Search everything...

Stats

Actions

Available In

zeroize-audit

Name: zeroize-audit
Author: trailofbits

By trailofbits

Audit C/C++/Rust codebases for missing zeroization of sensitive data and compiler optimizations removing wipes. Analyze source code, LLVM IR, and control flow across optimization levels; generate PoCs to verify exploitability; validate with compilation runs and semantic checks; assemble JSON/markdown reports.

npx claudepluginhub trailofbits/skills --plugin zeroize-audit

Popularity

Stars

Top 1%

5,271

Med: 0·Avg: 284

Installs

Med: 0·Avg: 1

Forks

Top 1%

466

Med: 0·Avg: 36

Health & Quality

Maintenance

Fair4.0/10

Med: 7/10·Avg: 7.4/10

Community

Top 25%

62%

Med: 42%·Avg: 42.1%

What's Inside

Agents11

0-preflight

/0-preflight

Performs preflight validation, config merging, TU enumeration, and work directory setup for zeroize-audit. Produces merged-config.yaml, preflight.json, and orchestrator-state.json.

1-mcp-resolver

/1-mcp-resolver

Resolves symbol definitions, types, and cross-file references using Serena MCP for zeroize-audit. Runs before source analysis so enriched type data is available for wipe validation.

2-source-analyzer

/2-source-analyzer

Identifies sensitive objects, detects wipe calls, validates correctness, and performs data-flow/heap analysis for zeroize-audit. Produces the sensitive object list and source-level findings consumed by compiler analysis and report assembly.

2b-rust-source-analyzer

/2b-rust-source-analyzer

Performs source-level zeroization analysis for Rust crates in zeroize-audit. Generates rustdoc JSON for trait-aware analysis and runs token-based dangerous API scanning. Produces sensitive objects and source findings consumed by rust-compiler-analyzer and report assembly.

3-tu-compiler-analyzer

/3-tu-compiler-analyzer

Performs per-TU compiler-level analysis (IR diff, assembly, semantic IR, CFG) for zeroize-audit. One instance runs per translation unit, enabling parallel execution across TUs.

Skills1

zeroize-audit

/zeroize-audit

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

MCP Servers1

serena

External

Stats

Version0.1.0

LanguagePython

Stars5,271

Forks466

MaintenanceFair

LicenseCC-BY-SA-4.0

Last CommitFeb 26, 2026

AddedFeb 27, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

trailofbits5,647

Safety Signals

Caution

External network access

Connects to servers outside your machine

Uses power tools

Uses Bash, Write, or Edit tools

README

Trail of Bits Skills Marketplace

A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.

Also see: claude-code-config · skills-curated · claude-code-devcontainer · dropkit

Installation

Claude Code Marketplace

/plugin marketplace add trailofbits/skills

Browse and Install Plugins

/plugin menu

Codex

Codex-native skill discovery is supported via the sidecar .codex/skills/ tree in this repository.

Install with:

git clone https://github.com/trailofbits/skills.git ~/.codex/trailofbits-skills
~/.codex/trailofbits-skills/.codex/scripts/install-for-codex.sh

See .codex/INSTALL.md for additional details.

Local Development

To add the marketplace locally (e.g., for testing or development), navigate to the parent directory of this repository:

cd /path/to/parent  # e.g., if repo is at ~/projects/skills, be in ~/projects
/plugins marketplace add ./skills

Available Plugins

Smart Contract Security

Plugin	Description
building-secure-contracts	Smart contract security toolkit with vulnerability scanners for 6 blockchains
entry-point-analyzer	Identify state-changing entry points in smart contracts for security auditing

