# Trail of Bits Skills

## Docs

- [Agents](https://mintlify.wiki/trailofbits/skills/concepts/agents.md): Autonomous agents for complex multi-step workflows
- [Commands](https://mintlify.wiki/trailofbits/skills/concepts/commands.md): Slash commands that trigger workflows and invoke skills
- [Plugins](https://mintlify.wiki/trailofbits/skills/concepts/plugins.md): Understanding the plugin architecture and structure
- [Skills](https://mintlify.wiki/trailofbits/skills/concepts/skills.md): How skills provide knowledge and guidance to Claude
- [Best Practices](https://mintlify.wiki/trailofbits/skills/contributing/best-practices.md): Trail of Bits quality standards for skill development
- [Reference Examples](https://mintlify.wiki/trailofbits/skills/contributing/examples.md): Real-world skill examples at different complexity levels
- [Getting Started](https://mintlify.wiki/trailofbits/skills/contributing/getting-started.md): Learn how to start contributing skills to the Trail of Bits Skills Marketplace
- [Plugin Structure](https://mintlify.wiki/trailofbits/skills/contributing/plugin-structure.md): Required directory structure and file organization for plugins
- [Skill Authoring Guide](https://mintlify.wiki/trailofbits/skills/contributing/skill-authoring.md): Detailed guide for creating effective Claude Code skills
- [Trophy Case](https://mintlify.wiki/trailofbits/skills/contributing/trophy-case.md): Bugs discovered using Trail of Bits Skills
- [Installation](https://mintlify.wiki/trailofbits/skills/installation.md): Add the Trail of Bits Skills marketplace to Claude Code
- [Trail of Bits Skills Marketplace](https://mintlify.wiki/trailofbits/skills/introduction.md): Enhance AI-assisted security analysis, testing, and development workflows with specialized Claude Code plugins
- [Agentic Actions Auditor](https://mintlify.wiki/trailofbits/skills/plugins/agentic-actions-auditor.md): Audit GitHub Actions workflows for security vulnerabilities in AI agent integrations
- [Ask Questions If Underspecified](https://mintlify.wiki/trailofbits/skills/plugins/ask-questions-if-underspecified.md): Clarify ambiguous requirements by asking minimum questions before implementing
- [Audit Context Building](https://mintlify.wiki/trailofbits/skills/plugins/audit-context-building.md): Build deep architectural context through ultra-granular code analysis before vulnerability hunting
- [Building Secure Contracts](https://mintlify.wiki/trailofbits/skills/plugins/building-secure-contracts.md): Comprehensive smart contract security toolkit with vulnerability scanners and development guideline assistants
- [Burp Suite Project Parser](https://mintlify.wiki/trailofbits/skills/plugins/burpsuite-project-parser.md): Search and extract data from Burp Suite project files for security analysis with Claude
- [Claude in Chrome Troubleshooting](https://mintlify.wiki/trailofbits/skills/plugins/claude-in-chrome-troubleshooting.md): Diagnose and fix Claude in Chrome MCP extension connectivity issues
- [Constant-Time Analysis](https://mintlify.wiki/trailofbits/skills/plugins/constant-time-analysis.md): Detect timing side-channel vulnerabilities in cryptographic code across 12 languages
- [Culture Index](https://mintlify.wiki/trailofbits/skills/plugins/culture-index.md): Interpret Culture Index survey results for individuals and teams
- [Debug Buttercup](https://mintlify.wiki/trailofbits/skills/plugins/debug-buttercup.md): Debug Buttercup CRS Kubernetes deployments
- [Devcontainer Setup](https://mintlify.wiki/trailofbits/skills/plugins/devcontainer-setup.md): Create pre-configured devcontainers with Claude Code and language-specific tooling
- [Differential Review](https://mintlify.wiki/trailofbits/skills/plugins/differential-review.md): Security-focused differential review of code changes with git history analysis and blast radius estimation
- [DWARF Expert](https://mintlify.wiki/trailofbits/skills/plugins/dwarf-expert.md): Interact with and analyze DWARF debug files, understand the DWARF standard, and write code that parses DWARF data
- [Entry Point Analyzer](https://mintlify.wiki/trailofbits/skills/plugins/entry-point-analyzer.md): Systematically identify state-changing entry points in smart contracts for security auditing
