From trailmark
Runs trailmark analyze --summary on codebase for language detection, entry point count, and dependency graph shape. Quick structural overview before decomposition or deeper analysis.
npx claudepluginhub trailofbits/skills --plugin trailmarkThis skill is limited to using the following tools:
Runs `trailmark analyze --summary` on a target directory.
Runs full trailmark structural analysis with blast radius, taint propagation, privilege boundaries, and complexity hotspots passes on codebases. Use for detailed structural data in audits or vivisect.
Guides codebase analysis: detects tech stack from files, maps structure, identifies patterns/architecture/workflows, generates summary. For onboarding or 'how does this work?' queries.
Runs 7-phase analysis of TypeScript codebases using typegraph-mcp tools like ts_dependency_tree and ts_import_cycles, producing architectural report for onboarding or overviews.
Share bugs, ideas, or general feedback.
Runs trailmark analyze --summary on a target directory.
trailmark-structural)trailmark skill directly)trailmark-structural)| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "I can read the code manually instead" | Manual reading misses dependency graph shape and entry point enumeration | Install and run trailmark |
| "Language detection doesn't matter" | Wrong language flag produces empty or incorrect analysis | Detect language from file extensions first |
| "Partial output is good enough" | Missing any of the three required outputs (language, entry points, dependencies) means incomplete analysis | Verify all three are present |
| "Tool isn't installed, I'll skip it" | This skill exists specifically to run trailmark | Report the installation gap instead of skipping |
The target directory is passed via the args parameter.
Step 1: Check that trailmark is available.
trailmark analyze --help 2>/dev/null || \
uv run trailmark analyze --help 2>/dev/null
If neither command works, report "trailmark is not installed"
and return. Do NOT run pip install, uv pip install,
git clone, or any install command. The user must install
trailmark themselves.
Step 2: Detect the primary language.
find {args} -type f \( -name '*.rs' -o -name '*.py' \
-o -name '*.go' -o -name '*.js' -o -name '*.jsx' \
-o -name '*.ts' -o -name '*.tsx' -o -name '*.sol' \
-o -name '*.c' -o -name '*.h' -o -name '*.cpp' \
-o -name '*.hpp' -o -name '*.hh' -o -name '*.cc' \
-o -name '*.cxx' -o -name '*.hxx' \
-o -name '*.rb' -o -name '*.php' -o -name '*.cs' \
-o -name '*.java' -o -name '*.hs' -o -name '*.erl' \
-o -name '*.cairo' -o -name '*.circom' \) 2>/dev/null | \
sed 's/.*\.//' | sort | uniq -c | sort -rn | head -5
Map the most common extension to a language flag:
.rs -> --language rust.py -> (no flag, Python is default).go -> --language go.js/.jsx -> --language javascript.ts/.tsx -> --language typescript.sol -> --language solidity.c/.h -> --language c.cpp/.hpp/.hh/.cc/.cxx/.hxx -> --language cpp.rb -> --language ruby.php -> --language php.cs -> --language c_sharp.java -> --language java.hs -> --language haskell.erl -> --language erlang.cairo -> --language cairo.circom -> --language circomStep 3: Run the summary.
trailmark analyze --summary {language_flag} {args} 2>&1 || \
uv run trailmark analyze --summary {language_flag} {args} 2>&1
Step 4: Verify the output.
The output must include ALL THREE of:
If any are missing, report the gap. Do not fabricate output.
Return the full trailmark output.