Trail of Bits Skills Marketplace A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows. Codex can load this marketplace through its Claude marketplace compatibility.
Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit
/plugin marketplace add trailofbits/skills
Browse and Install Plugins Codex supports Claude plugin marketplaces directly, so this repository does not need Codex-specific sidecar metadata.
Install the marketplace with:
codex plugin marketplace add trailofbits/skills
codex plugin list
codex plugin add < plugin-name> @trailofbits To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:
cd /path/to/parent # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills
Plugin
Description
agentic-actions-auditor Audit GitHub Actions workflows for AI agent security vulnerabilities
audit-context-building Build deep architectural context through ultra-granular code analysis
burpsuite-project-parser Search and extract data from Burp Suite project files
c-review Comprehensive C/C++ security review with clustered parallel workers and SARIF output
differential-review Security-focused differential review of code changes with git history analysis
dimensional-analysis Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs
fp-check Systematic false positive verification for security bug analysis with mandatory gate reviews
insecure-defaults Detect insecure default configurations, hardcoded credentials, and fail-open security patterns
semgrep-rule-creator Create and refine Semgrep rules for custom vulnerability detection
semgrep-rule-variant-creator Port existing Semgrep rules to new target languages with test-driven validation
sharp-edges Identify error-prone APIs, dangerous configurations, and footgun designs
static-analysis Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing
supply-chain-risk-auditor Audit supply-chain threat landscape of project dependencies
testing-handbook-skills Skills from the Testing Handbook : fuzzers, static analysis, sanitizers, coverage
trailmark Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification
variant-analysis Find similar vulnerabilities across codebases using pattern-based analysis
Plugin
Description
yara-authoring YARA detection rule authoring with linting, atom analysis, and best practices
Plugin
Description
constant-time-analysis Detect compiler-induced timing side-channels in cryptographic code
mutation-testing Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs
property-based-testing Property-based testing guidance for multiple languages and smart contracts
spec-to-code-compliance Specification-to-code compliance checker for blockchain audits
zeroize-audit Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust
Plugin
Description
dwarf-expert Interact with and understand the DWARF debugging format
Plugin
Description
ask-questions-if-underspecified Clarify requirements before implementing
devcontainer-setup Create pre-configured devcontainers with Claude Code and language-specific tooling
gh-cli Intercept GitHub URL fetches and redirect to the authenticated gh CLI
git-cleanup Safely clean up git worktrees and local branches with gated confirmation workflow
let-fate-decide Draw Tarot cards using cryptographic randomness to add entropy to vague planning
modern-python Modern Python tooling and best practices with uv, ruff, and pytest
seatbelt-sandboxer Generate minimal macOS Seatbelt sandbox configurations
second-opinion Run code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on changes, diffs, or commits. Bundles Codex's built-in MCP server.
skill-improver Iterative skill refinement loop using automated fix-review cycles
workflow-skill-design Design patterns for workflow-based Claude Code skills with review agent
Plugin
Description
culture-index Interpret Culture Index survey results for individuals and teams
Bugs discovered using Trail of Bits Skills. Found something? Let us know!
When reporting bugs you've found, feel free to mention:
Found using Trail of Bits Skills
We welcome contributions! Please see CLAUDE.md for skill authoring guidelines.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License . Made by Trail of Bits .