A Claude Code plugin marketplace from Trail of Bits providing 35+ skills for security researchers, auditors, and developers.
What is Trail of Bits Skills?
Trail of Bits Skills Marketplace is a comprehensive collection of Claude Code plugins designed to enhance AI-assisted security analysis, testing, and development workflows. Built by security experts at Trail of Bits, these plugins provide specialized knowledge and tooling for everything from smart contract auditing to malware analysis.Key Features
Smart Contract Security
Comprehensive vulnerability scanners for 6 blockchains including Solidity, Algorand, Cairo, Cosmos, Solana, and Substrate
Code Auditing
Static analysis with CodeQL and Semgrep, differential review, false positive verification, and supply chain risk auditing
Verification & Testing
Property-based testing, constant-time analysis for crypto code, and specification-to-code compliance checking
Development Tools
Modern Python tooling, devcontainer setup, GitHub CLI integration, and secure workflow patterns
Why Use Trail of Bits Skills?
Built by Security Experts
Built by Security Experts
Every plugin is authored by Trail of Bits security researchers with deep expertise in their domains. Skills are based on proven methodologies from real-world security audits.
35+ Specialized Plugins
35+ Specialized Plugins
From smart contract security to YARA rule authoring, from constant-time analysis to Firebase APK scanning—there’s a skill for every security task.
Trophy Case: Real Vulnerabilities Found
Trophy Case: Real Vulnerabilities Found
Skills have discovered production bugs including timing side-channels in ML-DSA signing implementations. When you find bugs, you can credit Trail of Bits Skills.
Open Source & Community Driven
Open Source & Community Driven
Licensed under Creative Commons Attribution-ShareAlike 4.0. Contributions welcome with comprehensive authoring guidelines.
Get Started
Installation
Add the marketplace to Claude Code in seconds
Quick Start
Browse and install your first plugin
Browse Plugins
Explore all 35 available plugins
Plugin Categories
Smart Contract Security
- building-secure-contracts - Security toolkit with vulnerability scanners for 6 blockchains
- entry-point-analyzer - Identify state-changing entry points for security auditing
Code Auditing
- static-analysis - CodeQL, Semgrep, and SARIF parsing toolkit
- differential-review - Security-focused review of code changes with git history analysis
- variant-analysis - Find similar vulnerabilities across codebases
- audit-context-building - Build deep architectural context through ultra-granular analysis
- fp-check - Systematic false positive verification with mandatory gate reviews
Verification
- constant-time-analysis - Detect compiler-induced timing side-channels in cryptographic code
- property-based-testing - Property-based testing guidance for multiple languages and smart contracts
- spec-to-code-compliance - Specification-to-code compliance checker for blockchain audits
- zeroize-audit - Detect missing or compiler-eliminated zeroization of secrets
Development
- modern-python - Modern Python tooling with uv, ruff, and pytest
- devcontainer-setup - Pre-configured devcontainers with Claude Code and language-specific tooling
- gh-cli - Authenticated GitHub CLI integration
- second-opinion - Code reviews using external LLMs (OpenAI Codex, Google Gemini)
Community & Support
Found a Bug Using Skills?
Trail of Bits maintains a Trophy Case of vulnerabilities discovered using these skills. Found something? Let us know!When reporting bugs, feel free to mention: Found using Trail of Bits Skills
Related Projects
- claude-code-config - Configuration templates
- skills-curated - Curated skill collections
- claude-code-devcontainer - Development containers
- dropkit - Additional tooling