{"id":40699397,"url":"https://github.com/trailofbits/skills","last_synced_at":"2026-06-27T11:02:35.438Z","repository":{"id":332656097,"uuid":"1134447175","full_name":"trailofbits/skills","owner":"trailofbits","description":"Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows","archived":false,"fork":false,"pushed_at":"2026-06-15T16:05:05.000Z","size":1553,"stargazers_count":5756,"open_issues_count":29,"forks_count":504,"subscribers_count":64,"default_branch":"main","last_synced_at":"2026-06-18T08:34:49.196Z","etag":null,"topics":["agent-skills"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-01-14T18:23:21.000Z","updated_at":"2026-06-18T07:48:33.000Z","dependencies_parsed_at":"2026-05-08T19:03:18.239Z","dependency_job_id":null,"html_url":"https://github.com/trailofbits/skills","commit_stats":null,"previous_names":["trailofbits/skills"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/trailofbits/skills","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/skills/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34850575,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-skills"],"created_at":"2026-01-21T12:00:24.035Z","updated_at":"2026-06-27T11:02:35.424Z","avatar_url":"https://github.com/trailofbits.png","language":"Python","funding_links":[],"categories":["Agent Skills 🤖","🌟 Community Skills","🛡 Security \u0026 Web Testing","🧠 Claude Skills","Python","📦 Plugins, Extensions, and Supply Chain","others","Agentic AI Security Skills","Skills \u0026 Plugins","AI \u0026 Agentic Development","Security \u0026 Compliance","Security \u0026 Auditing","AI and Agents","Productivity \u0026 Workflow","🔒 安全与逆向 (Security \u0026 Reverse Engineering)","Agent Skills","代理技能 🤖","📦 Skill Collections","Security Review Skills","⭐ 精选第三方技能"],"sub_categories":["General","Individual Skills","Claude Code Specific","Data \u0026 Supply Chain Security","Skills","Security Analysis","架构演进：代码优先 (Code-First)","通用","💻 开发效率"],"readme":"# Trail of Bits Skills Marketplace\n\nA Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows. Codex can load this marketplace through its Claude marketplace compatibility.\n\n\u003e Also see: [claude-code-config](https://github.com/trailofbits/claude-code-config) · [skills-curated](https://github.com/trailofbits/skills-curated) · [claude-code-devcontainer](https://github.com/trailofbits/claude-code-devcontainer) · [dropkit](https://github.com/trailofbits/dropkit)\n\n## Installation\n\n### Claude Code Marketplace\n\n```\n/plugin marketplace add trailofbits/skills\n```\n\n### Browse and Install Plugins\n\n```\n/plugin menu\n```\n\n### Codex\n\nCodex supports Claude plugin marketplaces directly, so this repository does not need Codex-specific sidecar metadata.\n\nInstall the marketplace with:\n\n```sh\ncodex plugin marketplace add trailofbits/skills\ncodex plugin list\ncodex plugin add \u003cplugin-name\u003e@trailofbits\n```\n\n### Local Development\n\nTo add the marketplace locally (e.g., for testing or development), navigate to the **parent directory** of this repository:\n\n```\ncd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects\n/plugins marketplace add ./skills\n```\n\n## Available Plugins\n\n### Smart Contract Security\n\n| Plugin | Description |\n|--------|-------------|\n| [building-secure-contracts](plugins/building-secure-contracts/) | Smart contract security toolkit with vulnerability scanners for 6 blockchains |\n| [entry-point-analyzer](plugins/entry-point-analyzer/) | Identify state-changing entry points in smart contracts for security auditing |\n\n### Code Auditing\n\n| Plugin | Description |\n|--------|-------------|\n| [agentic-actions-auditor](plugins/agentic-actions-auditor/) | Audit GitHub Actions workflows for AI agent security vulnerabilities |\n| [audit-context-building](plugins/audit-context-building/) | Build deep architectural context through ultra-granular code analysis |\n| [burpsuite-project-parser](plugins/burpsuite-project-parser/) | Search and extract data from Burp Suite project files |\n| [c-review](plugins/c-review/) | Comprehensive C/C++ security review with clustered parallel workers and SARIF output |\n| [differential-review](plugins/differential-review/) | Security-focused differential review of code changes with git history analysis |\n| [dimensional-analysis](plugins/dimensional-analysis/) | Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs |\n| [fp-check](plugins/fp-check/) | Systematic false positive verification for security bug analysis with mandatory gate reviews |\n| [insecure-defaults](plugins/insecure-defaults/) | Detect insecure default configurations, hardcoded credentials, and fail-open security patterns |\n| [semgrep-rule-creator](plugins/semgrep-rule-creator/) | Create and refine Semgrep rules for custom vulnerability detection |\n| [semgrep-rule-variant-creator](plugins/semgrep-rule-variant-creator/) | Port existing Semgrep rules to new target languages with test-driven validation |\n| [sharp-edges](plugins/sharp-edges/) | Identify error-prone APIs, dangerous configurations, and footgun designs |\n| [static-analysis](plugins/static-analysis/) | Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing |\n| [supply-chain-risk-auditor](plugins/supply-chain-risk-auditor/) | Audit supply-chain threat landscape of project dependencies |\n| [testing-handbook-skills](plugins/testing-handbook-skills/) | Skills from the [Testing Handbook](https://appsec.guide): fuzzers, static analysis, sanitizers, coverage |\n| [trailmark](plugins/trailmark/) | Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification |\n| [variant-analysis](plugins/variant-analysis/) | Find similar vulnerabilities across codebases using pattern-based analysis |\n\n### Malware Analysis\n\n| Plugin | Description |\n|--------|-------------|\n| [yara-authoring](plugins/yara-authoring/) | YARA detection rule authoring with linting, atom analysis, and best practices |\n\n### Verification\n\n| Plugin | Description |\n|--------|-------------|\n| [constant-time-analysis](plugins/constant-time-analysis/) | Detect compiler-induced timing side-channels in cryptographic code |\n| [mutation-testing](plugins/mutation-testing/) | Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs |\n| [property-based-testing](plugins/property-based-testing/) | Property-based testing guidance for multiple languages and smart contracts |\n| [spec-to-code-compliance](plugins/spec-to-code-compliance/) | Specification-to-code compliance checker for blockchain audits |\n| [zeroize-audit](plugins/zeroize-audit/) | Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust |\n\n### Reverse Engineering\n\n| Plugin | Description |\n|--------|-------------|\n| [dwarf-expert](plugins/dwarf-expert/) | Interact with and understand the DWARF debugging format |\n\n### Mobile Security\n\n| Plugin | Description |\n|--------|-------------|\n| [firebase-apk-scanner](plugins/firebase-apk-scanner/) | Scan Android APKs for Firebase security misconfigurations |\n\n### Development\n\n| Plugin | Description |\n|--------|-------------|\n| [ask-questions-if-underspecified](plugins/ask-questions-if-underspecified/) | Clarify requirements before implementing |\n| [devcontainer-setup](plugins/devcontainer-setup/) | Create pre-configured devcontainers with Claude Code and language-specific tooling |\n| [gh-cli](plugins/gh-cli/) | Intercept GitHub URL fetches and redirect to the authenticated `gh` CLI |\n| [git-cleanup](plugins/git-cleanup/) | Safely clean up git worktrees and local branches with gated confirmation workflow |\n| [let-fate-decide](plugins/let-fate-decide/) | Draw Tarot cards using cryptographic randomness to add entropy to vague planning |\n| [modern-python](plugins/modern-python/) | Modern Python tooling and best practices with uv, ruff, and pytest |\n| [seatbelt-sandboxer](plugins/seatbelt-sandboxer/) | Generate minimal macOS Seatbelt sandbox configurations |\n| [second-opinion](plugins/second-opinion/) | Run code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on changes, diffs, or commits. Bundles Codex's built-in MCP server. |\n| [skill-improver](plugins/skill-improver/) | Iterative skill refinement loop using automated fix-review cycles |\n| [workflow-skill-design](plugins/workflow-skill-design/) | Design patterns for workflow-based Claude Code skills with review agent |\n\n### Team Management\n\n| Plugin | Description |\n|--------|-------------|\n| [culture-index](plugins/culture-index/) | Interpret Culture Index survey results for individuals and teams |\n\n### Tooling\n\n| Plugin | Description |\n|--------|-------------|\n| [claude-in-chrome-troubleshooting](plugins/claude-in-chrome-troubleshooting/) | Diagnose and fix Claude in Chrome MCP extension connectivity issues |\n\n### Infrastructure\n\n| Plugin | Description |\n|--------|-------------|\n| [debug-buttercup](plugins/debug-buttercup/) | Debug [Buttercup](https://github.com/trailofbits/buttercup) Kubernetes deployments |\n\n## Trophy Case\n\nBugs discovered using Trail of Bits Skills. Found something? [Let us know!](https://github.com/trailofbits/skills/issues/new?template=trophy-case.yml)\n\nWhen reporting bugs you've found, feel free to mention:\n\u003e Found using [Trail of Bits Skills](https://github.com/trailofbits/skills)\n\n| Skill | Bug |\n|-------|-----|\n| constant-time-analysis | [Timing side-channel in ML-DSA signing](https://github.com/RustCrypto/signatures/pull/1144) |\n\n## Contributing\n\nWe welcome contributions! Please see [CLAUDE.md](CLAUDE.md) for skill authoring guidelines.\n\n## License\n\nThis work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-sa/4.0/). Made by [Trail of Bits](https://www.trailofbits.com/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fskills","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fskills","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fskills/lists"}