π―Skills78
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Runs Semgrep static analysis for security vulnerability detection and code quality enforcement, from the Trail of Bits Skills Marketplace for AI-assisted security workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Supply chain risk auditor skill from Trail of Bits for analyzing dependency trees, detecting vulnerable packages, and auditing software supply chain security.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Trail of Bits plugin that performs systematic false positive verification for security bug analysis, using mandatory gate reviews to ensure only valid security findings are reported.
Agentic actions auditor skill from Trail of Bits for auditing AI agent actions, ensuring safety and detecting potentially harmful behaviors.
A Trail of Bits Claude Code plugin that intercepts GitHub URL fetches and redirects them to the authenticated gh CLI for seamless, credential-aware GitHub access.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Parses SARIF (Static Analysis Results Interchange Format) files to process outputs from security scanners like CodeQL, Semgrep, and other static analysis tools
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Identifies and resolves common obstacles in software fuzzing campaigns, improving coverage and vulnerability detection with advanced strategies
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Generates fuzzing test harnesses for security testing, from the Trail of Bits Skills Marketplace for AI-assisted security analysis and development workflows.
Scans Cosmos blockchain smart contracts for security vulnerabilities using static analysis and security best practice checks
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Generates comprehensive software testing handbooks covering test cases, scenarios, and best practices for development and QA teams
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Scans Algorand blockchain smart contracts for security vulnerabilities and provides detailed remediation insights
Tests cryptographic code for timing vulnerabilities that could expose sensitive data through execution time variations
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Provides LibFuzzer patterns for coverage-guided fuzzing of C/C++ libraries, including harness writing, corpus management, and crash analysis
Scans TON blockchain smart contracts for security vulnerabilities using static analysis techniques
Integrates projects with Google OSS-Fuzz for continuous fuzzing of open source software, covering configuration and integration best practices
Provides AFL++ patterns for advanced coverage-guided fuzzing including custom mutators, persistent mode, and crash deduplication
Interprets Culture Index assessment results to provide insights on team dynamics, work patterns, and leadership style compatibility
Provides Atheris patterns for Python fuzzing using LibFuzzer-based coverage-guided testing to discover bugs and vulnerabilities
Scans Cairo smart contracts on Starknet for security vulnerabilities with automated static analysis and detailed reporting
Scans Substrate blockchain runtime code for security vulnerabilities with static analysis and detailed security reporting
Tests cryptographic implementations against Google Wycheproof test vectors to identify weaknesses in crypto libraries and protocols
Provides LibAFL patterns for building custom fuzzers in Rust with coverage-guided feedback, hybrid fuzzing, and multi-architecture support
Provides Ruzzy patterns for Ruby fuzzing with coverage-guided testing to discover vulnerabilities in Ruby C extensions
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Assists security researchers in creating, refining, and validating YARA rules for malware detection and threat hunting.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Skill improver from Trail of Bits for analyzing and enhancing existing Claude Code skills with better structure and coverage.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Let-fate-decide skill from Trail of Bits for randomized decision-making in testing and fuzzing workflows.
Security audit skill from Trail of Bits for detecting improper or missing zeroization of sensitive data in memory, focusing on cryptographic key cleanup and secure memory handling.
Seatbelt sandboxer skill from Trail of Bits for implementing macOS Seatbelt sandbox profiles to contain application behavior.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Security skill from Trail of Bits that annotates codebases with dimensional analysis comments to detect unit mismatches and formula bugs.
Generate Mermaid diagrams from Trailmark code graphs β call graphs, class hierarchies, module dependency maps, containment diagrams, complexity heatmaps, and attack-surface data-flow visualizations.
Configure mewt or muton mutation-testing campaigns β scope targets, tune timeouts, and optimize long-running runs. mewt targets general-purpose languages (Rust, Solidity, Go, TS, JS) while muton targets TON smart contracts (Tact, Tolk, FunC).
Build and query multi-language source-code graphs for security analysis β covers blast radius, taint propagation, privilege boundaries, and entry-point enumeration. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.
