AIAny
Icon for item

Trail of Bits Skills Marketplace

Provides a Claude Code plugin marketplace that supplies modular skills for security research, vulnerability detection, and audit workflows. Includes scanners, analysis skills, and developer tooling to embed LLM-assisted security checks into existing pipelines.

Introduction

LLMs are entering security teams' toolchains, but the missing piece is a curated, auditable set of reusable behaviors that make those models useful and safe for real-world audits. Trail of Bits Skills packages security-focused "skills" for Claude Code so teams can invoke repeatable, testable LLM-driven analyses instead of ad-hoc prompts.

What Sets It Apart
  • Security-first skill catalog: Rather than a general-purpose plugin store, the repo groups skills around security tasks — smart contract checks, static-analysis adapters, supply-chain auditors, malware/YARA authoring, and other focused capabilities — so you get domain-relevant actions rather than generic completions. This reduces prompt engineering and speeds up onboarding for analysts.
  • Workflowable and composable: Skills are organized to be composed into audit flows (context building, differential review, false-positive verification, rule creation). That makes it practical to combine static tooling (Semgrep/CodeQL-style analyses) with LLM-driven summarization, triage, and remediation suggestions.
  • Engineering-friendly integration: The project includes developer tooling and Codex-sidecar support patterns so teams can test and iterate on skills locally and integrate them into CI or developer environments without rebuilding from scratch.
Who It's For and Trade-offs

Great fit if you: security engineers, audit teams, or consultants who want reproducible LLM-assisted analysis steps and a curated starting point for integrating Claude Code into audits. It helps when you need structured LLM behavior (e.g., rule generation, triage, contextual reviews) tied to existing scanners and artifacts. Look elsewhere if you: require a standalone, non-MCP application (Skills depend on Claude Code/MCP integration) or need turnkey vulnerability scanning with certified results. Skills are adapters and facilitators — human review and standard security tooling remain essential. Expect ongoing maintenance to keep adapters up to date with third-party tools and evolving model behaviors.

Where It Fits

Think of this repository as a middleware layer: it doesn’t replace Semgrep/CodeQL or dedicated fuzzers, but it wraps and orchestrates them inside LLM-driven workflows so outputs become more actionable (prioritized findings, human-readable summaries, remediation suggestions). For teams already experimenting with agentized workflows or Claude Code, it significantly lowers the friction of moving from exploratory prompts to reusable audit steps.

Information

  • Websitegithub.com
  • AuthorsTrail of Bits
  • Published date2026/01/14

Categories

More Items

GitHub
AI Agent2026

Provides a lightweight Python harness that turns LLMs into working agents with tool-use, skills, persistent memory, permission controls and multi-agent coordination. Ships with a CLI/React TUI, 43+ built-in tools, a plugin/skill system and the ohmo personal-agent for chat gateways. Best for developers prototyping agent workflows and multi-agent experiments.

GitHub
AI Client2025

Turns Chromium into a local-first AI browser with an embedded assistant that can summarise pages, extract structured data, automate web tasks, and run scheduled agents. Built as an open-source Chromium fork with 53+ built-in browser tools, 40+ app integrations, and support for BYO AI keys or fully local models (Ollama / LM Studio).

GitHub

Cross-platform API client for debugging, designing, testing and mocking GraphQL, REST, WebSockets, SSE and gRPC. Provides selectable storage backends (Local Vault, Git Sync, Cloud Sync with optional E2EE), a native OpenAPI editor, built-in test suites and a plugin ecosystem — useful for reproducible API development and pre-production validation.