Stats
Actions
Tags
From trailmark
Runs full trailmark structural analysis with blast radius, taint propagation, privilege boundaries, and complexity hotspots passes on codebases. Use for detailed structural data in audits or vivisect.
How this skill is triggered — by the user, by Claude, or both
Slash command
/trailmark:trailmark-structuralThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Runs `trailmark analyze` with all four pre-analysis passes.
Runs trailmark analyze with all four pre-analysis passes.
trailmark-summary instead)trailmark skill directly)| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "Summary analysis is enough" | Summary skips taint, blast radius, and privilege boundary data | Run full structural analysis when detailed data is needed |
| "One pass is sufficient" | Passes cross-reference each other — taint without blast radius misses critical nodes | Run all four passes |
| "Tool isn't installed, I'll analyze manually" | Manual analysis misses what tooling catches | Report "trailmark is not installed" and return |
| "Empty pass output means the pass failed" | Some passes produce no data for some codebases (e.g., no privilege boundaries) | Return full output regardless |
The target directory is passed via the args parameter.
Step 1: Check that trailmark is available.
trailmark analyze --help 2>/dev/null || \
uv run trailmark analyze --help 2>/dev/null
If neither command works, report "trailmark is not installed"
and return. Do NOT run pip install, uv pip install,
git clone, or any install command. The user must install
trailmark themselves.
Step 2: Detect the primary language.
find {args} -type f \( -name '*.rs' -o -name '*.py' \
-o -name '*.go' -o -name '*.js' -o -name '*.jsx' \
-o -name '*.ts' -o -name '*.tsx' -o -name '*.sol' \
-o -name '*.c' -o -name '*.h' -o -name '*.cpp' \
-o -name '*.hpp' -o -name '*.hh' -o -name '*.cc' \
-o -name '*.cxx' -o -name '*.hxx' \
-o -name '*.rb' -o -name '*.php' -o -name '*.cs' \
-o -name '*.java' -o -name '*.hs' -o -name '*.erl' \
-o -name '*.cairo' -o -name '*.circom' \) 2>/dev/null | \
sed 's/.*\.//' | sort | uniq -c | sort -rn | head -5
Map the most common extension to a language flag:
.rs -> --language rust.py -> (no flag, Python is default).go -> --language go.js/.jsx -> --language javascript.ts/.tsx -> --language typescript.sol -> --language solidity.c/.h -> --language c.cpp/.hpp/.hh/.cc/.cxx/.hxx -> --language cpp.rb -> --language ruby.php -> --language php.cs -> --language c_sharp.java -> --language java.hs -> --language haskell.erl -> --language erlang.cairo -> --language cairo.circom -> --language circomStep 3: Run the full structural analysis.
trailmark analyze \
--passes blast_radius,taint,privilege_boundary,complexity \
{language_flag} {args} 2>&1 || \
uv run trailmark analyze \
--passes blast_radius,taint,privilege_boundary,complexity \
{language_flag} {args} 2>&1
Step 4: Verify the output.
The output should include:
Some passes may produce no data for some codebases (this is normal). Return the full output regardless.
npx claudepluginhub trailofbits/skills --plugin trailmarkBuilds and queries multi-language code graphs for security audits with pre-analysis for blast radius, taint propagation, privilege boundaries, and entry points. Supports 16 languages including Rust, Go, Python, TypeScript.
Performs ultra-granular line-by-line code analysis to build deep architectural context before vulnerability or bug detection in security audits.
Runs a 7-phase codebase analysis using typegraph-mcp tools, producing a detailed architectural report. Useful when onboarding to an unfamiliar codebase or before making significant changes.