trailofbits-skills
πͺMarketplacetrailofbits/skills
|A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.
Overview
Trail of Bits Skills Marketplace is a Claude Code plugin marketplace providing security-focused skills for AI-assisted security analysis, testing, and development workflows. Built by Trail of Bits, a leading security research firm, it offers specialized plugins spanning smart contract security, code auditing, and development best practices.
Key Features
- Smart contract security: Includes vulnerability scanners for 6 blockchains and entry point analyzers for security auditing of state-changing contract functions
- Code auditing tools: Deep architectural context building through ultra-granular code analysis, with Burp Suite project integration
- Easy marketplace integration: Install with
/plugin marketplace add trailofbits/skillsand browse plugins via/plugin menu - Local development support: Add the marketplace locally for testing and development with simple directory-based setup
- Curated security expertise: Companion repositories for claude-code-config, skills-curated, claude-code-devcontainer, and dropkit
Who is this for?
This marketplace is designed for security researchers, smart contract auditors, and developers who want to enhance their Claude Code workflows with professional security analysis tools. It is particularly valuable for teams conducting blockchain security audits or code reviews that require structured, thorough vulnerability assessment.
Add this Marketplace
/plugin marketplace add trailofbits/skillsPlugins in this Marketplace
ask-questions-if-underspecified
Clarify ambiguous requirements by asking questions before implementing. Only when invoked explicitly.
audit-context-building
Build deep architectural context through ultra-granular code analysis before vulnerability hunting
building-secure-contracts
Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework. Includes vulnerability scanners for 6 blockchains and 5 development guideline assistants.
burpsuite-project-parser
Search and extract data from Burp Suite project files (.burp) for security analysis
claude-in-chrome-troubleshooting
Diagnose and fix Claude in Chrome MCP extension connectivity issues
constant-time-analysis
Detect compiler-induced timing side-channels in cryptographic code
debug-buttercup
Debug Buttercup Kubernetes deployments
devcontainer-setup
Create pre-configured devcontainers with Claude Code and language-specific tooling
differential-review
Security-focused differential review of code changes with git history analysis and blast radius estimation
dwarf-expert
Interact with and understand the DWARF debugging format
entry-point-analyzer
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level, and generates structured audit reports.
firebase-apk-scanner
Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.
gh-cli
Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI. Includes gh CLI usage guidance.
git-cleanup
Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work.
insecure-defaults
Detects insecure default configurations including hardcoded credentials, fallback secrets, weak authentication defaults, and dangerous values in production
modern-python
Modern Python best practices. Use when creating new Python projects, and writing Python scripts, or migrating existing projects from legacy tools.
property-based-testing
Property-based testing guidance for multiple languages and smart contracts
second-opinion
Runs code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits. Bundles codex-mcp-server for direct MCP tool access to Codex.
semgrep-rule-variant-creator
Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation
sharp-edges
Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes
spec-to-code-compliance
Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis
static-analysis
Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection
variant-analysis
Find similar vulnerabilities and bugs across codebases using pattern-based analysis
workflow-skill-design
Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills
yara-authoring
YARA-X detection rule authoring with linting and quality analysis