{"name":"pcanwar-trailofbits","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"pcanwar-ask-questions-if-underspecified-plugins-ask-questions-if-underspecified","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/ask-questions-if-underspecified"},"description":"Clarify ambiguous requirements by asking questions before implementing. Only when invoked explicitly.","version":"1.0.1","strict":true,"keywords":[],"category":"deployment"},{"name":"pcanwar-audit-context-building-plugins-audit-context-building","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/audit-context-building"},"description":"Build deep architectural context through ultra-granular code analysis before vulnerability hunting","version":"1.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"pcanwar-building-secure-contracts-plugins-building-secure-contracts","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/building-secure-contracts"},"description":"Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework. Includes vulnerability scanners for 6 blockchains and 5 development guideline assistants.","version":"1.0.1","strict":true,"keywords":[],"category":"development"},{"name":"pcanwar-burpsuite-project-parser-plugins-burpsuite-project-parser","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/burpsuite-project-parser"},"description":"Search and extract data from Burp Suite project files (.burp) for security analysis","version":"1.0.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-claude-in-chrome-troubleshooting-plugins-claude-in-chrome-troubleshooting","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/claude-in-chrome-troubleshooting"},"description":"Diagnose and fix Claude in Chrome MCP extension connectivity issues","version":"1.0.0","strict":true,"keywords":[],"category":"utilities"},{"name":"pcanwar-constant-time-analysis-plugins-constant-time-analysis","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/constant-time-analysis"},"description":"Detect compiler-induced timing side-channels in cryptographic code","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"pcanwar-culture-index-plugins-culture-index","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/culture-index"},"description":"Interprets Culture Index survey results for individuals and teams","version":"1.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"pcanwar-debug-buttercup-plugins-debug-buttercup","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/debug-buttercup"},"description":"Debug Buttercup Kubernetes deployments","version":"1.0.0","strict":true,"keywords":[],"category":"deployment"},{"name":"pcanwar-devcontainer-setup-plugins-devcontainer-setup","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/devcontainer-setup"},"description":"Create pre-configured devcontainers with Claude Code and language-specific tooling","version":"0.1.0","strict":true,"keywords":[],"category":"development"},{"name":"pcanwar-differential-review-plugins-differential-review","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/differential-review"},"description":"Security-focused differential review of code changes with git history analysis and blast radius estimation","version":"1.0.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-firebase-apk-scanner-plugins-firebase-apk-scanner","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/firebase-apk-scanner"},"description":"Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.","version":"2.1.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-gh-cli-plugins-gh-cli","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/gh-cli"},"description":"Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI.","version":"1.4.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-dwarf-expert-plugins-dwarf-expert","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/dwarf-expert"},"description":"Interact with and understand the DWARF debugging format","version":"1.0.0","strict":true,"keywords":[],"category":"utilities"},{"name":"pcanwar-entry-point-analyzer-plugins-entry-point-analyzer","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/entry-point-analyzer"},"description":"Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level, and generates structured audit reports.","version":"1.0.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-property-based-testing-plugins-property-based-testing","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/property-based-testing"},"description":"Property-based testing guidance for multiple languages and smart contracts","version":"1.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"pcanwar-semgrep-rule-creator-plugins-semgrep-rule-creator","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/semgrep-rule-creator"},"description":"Create custom Semgrep rules for detecting bug patterns and security vulnerabilities","version":"1.1.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-semgrep-rule-variant-creator-plugins-semgrep-rule-variant-creator","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/semgrep-rule-variant-creator"},"description":"Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation","version":"1.0.0","strict":true,"keywords":[],"category":"testing"},{"name":"pcanwar-sharp-edges-plugins-sharp-edges","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/sharp-edges"},"description":"Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes","version":"1.0.