trailofbits/skills

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Runs Semgrep static analysis for security vulnerability detection and code quality enforcement, from the Trail of Bits Skills Marketplace for AI-assisted security workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Supply chain risk auditor skill from Trail of Bits for analyzing dependency trees, detecting vulnerable packages, and auditing software supply chain security.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Trail of Bits plugin that performs systematic false positive verification for security bug analysis, using mandatory gate reviews to ensure only valid security findings are reported.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Agentic actions auditor skill from Trail of Bits for auditing AI agent actions, ensuring safety and detecting potentially harmful behaviors.

Parses SARIF (Static Analysis Results Interchange Format) files to process outputs from security scanners like CodeQL, Semgrep, and other static analysis tools

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Identifies and resolves common obstacles in software fuzzing campaigns, improving coverage and vulnerability detection with advanced strategies

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Generates fuzzing test harnesses for security testing, from the Trail of Bits Skills Marketplace for AI-assisted security analysis and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Generates comprehensive software testing handbooks covering test cases, scenarios, and best practices for development and QA teams

Scans Cosmos blockchain smart contracts for security vulnerabilities using static analysis and security best practice checks

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Tests cryptographic code for timing vulnerabilities that could expose sensitive data through execution time variations

Scans Algorand blockchain smart contracts for security vulnerabilities and provides detailed remediation insights

Interprets Culture Index assessment results to provide insights on team dynamics, work patterns, and leadership style compatibility

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Provides LibFuzzer patterns for coverage-guided fuzzing of C/C++ libraries, including harness writing, corpus management, and crash analysis

Integrates projects with Google OSS-Fuzz for continuous fuzzing of open source software, covering configuration and integration best practices

Scans Substrate blockchain runtime code for security vulnerabilities with static analysis and detailed security reporting

Tests cryptographic implementations against Google Wycheproof test vectors to identify weaknesses in crypto libraries and protocols

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Scans TON blockchain smart contracts for security vulnerabilities using static analysis techniques

Provides Atheris patterns for Python fuzzing using LibFuzzer-based coverage-guided testing to discover bugs and vulnerabilities

Scans Cairo smart contracts on Starknet for security vulnerabilities with automated static analysis and detailed reporting

Provides AFL++ patterns for advanced coverage-guided fuzzing including custom mutators, persistent mode, and crash deduplication

Provides LibAFL patterns for building custom fuzzers in Rust with coverage-guided feedback, hybrid fuzzing, and multi-architecture support

Provides Ruzzy patterns for Ruby fuzzing with coverage-guided testing to discover vulnerabilities in Ruby C extensions

A Trail of Bits Claude Code plugin that intercepts GitHub URL fetches and redirects them to the authenticated gh CLI for seamless, credential-aware GitHub access.

Assists security researchers in creating, refining, and validating YARA rules for malware detection and threat hunting.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Skill improver from Trail of Bits for analyzing and enhancing existing Claude Code skills with better structure and coverage.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Let-fate-decide skill from Trail of Bits for randomized decision-making in testing and fuzzing workflows.

Security audit skill from Trail of Bits for detecting improper or missing zeroization of sensitive data in memory, focusing on cryptographic key cleanup and secure memory handling.

Seatbelt sandboxer skill from Trail of Bits for implementing macOS Seatbelt sandbox profiles to contain application behavior.

Security skill from Trail of Bits that annotates codebases with dimensional analysis comments to detect unit mismatches and formula bugs.

Generate Mermaid diagrams from Trailmark code graphs — call graphs, class hierarchies, module dependency maps, containment diagrams, complexity heatmaps, and attack-surface data-flow visualizations.

Configure mewt or muton mutation-testing campaigns — scope targets, tune timeouts, and optimize long-running runs. mewt targets general-purpose languages (Rust, Solidity, Go, TS, JS) while muton targets TON smart contracts (Tact, Tolk, FunC).

Project SARIF static-analysis findings and weAudit annotations onto Trailmark code graphs — map findings to nodes by file/line overlap and create severity-based subgraphs for context-aware review.

Compares Trailmark code graphs at two source snapshots (commits, tags, or directories) and surfaces security-relevant structural changes — new attack paths, blast radius growth, taint propagation shifts, and privilege boundary changes that text diffs miss. Designed for pre-release audits and differential security review over a range of commits.

Build and query multi-language source-code graphs for security analysis — covers blast radius, taint propagation, privilege boundaries, and entry-point enumeration. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.

Run a quick `trailmark analyze --summary` pass on a codebase — returns language detection, entry-point counts, and dependency graph shape for fast structural orientation before deeper analysis.

Extract protocol message flow from source code, RFCs, papers, pseudocode, informal prose, or ProVerif/Tamarin models and produce Mermaid sequenceDiagrams with cryptographic annotations — TLS, Noise, Signal, X3DH, Double Ratchet, FROST, DH, ECDH.

Runs full trailmark structural analysis with all four pre-analysis passes — blast radius, taint propagation, privilege boundaries, and complexity hotspots — for detailed audit prioritization data. Meant for when vivisect Phase 1 needs cross-referenced structural context, not quick summaries.

Translates Mermaid sequenceDiagrams of cryptographic protocols into ProVerif (.pv) formal verification models to check properties like secrecy, authentication, forward secrecy, and replay resistance. Takes annotated message flows (Sign, Verify, DH, HKDF, Enc, Dec) and emits a model ready to pass to the ProVerif verifier.

Uses mutation testing to find gaps in cryptographic test vector coverage, then generates new vectors that specifically exercise the escaped mutants. Compares before/after mutation kill rates to prove the new vectors actually improve coverage — useful for building Wycheproof-style cross-implementation test suites.

Graph-informed triage for mutation testing and necessist runs — combines survived mutants and unnecessary test statements with Trailmark call graph data to separate false positives, missing unit test targets, and fuzzing targets. Supports mutation frameworks including circomvent and cairo-mutants.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Trail of Bits code-auditing plugin that detects insecure default configurations, hardcoded credentials, and fail-open security patterns during AI-assisted security review.

Trail of Bits code-auditing plugin that searches and extracts data from Burp Suite project files for AI-assisted security analysis.

Trail of Bits code-auditing plugin that creates and refines Semgrep rules for custom vulnerability detection.

Trail of Bits verification plugin that detects compiler-induced timing side-channels in cryptographic code — credited with finding a timing side-channel in ML-DSA signing (RustCrypto).

Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI. Includes gh CLI usage guidance.

Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills

YARA-X detection rule authoring with linting and quality analysis

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

Security-focused differential review of code changes with git history analysis and blast radius estimation

Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes

Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection

Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation

Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis

Debug Buttercup Kubernetes deployments

Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework. Includes vulnerability scanners for 6 blockchains and 5 development guideline assistants.

Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.

Property-based testing guidance for multiple languages and smart contracts

Build deep architectural context through ultra-granular code analysis before vulnerability hunting

Plugin

Runs code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits. Bundles codex-mcp-server for direct MCP tool access to Codex.

Modern Python best practices. Use when creating new Python projects, and writing Python scripts, or migrating existing projects from legacy tools.

Diagnose and fix Claude in Chrome MCP extension connectivity issues

Clarify ambiguous requirements by asking questions before implementing. Only when invoked explicitly.

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level, and generates structured audit reports.

Interact with and understand the DWARF debugging format

Find similar vulnerabilities and bugs across codebases using pattern-based analysis

Create pre-configured devcontainers with Claude Code and language-specific tooling

Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work.

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.