{"id":40699397,"url":"https://github.com/trailofbits/skills","last_synced_at":"2026-01-21T13:01:11.038Z","repository":{"id":332656097,"uuid":"1134447175","full_name":"trailofbits/skills","owner":"trailofbits","description":"Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows","archived":false,"fork":false,"pushed_at":"2026-01-15T02:00:48.000Z","size":645,"stargazers_count":210,"open_issues_count":1,"forks_count":11,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-15T02:13:05.158Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-14T18:23:21.000Z","updated_at":"2026-01-15T02:12:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/trailofbits/skills","commit_stats":null,"previous_names":["trailofbits/skills"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/trailofbits/skills","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/skills/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fskills/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28633747,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T04:47:28.174Z","status":"ssl_error","status_checked_at":"2026-01-21T04:47:22.943Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-21T12:00:24.035Z","updated_at":"2026-01-21T13:01:11.032Z","avatar_url":"https://github.com/trailofbits.png","language":"Python","readme":"# Trail of Bits Skills Marketplace\n\nA Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.\n\n## Installation\n\n### Add the Marketplace\n\n```\n/plugin marketplace add trailofbits/skills\n```\n\n### Browse and Install Plugins\n\n```\n/plugin menu\n```\n\n### Local Development\n\nTo add the marketplace locally (e.g., for testing or development), navigate to the **parent directory** of this repository:\n\n```\ncd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects\n/plugins marketplace add ./skills\n```\n\n## Available Plugins\n\n### Smart Contract Security\n\n| Plugin | Description |\n|--------|-------------|\n| [building-secure-contracts](plugins/building-secure-contracts/) | Smart contract security toolkit with vulnerability scanners for 6 blockchains |\n| [entry-point-analyzer](plugins/entry-point-analyzer/) | Identify state-changing entry points in smart contracts for security auditing |\n\n### Code Auditing\n\n| Plugin | Description |\n|--------|-------------|\n| [audit-context-building](plugins/audit-context-building/) | Build deep architectural context through ultra-granular code analysis |\n| [burpsuite-project-parser](plugins/burpsuite-project-parser/) | Search and extract data from Burp Suite project files |\n| [differential-review](plugins/differential-review/) | Security-focused differential review of code changes with git history analysis |\n| [semgrep-rule-creator](plugins/semgrep-rule-creator/) | Create and refine Semgrep rules for custom vulnerability detection |\n| [semgrep-rule-variant-creator](plugins/semgrep-rule-variant-creator/) | Port existing Semgrep rules to new target languages with test-driven validation |\n| [sharp-edges](plugins/sharp-edges/) | Identify error-prone APIs, dangerous configurations, and footgun designs |\n| [static-analysis](plugins/static-analysis/) | Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing |\n| [testing-handbook-skills](plugins/testing-handbook-skills/) | Skills from the [Testing Handbook](https://appsec.guide): fuzzers, static analysis, sanitizers, coverage |\n| [variant-analysis](plugins/variant-analysis/) | Find similar vulnerabilities across codebases using pattern-based analysis |\n\n### Verification\n\n| Plugin | Description |\n|--------|-------------|\n| [constant-time-analysis](plugins/constant-time-analysis/) | Detect compiler-induced timing side-channels in cryptographic code |\n| [property-based-testing](plugins/property-based-testing/) | Property-based testing guidance for multiple languages and smart contracts |\n| [spec-to-code-compliance](plugins/spec-to-code-compliance/) | Specification-to-code compliance checker for blockchain audits |\n\n### Audit Lifecycle\n\n| Plugin | Description |\n|--------|-------------|\n| [fix-review](plugins/fix-review/) | Verify fix commits address audit findings without introducing bugs |\n\n### Reverse Engineering\n\n| Plugin | Description |\n|--------|-------------|\n| [dwarf-expert](plugins/dwarf-expert/) | Interact with and understand the DWARF debugging format |\n\n### Mobile Security\n\n| Plugin | Description |\n|--------|-------------|\n| [firebase-apk-scanner](plugins/firebase-apk-scanner/) | Scan Android APKs for Firebase security misconfigurations |\n\n### Development\n\n| Plugin | Description |\n|--------|-------------|\n| [ask-questions-if-underspecified](plugins/ask-questions-if-underspecified/) | Clarify requirements before implementing |\n\n### Team Management\n\n| Plugin | Description |\n|--------|-------------|\n| [culture-index](plugins/culture-index/) | Interpret Culture Index survey results for individuals and teams |\n\n## Trophy Case\n\nBugs discovered using Trail of Bits Skills. Found something? [Let us know!](https://github.com/trailofbits/skills/issues/new?template=trophy-case.yml)\n\nWhen reporting bugs you've found, feel free to mention:\n\u003e Found using [Trail of Bits Skills](https://github.com/trailofbits/skills)\n\n| Skill | Bug |\n|-------|-----|\n| constant-time-analysis | [Timing side-channel in ECDSA verification](https://github.com/RustCrypto/signatures/pull/1144) |\n\n## Contributing\n\nWe welcome contributions! Please see [CLAUDE.md](CLAUDE.md) for skill authoring guidelines.\n\n## License\n\nThis work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-sa/4.0/).\n\n## About Trail of Bits\n\n[Trail of Bits](https://www.trailofbits.com/) is a security research and consulting firm.\n","funding_links":[],"categories":["🌟 Community Skills","🛡 Security \u0026 Web Testing","🧠 Claude Skills","Python","Agent Skills 🤖","Agentic AI Security Skills","Skills \u0026 Plugins","Security \u0026 Auditing","AI and Agents"],"sub_categories":["Individual Skills","General","Data \u0026 Supply Chain Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fskills","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fskills","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fskills/lists"}