- [Firebase APK Scanner](https://mintlify.wiki/trailofbits/skills/plugins/firebase-apk-scanner.md): Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, and authentication bypasses
- [FP Check](https://mintlify.wiki/trailofbits/skills/plugins/fp-check.md): Systematic false positive verification for security bug analysis with mandatory gate reviews
- [GitHub CLI (gh)](https://mintlify.wiki/trailofbits/skills/plugins/gh-cli.md): Intercepts GitHub URL fetches and redirects to authenticated gh CLI
- [Git Cleanup](https://mintlify.wiki/trailofbits/skills/plugins/git-cleanup.md): Safely analyze and clean up local git branches and worktrees
- [Insecure Defaults](https://mintlify.wiki/trailofbits/skills/plugins/insecure-defaults.md): Detect fail-open insecure defaults including hardcoded credentials, weak crypto, and permissive security configs
- [Let Fate Decide](https://mintlify.wiki/trailofbits/skills/plugins/let-fate-decide.md): Draw Tarot cards using cryptographic randomness to guide vague or underspecified planning
- [Modern Python](https://mintlify.wiki/trailofbits/skills/plugins/modern-python.md): Modern Python tooling with uv, ruff, ty, and pytest
- [Property-Based Testing](https://mintlify.wiki/trailofbits/skills/plugins/property-based-testing.md): Guidance for property-based testing across multiple languages and smart contracts
- [Seatbelt Sandboxer](https://mintlify.wiki/trailofbits/skills/plugins/seatbelt-sandboxer.md): Generate minimal macOS Seatbelt sandbox configurations
- [Second Opinion](https://mintlify.wiki/trailofbits/skills/plugins/second-opinion.md): Run external LLM code reviews using OpenAI Codex or Google Gemini CLI
- [Semgrep Rule Creator](https://mintlify.wiki/trailofbits/skills/plugins/semgrep-rule-creator.md): Create production-quality Semgrep rules for detecting security vulnerabilities and bug patterns with test-driven development
- [Semgrep Rule Variant Creator](https://mintlify.wiki/trailofbits/skills/plugins/semgrep-rule-variant-creator.md): Port existing Semgrep rules to new target languages with applicability analysis and test-driven validation
- [Sharp Edges](https://mintlify.wiki/trailofbits/skills/plugins/sharp-edges.md): Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes
- [Skill Improver](https://mintlify.wiki/trailofbits/skills/plugins/skill-improver.md): Iteratively review and fix Claude Code skills until they meet quality standards
- [Spec-to-Code Compliance](https://mintlify.wiki/trailofbits/skills/plugins/spec-to-code-compliance.md): Evidence-based alignment analysis between specifications and blockchain implementations
- [Static Analysis](https://mintlify.wiki/trailofbits/skills/plugins/static-analysis.md): Comprehensive static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection
- [Supply Chain Risk Auditor](https://mintlify.wiki/trailofbits/skills/plugins/supply-chain-risk-auditor.md): Audit supply-chain threat landscape of project dependencies for exploitation or takeover risk
- [Testing Handbook Skills](https://mintlify.wiki/trailofbits/skills/plugins/testing-handbook-skills.md): Security testing skills generated from the Trail of Bits Application Security Testing Handbook
- [Variant Analysis](https://mintlify.wiki/trailofbits/skills/plugins/variant-analysis.md): Find similar vulnerabilities and bugs across codebases using pattern-based analysis
- [Workflow Skill Design](https://mintlify.wiki/trailofbits/skills/plugins/workflow-skill-design.md): Design patterns and review for workflow-based Claude Code skills
- [YARA Authoring](https://mintlify.wiki/trailofbits/skills/plugins/yara-authoring.md): Author high-quality YARA-X detection rules for malware identification with expert judgment and performance optimization
- [Zeroize Audit](https://mintlify.wiki/trailofbits/skills/plugins/zeroize-audit.md): Detect missing or compiler-optimized zeroization with assembly and control-flow analysis
- [Quick Start](https://mintlify.wiki/trailofbits/skills/quickstart.md): Get up and running with Trail of Bits Skills in minutes

## OpenAPI Specs

- [openapi](https://mintlify.wiki/trailofbits/skills/api-reference/openapi.json)