Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows
Trail of Bits Skills is a Claude Code plugin marketplace that packages the security firm's internal research tooling as installable Claude Code plugins, browsable via `/plugin menu` and installable with a single `/plugin marketplace add trailofbits/skills` command. The collection spans roughly 30 plugins across six categories: smart contract security (covering six blockchains with tools like `building-secure-contracts` and `entry-point-analyzer`), code auditing (including `c-review` with clustered parallel workers and SARIF output, `burpsuite-project-parser`, and `semgrep-rule-creator`), malware analysis (YARA rule authoring with atom analysis), formal verification (`constant-time-analysis` for cryptographic timing side-channels, `zeroize-audit` for Rust and C/C++), reverse engineering (`dwarf-expert` for DWARF debug format navigation), and mobile security (`firebase-apk-scanner` for Android APKs). The marketplace is also compatible with OpenAI Codex via its native plugin marketplace support. Primary beneficiaries are professional security auditors, penetration testers, and blockchain security researchers who want Claude Code to augment static analysis, differential review, and audit context-building workflows with Trail of Bits methodology baked in.
- ✓License: CC-BY-SA-4.0
- ✓Actively maintained (<30d)
- ✓Healthy fork ratio
- ✓Clear description
- ✓Documented (README)
/plugin marketplace add trailofbits/skills
/plugin install skills24 items in this repository
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.
Clarify requirements before implementing. Use when serious doubts arise.
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.
Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.
Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.
Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence. 25 core + 16 IBC + 10 EVM + 3 CosmWasm patterns. Use when auditing custom x/ modules, reviewing IBC integrations, or assessing pre-launch chain security. Updated for SDK v0.53.x.
Smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations.
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing. Use when auditing Solana/Anchor programs.
Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets.
Token integration and implementation analyzer based on Trail of Bits' token integration checklist. Analyzes token implementations for ERC20/ERC721 conformity, checks for 20+ weird token patterns, assesses contract composition and owner privileges, performs on-chain scarcity analysis, and evaluates how protocols handle non-standard tokens. Context-aware for both token implementations and token integrations.
Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Use when auditing FunC contracts.
Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy history or site map data, or analyzing HTTP traffic captured in a Burp project.
Performs comprehensive C/C++ security review for memory corruption, integer overflows, race conditions, and platform-specific vulnerabilities. Use when auditing native C/C++ applications, reviewing daemons or services for memory safety, or hunting integer overflow / use-after-free / race conditions in userspace code.
Diagnose and fix Claude in Chrome MCP extension connectivity issues. Use when mcp__claude-in-chrome__* tools fail, return "Browser extension is not connected", or behave erratically.
Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.
Interprets Culture Index (CI) surveys, behavioral profiles, and personality assessment data. Supports individual profile interpretation, team composition analysis (gas/brake/glue), burnout detection, profile comparison, hiring profiles, manager coaching, interview transcript analysis for trait prediction, candidate debrief, onboarding planning, and conflict mediation. Accepts extracted JSON or PDF input via OpenCV extraction script.
Creates devcontainers with Claude Code, language-specific tooling (Python/Node/Rust/Go), and persistent volumes. Use when adding devcontainer support to a project, setting up isolated development environments, or configuring sandboxed Claude Code workspaces.
Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol, offchain code, or other blockchain-related codebase with arithmetic. Prevents dimensional mismatches and catches formula bugs early.
Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information, interacting with DWARF files, answering DWARF-related questions, or working with code that parses DWARF data.
