By michelabboud
Systematic false positive verification for security bug analysis with mandatory gate reviews
Analyzes data flow from source to vulnerability sink, mapping trust boundaries, API contracts, environment protections, and cross-references. Spawned by fp-check during Phase 1 verification.
Verifies whether a suspected vulnerability is actually exploitable by proving attacker control, mathematical bounds, and race condition feasibility. Spawned by fp-check during Phase 2 verification.
Creates proof-of-concept exploits (pseudocode, executable, and unit tests) demonstrating a verified vulnerability, plus negative PoCs showing exploit preconditions. Spawned by fp-check during Phase 4 verification.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.
Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit
/plugin marketplace add trailofbits/skills
/plugin menu
To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:
cd /path/to/parent # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills
| Plugin | Description |
|---|---|
| building-secure-contracts | Smart contract security toolkit with vulnerability scanners for 6 blockchains |
| entry-point-analyzer | Identify state-changing entry points in smart contracts for security auditing |
| Plugin | Description |
|---|---|
| agentic-actions-auditor | Audit GitHub Actions workflows for AI agent security vulnerabilities |
| audit-context-building | Build deep architectural context through ultra-granular code analysis |
| burpsuite-project-parser | Search and extract data from Burp Suite project files |
| differential-review | Security-focused differential review of code changes with git history analysis |
| fp-check | Systematic false positive verification for security bug analysis with mandatory gate reviews |
| insecure-defaults | Detect insecure default configurations, hardcoded credentials, and fail-open security patterns |
| semgrep-rule-creator | Create and refine Semgrep rules for custom vulnerability detection |
| semgrep-rule-variant-creator | Port existing Semgrep rules to new target languages with test-driven validation |
| sharp-edges | Identify error-prone APIs, dangerous configurations, and footgun designs |
| static-analysis | Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing |
| supply-chain-risk-auditor | Audit supply-chain threat landscape of project dependencies |
| testing-handbook-skills | Skills from the Testing Handbook: fuzzers, static analysis, sanitizers, coverage |
| variant-analysis | Find similar vulnerabilities across codebases using pattern-based analysis |
| Plugin | Description |
|---|---|
| yara-authoring | YARA detection rule authoring with linting, atom analysis, and best practices |
| Plugin | Description |
|---|---|
| constant-time-analysis | Detect compiler-induced timing side-channels in cryptographic code |
| property-based-testing | Property-based testing guidance for multiple languages and smart contracts |
| spec-to-code-compliance | Specification-to-code compliance checker for blockchain audits |
| zeroize-audit | Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust |
| Plugin | Description |
|---|---|
| dwarf-expert | Interact with and understand the DWARF debugging format |
| Plugin | Description |
|---|---|
| firebase-apk-scanner | Scan Android APKs for Firebase security misconfigurations |
npx claudepluginhub michelabboud/trailofbits-skills --plugin fp-checkAutomated QA sweep for web apps — run /sentinel:run sweep for full browser+API QA, /sentinel:run api for endpoint-only testing, /sentinel:run setup to configure
Automated QA sweep for web apps — run /sentinel:run sweep for full browser+API QA, /sentinel:run api for endpoint-only testing, /sentinel:run setup to configure
Migrate your code and prompts from Sonnet 4.x and Opus 4.1 to Opus 4.5.
Adds educational insights about implementation choices and codebase patterns (mimics the deprecated Explanatory output style)
Interactive learning mode that requests meaningful code contributions at decision points (mimics the unshipped Learning output style)
Harness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains