Plugin

skill-improver

Name: skill-improver
Author: trailofbits

Iteratively reviews and auto-fixes Claude Code skills through automated cycles with a skill-reviewer agent until quality standards are met. Run on a skill path or name with optional max iterations, cancel active loops by session ID, and autosave session state on stop.

npx claudepluginhub trailofbits/skills --plugin skill-improver

Component Overview

Commands

Skills

Hooks

Component Details

Commands (2)

Cancel Skill Improver

/cancel-skill-improver

Stops, cancels, or aborts the active skill improvement loop while preserving all changes made to skill files. Use to manually stop, cancel, abort, or kill the iteration process early.

Skill Improver

/skill-improver

Iteratively reviews and fixes a Claude Code skill until it meets quality standards. Triggers on 'fix my skill', 'improve skill quality', 'skill improvement loop'.

Skills (1)

skill-improver

/skill-improver

Iteratively reviews and fixes Claude Code skill quality issues until they meet standards. Runs automated fix-review cycles using the skill-reviewer agent. Use to fix skill quality issues, improve skill descriptions, run automated skill review loops, or iteratively refine a skill. Triggers on 'fix my skill', 'improve skill quality', 'skill improvement loop'. NOT for one-time reviews—use /skill-reviewer directly.

Hooks (1)

Review workflow modifications before installing

Event Hooks

1 hook across 1 event

README

Trail of Bits Skills Marketplace

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.

Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit

Installation

Claude Code Marketplace

/plugin marketplace add trailofbits/skills

Browse and Install Plugins

/plugin menu

Codex

Codex-native skill discovery is supported via the sidecar .codex/skills/ tree in this repository.

Install with:

git clone https://github.com/trailofbits/skills.git ~/.codex/trailofbits-skills
~/.codex/trailofbits-skills/.codex/scripts/install-for-codex.sh

See .codex/INSTALL.md for additional details.

Local Development

To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:

cd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills

Available Plugins

Smart Contract Security

Plugin	Description
building-secure-contracts	Smart contract security toolkit with vulnerability scanners for 6 blockchains
entry-point-analyzer	Identify state-changing entry points in smart contracts for security auditing

Code Auditing

Plugin	Description
agentic-actions-auditor	Audit GitHub Actions workflows for AI agent security vulnerabilities
audit-context-building	Build deep architectural context through ultra-granular code analysis
burpsuite-project-parser	Search and extract data from Burp Suite project files
differential-review	Security-focused differential review of code changes with git history analysis
dimensional-analysis	Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs
fp-check	Systematic false positive verification for security bug analysis with mandatory gate reviews
insecure-defaults	Detect insecure default configurations, hardcoded credentials, and fail-open security patterns
semgrep-rule-creator	Create and refine Semgrep rules for custom vulnerability detection
semgrep-rule-variant-creator	Port existing Semgrep rules to new target languages with test-driven validation
sharp-edges	Identify error-prone APIs, dangerous configurations, and footgun designs
static-analysis	Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing
supply-chain-risk-auditor	Audit supply-chain threat landscape of project dependencies
testing-handbook-skills	Skills from the Testing Handbook: fuzzers, static analysis, sanitizers, coverage
trailmark	Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification
variant-analysis	Find similar vulnerabilities across codebases using pattern-based analysis

Malware Analysis

Plugin	Description
yara-authoring	YARA detection rule authoring with linting, atom analysis, and best practices

Verification

Plugin	Description
constant-time-analysis	Detect compiler-induced timing side-channels in cryptographic code
mutation-testing	Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs
property-based-testing	Property-based testing guidance for multiple languages and smart contracts
spec-to-code-compliance	Specification-to-code compliance checker for blockchain audits
zeroize-audit	Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust

Reverse Engineering

Plugin	Description
dwarf-expert	Interact with and understand the DWARF debugging format

Mobile Security

View full README on GitHub

Similar Plugins

workflow-skill-design

4.2k

Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills

Stats

Version1.0.1

Parent Repo Stars4186

Parent Repo Forks370

Installs3

MaintenanceGood

AddedFeb 27, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Available In

trailofbits4,975

Help us improve

Share bugs, ideas, or general feedback.

Back to Plugins

Trail of Bits Skills Marketplace

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.

Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit

Installation

Claude Code Marketplace

/plugin marketplace add trailofbits/skills

Browse and Install Plugins

/plugin menu

Codex

Codex-native skill discovery is supported via the sidecar .codex/skills/ tree in this repository.

Install with:

git clone https://github.com/trailofbits/skills.git ~/.codex/trailofbits-skills
~/.codex/trailofbits-skills/.codex/scripts/install-for-codex.sh

See .codex/INSTALL.md for additional details.

Local Development

To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:

cd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills

Available Plugins

Smart Contract Security

Plugin	Description
building-secure-contracts	Smart contract security toolkit with vulnerability scanners for 6 blockchains
entry-point-analyzer	Identify state-changing entry points in smart contracts for security auditing

Code Auditing

Plugin	Description
agentic-actions-auditor	Audit GitHub Actions workflows for AI agent security vulnerabilities
audit-context-building	Build deep architectural context through ultra-granular code analysis
burpsuite-project-parser	Search and extract data from Burp Suite project files
differential-review	Security-focused differential review of code changes with git history analysis
dimensional-analysis	Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs
fp-check	Systematic false positive verification for security bug analysis with mandatory gate reviews
insecure-defaults	Detect insecure default configurations, hardcoded credentials, and fail-open security patterns
semgrep-rule-creator	Create and refine Semgrep rules for custom vulnerability detection
semgrep-rule-variant-creator	Port existing Semgrep rules to new target languages with test-driven validation
sharp-edges	Identify error-prone APIs, dangerous configurations, and footgun designs
static-analysis	Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing
supply-chain-risk-auditor	Audit supply-chain threat landscape of project dependencies
testing-handbook-skills	Skills from the Testing Handbook: fuzzers, static analysis, sanitizers, coverage
trailmark	Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification
variant-analysis	Find similar vulnerabilities across codebases using pattern-based analysis

Malware Analysis

Plugin	Description
yara-authoring	YARA detection rule authoring with linting, atom analysis, and best practices

Verification

Plugin	Description
constant-time-analysis	Detect compiler-induced timing side-channels in cryptographic code
mutation-testing	Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs
property-based-testing	Property-based testing guidance for multiple languages and smart contracts
spec-to-code-compliance	Specification-to-code compliance checker for blockchain audits
zeroize-audit	Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust

Reverse Engineering

Plugin	Description
dwarf-expert	Interact with and understand the DWARF debugging format

skill-improver

Component Overview

Component Details

Commands (2)

Skills (1)

Hooks (1)

README

Trail of Bits Skills Marketplace

Installation

Claude Code Marketplace

Browse and Install Plugins

Codex

Local Development

Available Plugins

Smart Contract Security

Code Auditing

Malware Analysis

Verification

Reverse Engineering

Mobile Security

Similar Plugins

workflow-skill-design

Help us improve

Help us improve

skill-improver

Component Overview

Component Details

Commands (2)

Skills (1)

Hooks (1)

README

Trail of Bits Skills Marketplace

Installation

Claude Code Marketplace

Browse and Install Plugins

Codex

Local Development

Available Plugins

Smart Contract Security

Code Auditing

Malware Analysis

Verification

Reverse Engineering

Mobile Security

Similar Plugins

workflow-skill-design

Help us improve

security-agent

ai-ide-vuln-skills

fullstack-dev-skills

claude-code-toolkit

godot-skills