Plugin

dimensional-analysis

Name: dimensional-analysis
Author: trailofbits

Annotate codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Automatically scan for arithmetic patterns, discover project-specific units, propagate annotations through expressions and functions, and validate consistency to detect mismatches and bugs in DeFi protocols or numerical code.

Rust

security

code-quality

npx claudepluginhub trailofbits/skills --plugin dimensional-analysis

Component Overview

Agents

Skills

Component Details

Agents (5)

arithmetic-scanner

/arithmetic-scanner

Scans repo for files with dimensional arithmetic to scope discovery

dimension-annotator

/dimension-annotator

Adds dimensional annotations to source code at anchor points using Reserve Protocol's format

dimension-discoverer

/dimension-discoverer

Discovers dimensional vocabulary for codebases by analyzing naming conventions and protocol patterns

dimension-propagator

/dimension-propagator

Propagates dimensional annotations through arithmetic and call chains, reporting mismatches found during propagation

dimension-validator

/dimension-validator

Validates dimensional consistency and detects dimensional bugs in annotated code

Skills (1)

dimensional-analysis

/dimensional-analysis

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol, offchain code, or other blockchain-related codebase with arithmetic. Prevents dimensional mismatches and catches formula bugs early.

README

Trail of Bits Skills Marketplace

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.

Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit

Installation

Claude Code Marketplace

/plugin marketplace add trailofbits/skills

Browse and Install Plugins

/plugin menu

Codex

Codex-native skill discovery is supported via the sidecar .codex/skills/ tree in this repository.

Install with:

git clone https://github.com/trailofbits/skills.git ~/.codex/trailofbits-skills
~/.codex/trailofbits-skills/.codex/scripts/install-for-codex.sh

See .codex/INSTALL.md for additional details.

Local Development

To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:

cd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills

Available Plugins

Smart Contract Security

Plugin	Description
building-secure-contracts	Smart contract security toolkit with vulnerability scanners for 6 blockchains
entry-point-analyzer	Identify state-changing entry points in smart contracts for security auditing

Code Auditing

Plugin	Description
agentic-actions-auditor	Audit GitHub Actions workflows for AI agent security vulnerabilities
audit-context-building	Build deep architectural context through ultra-granular code analysis
burpsuite-project-parser	Search and extract data from Burp Suite project files
differential-review	Security-focused differential review of code changes with git history analysis
dimensional-analysis	Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs
fp-check	Systematic false positive verification for security bug analysis with mandatory gate reviews
insecure-defaults	Detect insecure default configurations, hardcoded credentials, and fail-open security patterns
semgrep-rule-creator	Create and refine Semgrep rules for custom vulnerability detection
semgrep-rule-variant-creator	Port existing Semgrep rules to new target languages with test-driven validation
sharp-edges	Identify error-prone APIs, dangerous configurations, and footgun designs
static-analysis	Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing
supply-chain-risk-auditor	Audit supply-chain threat landscape of project dependencies
testing-handbook-skills	Skills from the Testing Handbook: fuzzers, static analysis, sanitizers, coverage
trailmark	Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification
variant-analysis	Find similar vulnerabilities across codebases using pattern-based analysis

Malware Analysis

Plugin	Description
yara-authoring	YARA detection rule authoring with linting, atom analysis, and best practices

Verification

Plugin	Description
constant-time-analysis	Detect compiler-induced timing side-channels in cryptographic code
mutation-testing	Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs
property-based-testing	Property-based testing guidance for multiple languages and smart contracts
spec-to-code-compliance	Specification-to-code compliance checker for blockchain audits
zeroize-audit	Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust

Reverse Engineering

Plugin	Description
dwarf-expert	Interact with and understand the DWARF debugging format

Mobile Security

View full README on GitHub

Similar Plugins

audit-context-building

4.2k

Build deep architectural context through ultra-granular code analysis before vulnerability hunting

Stats

Version3.0.0

Parent Repo Stars4186

Parent Repo Forks370

Installs1

MaintenanceGood

AddedMar 25, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Available In

trailofbits4,975

Safety Signals

Caution

Uses power tools

Uses Bash, Write, or Edit tools

Help us improve

Share bugs, ideas, or general feedback.

Back to Plugins

Trail of Bits Skills Marketplace

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.

Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit

Installation

Claude Code Marketplace

/plugin marketplace add trailofbits/skills

Browse and Install Plugins

/plugin menu

Codex

Codex-native skill discovery is supported via the sidecar .codex/skills/ tree in this repository.

Install with:

git clone https://github.com/trailofbits/skills.git ~/.codex/trailofbits-skills
~/.codex/trailofbits-skills/.codex/scripts/install-for-codex.sh

See .codex/INSTALL.md for additional details.

Local Development

To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:

cd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills

Available Plugins

Smart Contract Security

Plugin	Description
building-secure-contracts	Smart contract security toolkit with vulnerability scanners for 6 blockchains
entry-point-analyzer	Identify state-changing entry points in smart contracts for security auditing

Code Auditing

Plugin	Description
agentic-actions-auditor	Audit GitHub Actions workflows for AI agent security vulnerabilities
audit-context-building	Build deep architectural context through ultra-granular code analysis
burpsuite-project-parser	Search and extract data from Burp Suite project files
differential-review	Security-focused differential review of code changes with git history analysis
dimensional-analysis	Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs
fp-check	Systematic false positive verification for security bug analysis with mandatory gate reviews
insecure-defaults	Detect insecure default configurations, hardcoded credentials, and fail-open security patterns
semgrep-rule-creator	Create and refine Semgrep rules for custom vulnerability detection
semgrep-rule-variant-creator	Port existing Semgrep rules to new target languages with test-driven validation
sharp-edges	Identify error-prone APIs, dangerous configurations, and footgun designs
static-analysis	Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing
supply-chain-risk-auditor	Audit supply-chain threat landscape of project dependencies
testing-handbook-skills	Skills from the Testing Handbook: fuzzers, static analysis, sanitizers, coverage
trailmark	Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification
variant-analysis	Find similar vulnerabilities across codebases using pattern-based analysis

Malware Analysis

Plugin	Description
yara-authoring	YARA detection rule authoring with linting, atom analysis, and best practices

Verification

Plugin	Description
constant-time-analysis	Detect compiler-induced timing side-channels in cryptographic code
mutation-testing	Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs
property-based-testing	Property-based testing guidance for multiple languages and smart contracts
spec-to-code-compliance	Specification-to-code compliance checker for blockchain audits
zeroize-audit	Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust

Reverse Engineering

Plugin	Description
dwarf-expert	Interact with and understand the DWARF debugging format

dimensional-analysis

Component Overview

Component Details

Agents (5)

Skills (1)

README

Trail of Bits Skills Marketplace

Installation

Claude Code Marketplace

Browse and Install Plugins

Codex

Local Development

Available Plugins

Smart Contract Security

Code Auditing

Malware Analysis

Verification

Reverse Engineering

Mobile Security

Similar Plugins

audit-context-building

Help us improve

Help us improve

dimensional-analysis

Component Overview

Component Details

Agents (5)

Skills (1)

README

Trail of Bits Skills Marketplace

Installation

Claude Code Marketplace

Browse and Install Plugins

Codex

Local Development

Available Plugins

Smart Contract Security

Code Auditing

Malware Analysis

Verification

Reverse Engineering

Mobile Security

Similar Plugins

audit-context-building

Help us improve

defender

context7-plugin

startup-business-analyst

episodic-memory