skills
Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows.
Rank signal75/100
This rank signal uses GitHub stars, measured star growth, and recent maintenance. It is not a safety score or install approval.
Why we list it
Worth reviewing before you install
Worth a closer look if the use case fits. It has adoption, measured growth, and recent maintenance. No primary install command was extracted, so review the upstream source first.
Approved public shortlistSKILL.md evidenceAlternatives kept nearby
Best for
Security teams. Channel tag: Claude Code. Treat this as a search fit signal, not compatibility proof. Best when you can review the repo manually before adoption. Start with .codex/skills/gh-cli/SKILL.md.
Review before install
Inspect .codex/skills/gh-cli/SKILL.md and the install command before adding it to a shared agent workflow. No actionable warning was returned for this snapshot.
Compare alternatives
Compare nearby security skills in the Claude Code channel when 5,698 GitHub stars, source freshness, or install notes are close. This one still needs manual install review, so a nearby skill may be easier to adopt.
How to install skills
No install command was extracted. Treat this as a manual review case.
SKILL.md and source review
Primary path: .codex/skills/gh-cli/SKILL.md
75/100 from GitHub star count, star growth rate, and recent update.
75/100 from GitHub star count, star growth rate, and recent update.
33.8/45 points. Star count is log-scaled so large repos lead without completely hiding newer projects.
21.3/35 points from 999 net stars over 53.3 observed day(s).
20/20 points. Most recent GitHub activity: 2026-06-11T19:48:24Z.
- GitHub ranking score uses star count, measured star growth rate, and recent repository update only.
- 4,878 stars at last scan.
- 168 stars/week measured from 2026-04-22 to 2026-04-29T10:47:32.376Z.
- Most recent GitHub activity was 2026-04-29T01:12:08Z.
Source evidence preview
We show selected README/SKILL.md excerpts, not a full mirror of the repo. Use the focus cards for install notes, usage, and skill rules, then open GitHub before installing.
Install evidence
Sections found: Installation, Browse and Install Plugins.
Usage evidence
Review README.md for usage examples and expected workflow.
Skill rules
Sections found: When to Use.
Trail of Bits Skills Marketplace
A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.
Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit
Installation
Browse and Install Plugins
/plugin menuCodex
Codex-native skill discovery is supported via the sidecar .codex/skills/ tree in this repository.
Install with:
git clone https://github.com/trailofbits/skills.git ~/.codex/trailofbits-skills
~/.codex/trailofbits-skills/.codex/scripts/install-for-codex.shSee `.codex/INSTALL.md` for additional details.
Local Development
To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:
cd /path/to/parent # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skillsNeed the full source? Read full README on GitHub
gh-cli
When to Use
- Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
- You need authenticated access to private repositories or higher API rate limits.
- You are about to use
curl,wget, or unauthenticated web fetches against GitHub.
When NOT to Use
- The target is not GitHub.
- Plain local git operations already solve the task.
Guidance
Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:
- Prefer
gh repo view,gh pr view,gh pr list,gh issue view, andgh apiover unauthenticatedcurlorwget. - Prefer cloning a repository and reading files locally over fetching
raw.githubusercontent.comblobs directly. - Avoid using GitHub API
/contents/endpoints as a substitute for cloning and reading repository files.
Examples:
gh repo view owner/repo
gh pr view 123 --repo owner/repo
gh api repos/owner/repo/pullsFor the original Claude plugin implementation, see:
plugins/gh-cli/README.mdplugins/gh-cli/hooks/
Need the full source? Read full SKILL.md on GitHub