Trail of Bits Releases Claude Plugin for Dimensional Analysis, Achieving 93% Recall in Audits
Trail of Bits has released a new Claude plugin that uses dimensional analysis to mechanically detect type mismatches in codebases, achieving 93% recall in testing against real audit findings.
Trail of Bits has released a new Claude plugin for dimensional analysis, a technique that annotates codebases with dimensional types to mechanically detect mismatches. Unlike typical LLM-based security tools that ask the model to hunt for bugs directly, this plugin uses the LLM as a vocabulary-building and categorization engine. In testing against real audit findings, the plugin achieved a 93% recall rate with a standard deviation of 12%, compared to a baseline prompt that achieved only 50% recall with a standard deviation of 20%. The plugin is available via the Claude Code plugin marketplace.
The plugin operates in four phases: dimension discovery, dimension annotation, dimension propagation, and dimension validation. In the first phase, a subagent identifies a vocabulary of fundamental base units that every numerical term in the system is composed of, along with common derived units. This vocabulary is persisted to a DIMENSIONAL_UNITS.md file that can be reused by other agents or committed as part of the software development lifecycle. In the second phase, multiple subagents annotate the codebase with these dimensional types, marking state variables, function arguments, variable declarations, and complex arithmetic expressions.
During the third phase, dimensions are propagated across files to callers and callees, adding annotations to low-priority files and performing initial consistency checks. The system attempts to repair over-generalized annotations and flags any that cannot be resolved for triage. In the final phase, the plugin discovers mismatches during assignment, arithmetic, function boundaries, return paths, and external calls. Each mismatch is assigned a severity classification, and a final report is returned to the user.
The approach differs fundamentally from most security analysis skills, which rely on LLM judgment to search for, identify, and rank vulnerabilities. Trail of Bits argues that these approaches often produce low-quality results with poor precision, recall, and determinism. By using the LLM for annotation rather than direct bug hunting, the dimensional analysis plugin changes how the model's reasoning capability is applied, yielding more consistent and accurate results.
Trail of Bits recommends the plugin for developers working on arithmetic-heavy projects such as smart contracts or blockchain nodes. Beyond finding bugs, the annotations can improve understanding of complex codebases and help both humans and LLMs grasp the semantic meaning of arithmetic expressions. The plugin is available now and can be installed with the commands: `claude plugin marketplace add trailofbits/skills` and `claude plugin install dimensional-analysis@trailofbits`.