Code Auditing

Plugin	Description
agentic-actions-auditor	Audit GitHub Actions workflows for AI agent security vulnerabilities
audit-context-building	Build deep architectural context through ultra-granular code analysis
burpsuite-project-parser	Search and extract data from Burp Suite project files
differential-review	Security-focused differential review of code changes with git history analysis
dimensional-analysis	Annotate codebases with dimensional analysis comments to detect unit mismatches and formula bugs
fp-check	Systematic false positive verification for security bug analysis with mandatory gate reviews
insecure-defaults	Detect insecure default configurations, hardcoded credentials, and fail-open security patterns
semgrep-rule-creator	Create and refine Semgrep rules for custom vulnerability detection
semgrep-rule-variant-creator	Port existing Semgrep rules to new target languages with test-driven validation
sharp-edges	Identify error-prone APIs, dangerous configurations, and footgun designs
static-analysis	Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing
supply-chain-risk-auditor	Audit supply-chain threat landscape of project dependencies
testing-handbook-skills	Skills from the Testing Handbook: fuzzers, static analysis, sanitizers, coverage
trailmark	Code graph analysis, Mermaid diagrams, mutation testing triage, and protocol verification
variant-analysis	Find similar vulnerabilities across codebases using pattern-based analysis

Malware Analysis

Plugin	Description
yara-authoring	YARA detection rule authoring with linting, atom analysis, and best practices

Verification

Plugin	Description
constant-time-analysis	Detect compiler-induced timing side-channels in cryptographic code
mutation-testing	Configure mewt/muton mutation testing campaigns — scope targets, tune timeouts, optimize long runs
property-based-testing	Property-based testing guidance for multiple languages and smart contracts
spec-to-code-compliance	Specification-to-code compliance checker for blockchain audits
zeroize-audit	Detect missing or compiler-eliminated zeroization of secrets in C/C++ and Rust

Reverse Engineering

Plugin	Description
dwarf-expert	Interact with and understand the DWARF debugging format

Mobile Security

View full README on GitHub

More by trailofbits

trailmark

5.3k·2·

Builds multi-language source code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, and entry point enumeration. Generates Mermaid diagrams (call graphs, class hierarchies, dependency maps, heatmaps). Compares code graph snapshots for structural diff and evolution analysis. Runs graph-informed mutation testing triage (genotoxic). Generates mutation-driven test vectors (vector-forge). Extracts crypto protocol message flows and converts Mermaid diagrams to ProVerif models. Projects SARIF and weAudit findings onto code graphs. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, or augmenting audits with static analysis findings.

2mo

v0.8.0

trailofbits

mutation-testing

5.3k·

Configures mewt or muton mutation testing campaigns — scopes targets, tunes timeouts, and optimizes long-running runs. Use when the user mentions mewt, muton, mutation testing, or wants to configure or optimize a mutation testing campaign.

2mo

v1.0.0

trailofbits

dimensional-analysis

5.3k·1·

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

2mo

v3.0.0

trailofbits

agentic-actions-auditor

5.3k·1·

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference)

3mo

v1.2.0

trailofbits

skill-improver

5.3k·8·

Automatically reviews and fixes Claude Code skills through iterative refinement until they meet quality standards. Requires plugin-dev plugin.

3mo

v1.0.1

trailofbits

zeroize-audit

Popularity

Health & Quality

What's Inside

Confidence

README

Trail of Bits Skills Marketplace

Installation

Claude Code Marketplace

Browse and Install Plugins

Codex

Local Development

Available Plugins

Smart Contract Security

Code Auditing

Malware Analysis

Verification

Reverse Engineering

Mobile Security

Similar Plugins

audit-context-building

grimoire

claude-token-reducer

drawio-diagramming

More by trailofbits

trailmark

mutation-testing

dimensional-analysis

agentic-actions-auditor

skill-improver

Trail of Bits Skills Marketplace

Installation

Claude Code Marketplace

Browse and Install Plugins

Codex

Local Development

Available Plugins

Smart Contract Security

Code Auditing

Malware Analysis

Verification

Reverse Engineering

Mobile Security

More by trailofbits

trailmark

mutation-testing

dimensional-analysis

agentic-actions-auditor

skill-improver

Popularity

Health & Quality

Similar Plugins

audit-context-building

grimoire

claude-token-reducer

drawio-diagramming

creative-writing

data