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-static-analysis-plugins-static-analysis","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/static-analysis"},"description":"Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection","version":"1.2.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-spec-to-code-compliance-plugins-spec-to-code-compliance","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/spec-to-code-compliance"},"description":"Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis","version":"1.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"pcanwar-testing-handbook-skills-plugins-testing-handbook-skills","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/testing-handbook-skills"},"description":"Skills from the Trail of Bits Application Security Testing Handbook (appsec.guide)","version":"1.0.1","strict":true,"keywords":[],"category":"testing"},{"name":"pcanwar-variant-analysis-plugins-variant-analysis","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/variant-analysis"},"description":"Find similar vulnerabilities and bugs across codebases using pattern-based analysis","version":"1.0.0","strict":true,"keywords":[],"category":"utilities"},{"name":"pcanwar-modern-python-plugins-modern-python","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/modern-python"},"description":"Modern Python best practices. Use when creating new Python projects, and writing Python scripts, or migrating existing projects from legacy tools.","version":"1.5.0","strict":true,"keywords":[],"category":"productivity"},{"name":"pcanwar-insecure-defaults-plugins-insecure-defaults","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/insecure-defaults"},"description":"Detects insecure default configurations including hardcoded credentials, fallback secrets, weak authentication defaults, and dangerous values in production","version":"1.0.0","strict":true,"keywords":[],"category":"security"},{"name":"pcanwar-second-opinion-plugins-second-opinion","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/second-opinion"},"description":"Runs code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits. Bundles Codex's built-in MCP server for direct tool access.","version":"1.6.0","strict":true,"keywords":[],"category":"deployment"},{"name":"pcanwar-yara-authoring-plugins-yara-authoring","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/yara-authoring"},"description":"YARA-X detection rule authoring with linting and quality analysis","version":"2.0.0","strict":true,"keywords":[],"category":"testing"},{"name":"pcanwar-git-cleanup-plugins-git-cleanup","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/git-cleanup"},"description":"Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work.","version":"1.0.0","strict":true,"keywords":[],"category":"utilities"},{"name":"pcanwar-workflow-skill-design-plugins-workflow-skill-design","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/workflow-skill-design"},"description":"Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills","version":"1.0.1","strict":true,"keywords":[],"category":"productivity"},{"name":"pcanwar-seatbelt-sandboxer-plugins-seatbelt-sandboxer","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/seatbelt-sandboxer"},"description":"Generate minimal macOS Seatbelt sandbox configurations for applications","version":"1.0.0","strict":true,"keywords":[],"category":"data"},{"name":"pcanwar-supply-chain-risk-auditor-plugins-supply-chain-risk-auditor","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/supply-chain-risk-auditor"},"description":"Audit supply-chain threat landscape of project dependencies for exploitation or takeover risk","version":"1.0.0","strict":true,"keywords":[],"category":"deployment"},{"name":"pcanwar-zeroize-audit-plugins-zeroize-audit","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/zeroize-audit"},"description":"Detects missing or compiler-optimized zeroization of sensitive data with assembly and control-flow analysis","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"pcanwar-let-fate-decide-plugins-let-fate-decide","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/let-fate-decide"},"description":"Draws Tarot cards using cryptographic randomness to add entropy to vague or underspecified planning. Interprets the spread to guide next steps. Use when feeling lucky, invoking heart-of-the-cards energy, or when prompts are ambiguous.","version":"1.0.0","strict":true,"keywords":[],"category":"deployment"},{"name":"pcanwar-agentic-actions-auditor-plugins-agentic-actions-auditor","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/agentic-actions-auditor"},"description":"Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference)","version":"1.2.0","strict":true,"keywords":[],"category":"productivity"},{"name":"pcanwar-skill-improver-plugins-skill-improver","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/skill-improver"},"description":"Automatically reviews and fixes Claude Code skills through iterative refinement until they meet quality standards. Requires plugin-dev plugin.","version":"1.0.0","strict":true,"keywords":[],"category":"development"},{"name":"pcanwar-fp-check-plugins-fp-check","source":{"source":"git-subdir","url":"https://github.com/pcanwar/skills","path":"plugins/fp-check"},"description":"Systematic false positive verification for security bug analysis with mandatory gate reviews","version":"1.0.0","strict":true,"keywords":[],"category":"security"}]}