libafl
π―Skillfrom trailofbits/skills
|Enables advanced fuzzing and vulnerability discovery by integrating LibAFL's powerful mutation-based testing capabilities into security analysis workflows.
Installation
npx skills add https://github.com/trailofbits/skills --skill libaflSkill Details
Overview
# Trail of Bits Skills Marketplace
A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.
Installation
Add the Marketplace
```
/plugin marketplace add trailofbits/skills
```
Browse and Install Plugins
```
/plugin menu
```
Local Development
To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:
```
cd /path/to/parent # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills
```
Available Plugins
Smart Contract Security
| Plugin | Description |
|--------|-------------|
| [building-secure-contracts](plugins/building-secure-contracts/) | Smart contract security toolkit with vulnerability scanners for 6 blockchains |
| [entry-point-analyzer](plugins/entry-point-analyzer/) | Identify state-changing entry points in smart contracts for security auditing |
Code Auditing
| Plugin | Description |
|--------|-------------|
| [audit-context-building](plugins/audit-context-building/) | Build deep architectural context through ultra-granular code analysis |
| [burpsuite-project-parser](plugins/burpsuite-project-parser/) | Search and extract data from Burp Suite project files |
| [differential-review](plugins/differential-review/) | Security-focused differential review of code changes with git history analysis |
| [semgrep-rule-creator](plugins/semgrep-rule-creator/) | Create and refine Semgrep rules for custom vulnerability detection |
| [semgrep-rule-variant-creator](plugins/semgrep-rule-variant-creator/) | Port existing Semgrep rules to new target languages with test-driven validation |
| [sharp-edges](plugins/sharp-edges/) | Identify error-prone APIs, dangerous configurations, and footgun designs |
| [static-analysis](plugins/static-analysis/) | Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing |
| [testing-handbook-skills](plugins/testing-handbook-skills/) | Skills from the [Testing Handbook](https://appsec.guide): fuzzers, static analysis, sanitizers, coverage |
| [variant-analysis](plugins/variant-analysis/) | Find similar vulnerabilities across codebases using pattern-based analysis |
Verification
| Plugin | Description |
|--------|-------------|
| [constant-time-analysis](plugins/constant-time-analysis/) | Detect compiler-induced timing side-channels in cryptographic code |
| [property-based-testing](plugins/property-based-testing/) | Property-based testing guidance for multiple languages and smart contracts |
| [spec-to-code-compliance](plugins/spec-to-code-compliance/) | Specification-to-code compliance checker for blockchain audits |
Audit Lifecycle
| Plugin | Description |
|--------|-------------|
| [fix-review](plugins/fix-review/) | Verify fix commits address audit findings without introducing bugs |
Reverse Engineering
| Plugin | Description |
|--------|-------------|
| [dwarf-expert](plugins/dwarf-expert/) | Interact with and understand the DWARF debugging format |
Mobile Security
| Plugin | Description |
|--------|-------------|
| [firebase-apk-scanner](plugins/firebase-apk-scanner/) | Scan Android APKs for Firebase security misconfigurations |
Development
| Plugin | Description |
|--------|-------------|
| [ask-questions-if-underspecified](plugins/ask-questions-if-underspecified/) | Clarify requirements before implementing |
| [modern-python](plugins/modern-python/) | Modern Python tooling and best practices with uv, ruff, and pytest |
Team Management
| Plugin | Description |
|--------|-------------|
| [culture-index](plugins/culture-index/) | Interpret Culture Index survey results for individuals and teams |
Tooling
| Plugin | Description |
|--------|-------------|
| [claude-in-chrome-troubleshooting](plugins/claude-in-chrome-troubleshooting/) | Diagnose and fix Claude in Chrome MCP extension connectivity issues |
Trophy Case
Bugs d
More from this repository10
Provides AI-assisted skills and techniques for software testing, including guidance on fuzzers, static analysis, sanitizers, and code coverage from the Testing Handbook.
I apologize, but I cannot find a description of the "culture-index" plugin in the provided README. The README lists several plugins, but "culture-index" is not among them. Without additional contex...
Performs comprehensive static code analysis using CodeQL, Semgrep, and SARIF parsing to identify potential vulnerabilities and code quality issues across multiple programming languages.
Provides a curated marketplace of Claude plugins focused on enhancing security analysis, code auditing, smart contract review, and vulnerability detection workflows.
Prompts for clarification and asks targeted questions when initial task or code context lacks sufficient detail for comprehensive analysis.
Generates and runs property-based tests to systematically explore edge cases and validate complex code behaviors across different input domains.
Scans source code using Semgrep rules to detect custom security vulnerabilities and code quality issues across multiple programming languages.
I apologize, but I cannot find a description of a "secure-workflow-guide" skill in the provided README. While the README lists several skills related to security and code analysis, there is no spec...
Performs advanced static code analysis using GitHub's CodeQL to detect potential security vulnerabilities and code quality issues across multiple programming languages.
Performs security-focused differential review of code changes by analyzing git history to identify potential vulnerabilities and modifications.