to CIS and PCI DSS frameworks, configuring automatic remediation with SSM Automation, and aggregating compliance data across accounts.