Project SARIF static-analysis findings and weAudit annotations onto Trailmark code graphs β map findings to nodes by file/line overlap and create severity-based subgraphs for context-aware review.
Run a quick `trailmark analyze --summary` pass on a codebase β returns language detection, entry-point counts, and dependency graph shape for fast structural orientation before deeper analysis.
Extract protocol message flow from source code, RFCs, papers, pseudocode, informal prose, or ProVerif/Tamarin models and produce Mermaid sequenceDiagrams with cryptographic annotations β TLS, Noise, Signal, X3DH, Double Ratchet, FROST, DH, ECDH.
Runs full trailmark structural analysis with all four pre-analysis passes β blast radius, taint propagation, privilege boundaries, and complexity hotspots β for detailed audit prioritization data. Meant for when vivisect Phase 1 needs cross-referenced structural context, not quick summaries.
Compares Trailmark code graphs at two source snapshots (commits, tags, or directories) and surfaces security-relevant structural changes β new attack paths, blast radius growth, taint propagation shifts, and privilege boundary changes that text diffs miss. Designed for pre-release audits and differential security review over a range of commits.
Graph-informed triage for mutation testing and necessist runs β combines survived mutants and unnecessary test statements with Trailmark call graph data to separate false positives, missing unit test targets, and fuzzing targets. Supports mutation frameworks including circomvent and cairo-mutants.
Translates Mermaid sequenceDiagrams of cryptographic protocols into ProVerif (.pv) formal verification models to check properties like secrecy, authentication, forward secrecy, and replay resistance. Takes annotated message flows (Sign, Verify, DH, HKDF, Enc, Dec) and emits a model ready to pass to the ProVerif verifier.
Uses mutation testing to find gaps in cryptographic test vector coverage, then generates new vectors that specifically exercise the escaped mutants. Compares before/after mutation kill rates to prove the new vectors actually improve coverage β useful for building Wycheproof-style cross-implementation test suites.
A Trail of Bits security-focused plugin marketplace providing skills for smart contract auditing, C/C++ code review with SARIF output, GitHub Actions security analysis, differential code review, Semgrep rule creation, and false positive verification.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A security-focused Claude Code plugin marketplace from Trail of Bits providing skills for smart contract auditing, code security review (C/C++, SARIF, Semgrep), supply chain risk analysis, variant analysis, YARA rule authoring, and GitHub Actions security auditing.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
πPlugins28
YARA-X detection rule authoring with linting and quality analysis
Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation
Plugin
Trail of Bits code-auditing plugin that searches and extracts data from Burp Suite project files for AI-assisted security analysis.
Property-based testing guidance for multiple languages and smart contracts
Security-focused differential review of code changes with git history analysis and blast radius estimation
A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Interact with and understand the DWARF debugging format
Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.
Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection
Build deep architectural context through ultra-granular code analysis before vulnerability hunting
Clarify ambiguous requirements by asking questions before implementing. Only when invoked explicitly.
Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI. Includes gh CLI usage guidance.
Trail of Bits code-auditing plugin that detects insecure default configurations, hardcoded credentials, and fail-open security patterns during AI-assisted security review.
Trail of Bits verification plugin that detects compiler-induced timing side-channels in cryptographic code β credited with finding a timing side-channel in ML-DSA signing (RustCrypto).
Trail of Bits code-auditing plugin that creates and refines Semgrep rules for custom vulnerability detection.
Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills
Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis
Create pre-configured devcontainers with Claude Code and language-specific tooling
Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes
Debug Buttercup Kubernetes deployments
Find similar vulnerabilities and bugs across codebases using pattern-based analysis
Modern Python best practices. Use when creating new Python projects, and writing Python scripts, or migrating existing projects from legacy tools.
Diagnose and fix Claude in Chrome MCP extension connectivity issues
Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work.
Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework. Includes vulnerability scanners for 6 blockchains and 5 development guideline assistants.
Runs code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits. Bundles codex-mcp-server for direct MCP tool access to Codex.
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level, and generates structured audit reports.