Plugins overview
# Trail of Bits Skills Marketplace A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows. Codex can load this marketplace through its Claude marketplace compatibility. > Also see: [claude-code-config](https://github.com/trailofbits/claude-code-config) · [skills-curated](https://github.com/trailofbits/skills-curated) · [claude-code-devcontainer](https://github.com/trailofbits/claude-code-devcontainer) · [dropkit](https://github.com/trailofbits/dropkit) ## Installation ### Claude Code Marketplace ``` /plugin marketplace add trailofbits/skills ``` ### Browse and Install Plugins ``` /plugin menu ``` ### Codex Codex supports Claude plugin marketplaces directly, so this repository does not need Codex-specific sidecar metadata. Install the marketplace with: ```sh codex plugin marketplace add trailofbits/skills codex plugin list codex plugin add <plugin-name>@trailofbits ``` ### Local Development To add the marketplace locally (e.g., for testing or development), navigate to the **parent directory** of this repository: ``` cd /path/to/parent # e.g., if repo is at ~/projects/skills, be in ~/projects /plugins marketplace add ./skills ``` ## Available Plugins ### Smart Contract Security | Plugin | Description | |--------|-------------| | [building-secure-contracts](plugins/building-secure-contracts/) | Smart contract security toolkit with vulnerability scanners for 6 blockchains | | [entry-point-analyzer](plugins/entry-point-analyzer/) | Identify state-changing entry points in smart contracts for security auditing | ### Code Auditing | Plugin | Description | |--------|-------------| | [agentic-actions-auditor](plugins/agentic-actions-auditor/) | Audit GitHub Actions workflows for AI agent security vulnerabilities | | [audit-context-building](plugins/audit-context-building/) | Build deep architectural context through ultra-granular code analysis | | [burpsuite-project-parser](plugins/burpsuite-project-parser/) | Search and extract data from Burp Suite project files | | [c-review](plugins/c-review/) | Comprehensive C/C++ security review with clustered parallel workers and SARIF output | | [differential-review](plugins/differential-review/) | Security-focused differential review of code changes with git history analysis | | [dimensional-analysis](plugins/dimensional-analysis/) | Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs | | [fp-check](plugins/fp-check/) | Systematic false positive verification for security bug analysis with mandatory gate reviews | | [insecure-defaults](plugins/insecure-defaults/) | Detect insecure default configurations, hardcoded credentials, and fail-open security patterns | | [semgrep-rule-creator](plugins/semgrep-rule-creator/) | Create and refine Semgrep rules for custom vulnerability detection | | [semgrep-rule-variant-creator](plugins/semgrep-rule-variant-creator/) | Port existing Semgrep rules to new target languages with test-driven validation | | [sharp-edges](plugins/sharp-edges/) | Identify error-prone APIs, dangerous configurations, and footgun designs | | [static-analysis](plugins/static-analysis/) | Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing | | [supply-chain-risk-auditor](plugins/supply-chain-risk-auditor/) | Audit supply-chain threat landscape of project dependencies | | [testing-handbook-skills](plugins/testing-handbook-skills/) | Skills from the [Testing Handbook](https://appsec.guide): fuzzers, static analysis, sanitizers, coverage | | [trailmark](plugins/trailmark/) | Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification | | [variant-analysis](plugins/variant-analysis/) | Find similar vulnerabilities across codebases using pattern-based analysis | ### Malware Analysis | Plugin | Description | |--------|-------------| | [yara-authoring](plugins/yara-authoring/) | YARA detection rule authoring with linting, atom analysis, and best practices | ### Verification | Plugin | Description | |--------|-------------| | [constant-time-analysis](plugins/constant-time-analysis/) | Detect compiler-induced timing side-channels in cryptographic code | | [mutation-testing](plugins/mutation-testing/) | Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs | | [property-based-testing](plugins/property-based-testing/) | Property-based testing guidance for multiple languages and smart contracts | | [spec-to-code-compliance](plugins/spec-to-code-compliance/) | Specification-to-code compliance checker for blockchain audits | | [zeroize-audit](plugins/zeroize-audit/) | Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust | ### Reverse Engineering | Plugin | Description | |--------|-------------| | [dwarf-expert](plugins/dwarf-expert/) | Interact with and understand the DWARF debugging format | ### Mobile Security | Plugin | Description | |--------|-------------| | [firebase-apk-scanner](plugins/firebase-apk-scanner/) | Scan Android APKs for Firebase security misconfigurations | ### Development | Plugin | Description | |--------|-------------| | [ask-questions-if-underspecified](plugins/ask-questions-if-underspecified/) | Clarify requirements before implementing | | [devcontainer-setup](plugins/devcontainer-setup/) | Create pre-configured devcontainers with Claude Code and language-specific tooling | | [gh-cli](plugins/gh-cli/) | Intercept GitHub URL fetches and redirect to the authenticated `gh` CLI | | [git-cleanup](plugins/git-cleanup/) | Safely clean up git worktrees and local branches with gated confirmation workflow | | [let-fate-decide](plugins/let-fate-decide/) | Draw Tarot cards using cryptographic randomness to add entropy to vague planning | | [modern-python](plugins/modern-python/) | Modern Python tooling and best practices with uv, ruff, and pytest | | [seatbelt-sandboxer](plugins/seatbelt-sandboxer/) | Generate minimal macOS Seatbelt sandbox configurations | | [second-opinion](plugins/second-opinion/) | Run code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on changes, diffs, or commits. Bundles Codex's built-in MCP server. | | [skill-improver](plugins/skill-improver/) | Iterative skill refinement loop using automated fix-review cycles | | [workflow-skill-design](plugins/workflow-skill-design/) | Design patterns for workflow-based Claude Code skills with review agent | ### Team Management | Plugin | Description | |--------|-------------| | [culture-index](plugins/culture-index/) | Interpret Culture Index survey results for individuals and teams | ### Tooling | Plugin | Description | |--------|-------------| | [claude-in-chrome-troubleshooting](plugins/claude-in-chrome-troubleshooting/) | Diagnose and fix Claude in Chrome MCP extension connectivity issues | ### Infrastructure | Plugin | Description | |--------|-------------| | [debug-buttercup](plugins/debug-buttercup/) | Debug [Buttercup](https://github.com/trailofbits/buttercup) Kubernetes deployments | ## Trophy Case Bugs discovered using Trail of Bits Skills. Found something? [Let us know!](https://github.com/trailofbits/skills/issues/new?template=trophy-case.yml) When reporting bugs you've found, feel free to mention: > Found using [Trail of Bits Skills](https://github.com/trailofbits/skills) | Skill | Bug | |-------|-----| | constant-time-analysis | [Timing side-channel in ML-DSA signing](https://github.com/RustCrypto/signatures/pull/1144) | ## Contributing We welcome contributions! Please see [CLAUDE.md](CLAUDE.md) for skill authoring guidelines. ## License This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-sa/4.0/). Made by [Trail of Bits](https://www.trailofbits.com/).
What people ask about skills
What is trailofbits/skills?
+
trailofbits/skills is plugins for the Claude AI ecosystem. Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows It has 5.7k GitHub stars and was last updated yesterday.
How do I install skills?
+
You can install skills by cloning the repository (https://github.com/trailofbits/skills) or following the README instructions on GitHub. ClaudeWave also provides quick install blocks on this page.
Is trailofbits/skills safe to use?
+
Our security agent has analyzed trailofbits/skills and assigned a Trust Score of 90/100 (tier: Verified). See the full breakdown of passed checks and flags on this page.
Who maintains trailofbits/skills?
+
trailofbits/skills is maintained by trailofbits. The last recorded GitHub activity is from yesterday, with 30 open issues.
Are there alternatives to skills?
+
Yes. On ClaudeWave you can browse similar plugins at /categories/plugins, sorted by popularity or recent activity.
Deploy skills to your cloud
Ship this repo to production in minutes. Each platform spins up its own environment with editable env vars.
Maintain this repo? Add a badge to your README
Drop the badge into your GitHub README to show it's tracked on ClaudeWave. Each badge links back to this page and reflects the live Trust Score.
[](https://claudewave.com/repo/trailofbits-skills)<a href="https://claudewave.com/repo/trailofbits-skills"><img src="https://claudewave.com/api/badge/trailofbits-skills" alt="Featured on ClaudeWave: trailofbits/skills" width="320" height="64" /></a>More Plugins
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.
Academic Research Skills for Claude Code: research → write → review → revise → finalize
A Claude Code plugin that shows what's happening - context usage, active tools, running agents, and todo progress
Create beautiful slides on the web using a coding agent's frontend skills
PM Skills Marketplace: 100+ agentic skills, commands, and plugins — from discovery to strategy, execution, launch, and growth.
A 100% free modern JS SaaS boilerplate (React, NodeJS, Prisma). Full-featured: Auth (email, google, github, slack, MS), Email sending, Background jobs, Landing page, Payments (Stripe, Polar.sh), Shadcn UI, S3 file upload. AI-ready with tailored AGENTS.md, skills, and Claude Code plugin. One cmd deploy. Powered by Wasp full-stack framework.