Maintainer shelf

Trailofbits

Reusable agent skills published under this GitHub owner—sorted by stars with aggregate signals below.
45 skills134K GitHub stars0 weekly installsGitHub
Strongest repo by stars
trailofbits/skills

45 skills · 134K stars total

Open repo

45 skills

harness-writing
Code Review

This skill helps you write robust fuzzing harnesses across languages to maximize coverage, determinism, and bug reproducibility.

SecurityTestingWritingPython
firebase-apk-scanner
Analytics

This skill scans APKs for Firebase misconfigurations and surfaces exposed databases, auth gaps, and cloud functions risks to guide mobile security audits.

CloudDataDatabaseSecurity+2
spec-to-code-compliance
Ai

This skill verifies code matches documentation and identifies gaps between spec and implementation in blockchain audits.

AutomationCode ReviewPythonSecurity+1
cargo-fuzz
Automation

This skill helps you fuzz Rust projects quickly with cargo-fuzz, enabling libFuzzer-backed testing and sanitizer integration for robust code.

CliDebuggingPerformanceSecurity+2
semgrep-rule-creator
Automation

This skill helps you craft production-quality Semgrep rules with tests, taint mode, and validation to detect vulnerabilities and enforce standards.

Ci CdCode ReviewDevopsSecurity+3
code-maturity-assessor
Automation

This skill analyzes code maturity using Trail of Bits framework to produce evidence-based ratings and actionable improvement recommendations.

Code ReviewSecurityTestingPython
address-sanitizer
Ci Cd

This skill helps fuzzers detect memory errors in C/C++ code using AddressSanitizer to find overflows and use-after-free issues.

DebuggingSecurityTestingPython
token-integration-analyzer
Code Review

This skill analyzes token implementations and integrations against ERC20/ERC721 standards, identifies 20+ weird patterns, and flags on-chain risks for secure

SecurityTestingPython
variant-analysis
Ai

This skill helps you locate variant vulnerabilities across codebases by pattern-based analysis and systematic auditing guidance.

AnalyticsCode ReviewResearchSecurity+2
guidelines-advisor
Ai

This skill analyzes smart contract codebases using Trail of Bits guidelines to generate docs, assess architecture, upgradeability, testing, and provide

AutomationCode ReviewDocsSecurity+2
sharp-edges
Api

This skill helps identify API misuses and dangerous defaults to ensure secure-by-default design and resist footgun configurations.

Code ReviewDesignPlanningSecurity+2
ask-questions-if-underspecified
Ai

This skill helps clarify ambiguous requests by generating concise must-have questions to ensure accurate implementation.

DocsPlanningProductPython
skill-improver
Ai

This skill iteratively reviews and fixes Claude Code skills using the skill-reviewer agent to meet quality standards and improve descriptions.

AutomationCode ReviewPythonSecurity+2
let-fate-decide
Ai

This skill helps resolve vague prompts by drawing and interpreting a 4-card Tarot spread to guide next steps.

AutomationPythonResearchStrategy+1
zeroize-audit
Code Review

This skill detects missing zeroization of sensitive data in C/C++/Rust code and verifies compiler-induced zeroize removals with assembly evidence.

PythonRustSecurityPython
seatbelt-sandboxer
Automation

This skill generates minimal macOS Seatbelt sandbox configurations to isolate applications with allowlist-based profiles for secure, confined execution.

CliPythonScriptingSecurity+1
designing-workflow-skills
Ai

This skill guides designing workflow-based Claude Code skills with multi-step phases, decision trees, and progressive disclosure to ensure robust routing and

AutomationBackendDevopsPython+2
git-cleanup
Automation

This skill analyzes local git branches and worktrees, groups related work, and guides safe cleanup with user approval.

DevopsGitPythonSecurity+1
using-gh-cli
Api

This skill helps you interact with GitHub resources using the gh CLI, replacing curl or WebFetch for repos, PRs, issues, and API data.

AutomationCliGitSecurity+1
second-opinion
Automation

This skill provides an independent code review by integrating Codex and Gemini CLIs for uncommitted changes, diffs, or specific commits.

CliCode ReviewPythonSecurity+1
devcontainer-setup
Devops

This skill creates pre-configured devcontainers with Claude Code and language tooling for Python, Node, Rust, or Go, enabling isolated, persistent development

GoPythonRustPython
yara-rule-authoring
Code Review

This skill guides authoring of high quality YARA-X rules for malware detection, focusing on performance, accuracy, and safe migration.

PerformancePythonRustSecurity+1
insecure-defaults
Code Review

This skill detects fail-open insecure defaults such as weak secrets and permissive config to help audit production readiness and secure deployments.

DevopsSecurityPython
codeql
Automation

This skill runs CodeQL analysis to detect security vulnerabilities across languages using interprocedural taint tracking and data flow insights.

PythonSecurityPython
property-based-testing
Code Review

This skill helps you apply property-based testing to serialization, parsing, validation, and smart contracts to improve coverage.

DesignPythonResearchSecurity+2
audit-prep-assistant
Automation

This skill prepares codebases for security reviews by guiding goals, running static analysis, boosting test coverage, removing dead code, and generating

Ci CdCode ReviewDocsSecurity+2
constant-time-analysis
Code Review

This skill helps identify timing side-channel vulnerabilities in cryptographic code by flagging secret-dependent timing and branch behavior.

DebuggingPerformanceSecurityTesting+1
wycheproof
Automation

This skill helps you validate crypto implementations against known attacks using Wycheproof test vectors across AES-GCM, ECDSA, RSA, and more.

Ci CdMonitoringScriptingSecurity+2
fuzzing-obstacles
Automation

This skill helps you bypass anti-fuzzing obstacles by patching code for fuzzing builds while preserving production behavior.

Code ReviewDebuggingScriptingSecurity+2
secure-workflow-guide
Automation

This skill guides security analysis using Trail of Bits' 5-step workflow, runs Slither checks, generates diagrams, and documents security properties.

Ci CdCode ReviewSecurityTesting+1
dwarf-expert
Code Review

This skill helps you analyze DWARF debug information across v3-v5, answer standards questions, and assist code interacting with DWARF data.

DebuggingScriptingSecurityPython
ton-vulnerability-scanner
Code Review

This skill scans TON FunC contracts for three critical vulnerabilities, reports findings, and suggests fixes to improve security.

Integration TestsSecurityTestingUnit Tests+1
fuzzing-dictionary
Ai

This skill helps you craft targeted fuzzing dictionaries to improve parser and protocol coverage by injecting domain-specific tokens.

AutomationDebuggingScriptingSecurity+2
audit-context-building
Ai

This skill enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability hunting, reducing hallucinations and

Code ReviewDebuggingPythonSecurity+1
atheris
Automation

This skill helps you quickly fuzz Python code and C extensions using Atheris to uncover memory issues with libFuzzer integration.

DebuggingScriptingSecurityTesting+1
constant-time-testing
Automation

This skill helps identify timing side-channel leaks in cryptographic code by guiding statistical, dynamic, and formal analyses.

DebuggingObservabilityScriptingSecurity+2
modern-python
Ci Cd

This skill helps you configure modern Python projects with uv, ruff, and ty, streamlining setup, tooling, and migrations.

DevopsFormattingLintingMigration+2
algorand-vulnerability-scanner
Automation

This skill scans Algorand smart contracts for 11 vulnerabilities, delivering actionable findings and fixes to strengthen TEAL and PyTeal security.

Ci CdCode ReviewSecurityTesting+1
solana-vulnerability-scanner
Code Review

This skill scans Solana programs for 6 critical vulnerabilities, identifies issues in CPI, PDA validation, signer checks, and sysvar spoofing.

SecurityTestingPython
differential-review
Code Review

This skill performs security-focused differential reviews of PRs and diffs, adapts depth by codebase size, and generates comprehensive markdown audit reports.

GitSecurityTestingPython
libfuzzer
Automation

This skill helps you fuzz C/C++ code quickly using libFuzzer with Clang integration, enabling fast, single-project coverage exploration.

SecurityTestingPython
semgrep-rule-variant-creator
Automation

This skill ports existing Semgrep rules to new languages, generating independent rule and test directories per target.

Ci CdCode ReviewRefactorSecurity+2
cairo-vulnerability-scanner
Automation

This skill scans Cairo/StarkNet contracts for 6 critical vulnerabilities and provides actionable fixes to strengthen security before deployment.

Code ReviewIntegration TestsSecurityTesting+1
libafl
Automation

This skill helps you build and customize fuzzers with LibAFL for advanced research, custom mutations, and fine-grained fuzzing control.

DebuggingMonitoringObservabilityResearch+3
fix-review
Automation

This skill verifies that remediation commits address security findings without introducing bugs by comparing changes to audit reports.

Code ReviewDebuggingGitSecurity+2
Full skills directory
Search and filter the entire library—then dive back into this owner anytime.
Browse by topic
See how skills cluster by workflow problem space—not just by repository.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational