Vibe Index
🔌

workflow-skill-design

🔌Plugin

trailofbits/skills

VibeIndex|
What it does
|

Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills

Overview

A plugin from Trail of Bits that teaches design patterns for building workflow-based Claude Code skills and provides a review agent for auditing existing skills. Part of the Trail of Bits Skills collection — a security-focused plugin marketplace.

Key Features

  • Skill design patterns — Learn structured approaches to building effective workflow-based Claude Code skills
  • Review agent — Built-in review agent that audits existing skills for quality and correctness
  • Best practices — Guidance on structuring skills with proper workflows, error handling, and user interaction
  • Part of Trail of Bits Skills — Alongside security plugins for YARA authoring, constant-time analysis, Firebase scanning, and git cleanup

Who is this for?

Skill authors and plugin developers who want to build high-quality Claude Code skills following proven design patterns. Ideal for teams creating internal skill libraries who want a review process for quality assurance.

🏪

Part of

trailofbits-skills

Installation

Add marketplace in Claude Code:
/plugin marketplace add trailofbits/skills
Step 2. Install plugin:
/plugin install workflow-skill-design@trailofbits
3,419
-
Last UpdatedMar 6, 2026
View on GitHubBack to Plugins

More from this repository10

🔌
insecure-defaults🔌Plugin

Trail of Bits code-auditing plugin that detects insecure default configurations, hardcoded credentials, and fail-open security patterns during AI-assisted security review.

🔌
burpsuite-project-parser🔌Plugin

Trail of Bits code-auditing plugin that searches and extracts data from Burp Suite project files for AI-assisted security analysis.

🔌
semgrep-rule-creator🔌Plugin

Trail of Bits code-auditing plugin that creates and refines Semgrep rules for custom vulnerability detection.

🔌
constant-time-analysis🔌Plugin

Trail of Bits verification plugin that detects compiler-induced timing side-channels in cryptographic code — credited with finding a timing side-channel in ML-DSA signing (RustCrypto).

🏪
trailofbits-skills🏪Marketplace

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

🔌
gh-cli🔌Plugin

Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI. Includes gh CLI usage guidance.

🎯
ask-questions-if-underspecified🎯Skill

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.

🔌
yara-authoring🔌Plugin

YARA-X detection rule authoring with linting and quality analysis

🎯
semgrep🎯Skill

Runs Semgrep static analysis for security vulnerability detection and code quality enforcement, from the Trail of Bits Skills Marketplace for AI-assisted security workflows.

🎯
modern-python🎯Skill

A Claude Code plugin marketplace from Trail of Bits providing skills for AI-assisted security analysis, testing, and development workflows.