Curated Skills Marketplace
Trail of Bits' reviewed and approved Claude Code plugins. Every skill and marketplace here has been vetted for quality and safety.
Why This Exists
We don't want people at Trail of Bits installing random plugins from GitHub repos we haven't reviewed. Published skills have been found with backdoors and malicious hooks, and the ecosystem has no built-in quality gate. This repo is how we solve that problem internally.
Everything here has been code-reviewed by Trail of Bits staff. We're sharing it publicly so the broader community benefits from the same vetting.
Installation
/plugin marketplace add trailofbits/skills-curated
/plugin menu
Available Plugins
Development
| Plugin | Description |
|---|
| planning-with-files | File-based planning with persistent markdown for complex multi-step tasks |
| python-code-simplifier | Simplify and refine Python code for clarity and maintainability |
| react-pdf | Generate PDF documents with React-PDF (flexbox layout, SVG, custom fonts) |
| skill-extractor | Extract reusable skills from work sessions |
Security
| Plugin | Description |
|---|
| ffuf-web-fuzzing | Expert guidance for ffuf web fuzzing during authorized penetration testing |
| ghidra-headless | Reverse engineer binaries using Ghidra's headless analyzer |
| scv-scan | Audit Solidity codebases for 36 smart contract vulnerability classes |
| security-awareness | Recognize and avoid phishing, credential theft, and social engineering during agent operation |
| wooyun-legacy | Web vulnerability testing methodology from 88,636 real-world cases (WooYun 2010-2016) |
Research
| Plugin | Description |
|---|
| last30days | Research any topic from the last 30 days across Reddit, X, and the web |
| x-research | Search X/Twitter for real-time perspectives, discussions, and expert opinions |
Writing
| Plugin | Description |
|---|
| humanizer | Identifies and removes AI writing patterns to make text sound natural |
OpenAI (Converted)
Auto-converted from openai/skills using scripts/convert_openai_skills.py. Portable skills only (no MCP or OpenAI API dependencies).
| Plugin | Description |
|---|
| openai-cloudflare-deploy | Deploy applications to Cloudflare Workers and Pages |
| openai-develop-web-game | Build and iterate on web games (HTML/JS) with a dev + testing loop |
| openai-doc | Read, create, and edit .docx documents with formatting fidelity |
| openai-gh-address-comments | Address review and issue comments on GitHub PRs |
| openai-gh-fix-ci | Debug and fix failing GitHub Actions CI checks |
| openai-jupyter-notebook | Create, scaffold, and edit Jupyter notebooks |
| openai-netlify-deploy | Deploy web projects to Netlify using the CLI |
| openai-pdf | Read, create, and review PDF files with layout awareness |
| openai-playwright | Automate real browsers from the terminal via playwright-cli |
| openai-screenshot | Take desktop or system screenshots |
| openai-security-best-practices | Language and framework specific security best-practice reviews |
| openai-security-ownership-map | Build security ownership topology from git history |
| openai-security-threat-model | Repository-grounded threat modeling with trust boundaries and abuse paths |
| openai-sentry | Inspect Sentry issues and summarize production errors |
| openai-spreadsheet | Create, edit, and analyze spreadsheets (.xlsx, .csv) |
| openai-yeet | Stage, commit, push, and open a GitHub PR in one flow |
How It Works
There are three ways to get a skill approved for use:
1. Use an approved marketplace
The marketplaces below have been reviewed and are approved for use. Install plugins from them directly.
