Security review · Claude Code Collection

skills adoption decision

Inspect code, apps, APIs, or agent workflows for security risks before adoption or release. Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

GitHub repo Adoption path Source evidence Back to skills last scan today

Job to solvesecurity analysis and review

Inspect code, apps, APIs, or agent workflows for security risks before adoption or release.

Who should use itSecurity-minded developers reviewing repositories, reverse-engineering APIs, or auditing agent workflows.

Use this as a fit check before reading install commands.

Works withClaude Code

Platform fit comes after the use case, not before it.

Adoption pathNeeds adoption review

No trusted setup command was extracted yet. Open the source evidence before adopting it.

Trust signalREADME + SKILL.md

12 SKILL.md + README evidence, 4,878 stars, and today repo freshness at last scan.

Decision snapshot

GitHub repositorytrailofbits/skills

Primary SKILL.md.codex/skills/gh-cli/SKILL.md

Works withClaude Code

TypeCollection

Last pushedtoday

Stars4,878

Forks424

Adoption pathNeeds adoption review

Source evidencestrong

Best forSecurity review

Trust check

Last pushedtodayLast pushed Apr 29, 2026.

Install pathneeds reviewNo trusted install path was extracted at last scan.

Source evidencestrong73 SKILL.md file(s) plus README/source excerpts were evaluated.

GitHub reach4.9k stars4,878 stars and 424 forks at last scan.

Shortlist fitsolid fit70/100 from install clarity, source quality, scope fit, and current GitHub evidence.

Compare with these skills

Andrej Karpathy Skillsclearer install path · forrestchang/andrej-karpathy-skillssingle skillclear installstronger fit80strong fit cavemanclearer install path · JuliusBrussee/cavemansingle skillclear installstronger fit80strong fit gstackclearer install path · garrytan/gstackclear installstronger fitmore adopted78strong fit Matt Pocock Skillsclearer install path · mattpocock/skillsclear installmore adoptedsame platform70solid fit claude-skillsclearer install path · Jeffallan/claude-skillsclear installmore adoptedsame platform70solid fit

Why we list it

READMEpresentREADME.md is part of the public evidence set.

SKILL.md20 found20 path(s) found by recursive tree scan.

Installneeds review0 source file(s) produced install evidence.

Overview

What job does it solve?Security review

Inspect code, apps, APIs, or agent workflows for security risks before adoption or release.

Who should use it?Security-minded developers reviewing repositories, reverse-engineering APIs, or auditing agent workflows.

security analysis and review for Claude Code users.

Works withClaude Code

Check platform compatibility after confirming the use case fits your workflow.

How can I adopt it?Needs adoption review

No trusted setup command was extracted yet. Open the source evidence before adopting it.

Can I trust it?README + SKILL.md

12 SKILL.md + README evidence, 4,878 stars, and today repo freshness at last scan.

What to compare?5 related skills

Use the comparison list below to avoid adopting the first matching repo blindly.

Quick read

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.

Why we list it

Public because this is a source-backed collection with enough current evidence to qualify for the shortlist.
Current GitHub metadata is available for trailofbits/skills.
73 SKILL.md file(s) were found in the recursive tree scan.
README content is available as part of the public evidence set.

Adoption path for skills

Needs adoption review: no trusted setup path was extracted yet.

Source evidence

Source excerpts used for this adoption decision. Low-confidence cases link back to GitHub instead of forcing a misleading quote.

README excerpt

README.md

Trail of Bits Skills Marketplace

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.

Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit

Installation

Browse and Install Plugins

/plugin menu

Codex

Codex-native skill discovery is supported via the sidecar .codex/skills/ tree in this repository.

Install with:

git clone https://github.com/trailofbits/skills.git ~/.codex/trailofbits-skills
~/.codex/trailofbits-skills/.codex/scripts/install-for-codex.sh

See .codex/INSTALL.md for additional details.

Local Development

To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:

cd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills

SKILL.md excerpt

.codex/skills/gh-cli/SKILL.md

gh-cli

When to Use

Working with GitHub repositories, pull requests, issues, releases, or raw file URLs.
You need authenticated access to private repositories or higher API rate limits.
You are about to use curl, wget, or unauthenticated web fetches against GitHub.

When NOT to Use

The target is not GitHub.
Plain local git operations already solve the task.

Guidance

Prefer the authenticated gh CLI over raw HTTP fetches for GitHub content. In particular:

Prefer gh repo view, gh pr view, gh pr list, gh issue view, and gh api over unauthenticated curl or wget.
Prefer cloning a repository and reading files locally over fetching raw.githubusercontent.com blobs directly.
Avoid using GitHub API /contents/ endpoints as a substitute for cloning and reading repository files.

Examples:

gh repo view owner/repo
gh pr view 123 --repo owner/repo
gh api repos/owner/repo/pulls

For the original Claude plugin implementation, see:

plugins/gh-cli/README.md
plugins/gh-cli/hooks/

GitHub repository
Primary SKILL.md
73 SKILL.md file(s) found

Show scanned SKILL.md paths (73)

Showing 12 of 73 scanned paths.

.codex/skills/gh-cli/SKILL.md
plugins/agentic-actions-auditor/skills/agentic-actions-auditor/SKILL.md
plugins/ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md
plugins/audit-context-building/skills/audit-context-building/SKILL.md
plugins/building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md
plugins/building-secure-contracts/skills/audit-prep-assistant/SKILL.md
plugins/building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md
plugins/building-secure-contracts/skills/code-maturity-assessor/SKILL.md
plugins/building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md
plugins/building-secure-contracts/skills/guidelines-advisor/SKILL.md
plugins/building-secure-contracts/skills/secure-workflow-guide/SKILL.md
plugins/building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md