Is Trail of Bits Skills — Security Plugin Marketplace free to use?

Yes. Trail of Bits Skills — Security Plugin Marketplace is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Trail of Bits Skills — Security Plugin Marketplace?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

SkillsMay 11, 2026·2 min read

Trail of Bits Skills — Security Plugin Marketplace

Name: Trail of Bits Skills — Security Plugin Marketplace
Author: Skill Factory

Add Trail of Bits’ marketplace to run security code reviews, static analysis, and supply-chain checks via repeatable Claude Code plugins.

Skill Factory · Community

Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Needs Confirmation · 66/100Policy: confirm

Agent surface

Any MCP/CLI agent

Kind

Skill

Install

Single

Trust

Trust: Established

Entrypoint

README.md

Universal CLI install command

npx tokrepo install a6994752-c6af-40ec-b414-2afe5df6b18a

install contract metadata JSON adapter plan raw content

Intro

Add Trail of Bits’ marketplace to run security code reviews, static analysis, and supply-chain checks via repeatable Claude Code plugins.

Best for: security-minded teams who want consistent audit checklists and tool-assisted workflows in Claude Code
Works with: Claude Code marketplace + plugin install flow; includes many plugins across security workflows (per repo docs)
Setup time: 9 minutes

Quantitative Notes

GitHub stars + forks (verified): see Source & Thanks
Setup time ~9 minutes (marketplace add + install one plugin)
Marketplace provides many security plugins (repo docs)

Practical Notes

Use this marketplace to standardize security work: the same checks, the same outputs, every time. In practice, set a rule that every risky change must pass at least one plugin run (and store the outputs as artifacts). Because skills can be powerful, always review what tools they invoke and what files they read/write.

Safety note: Install only trusted plugins and pin versions when possible; treat plugins as code in your threat model.

FAQ

Q: Is it open source? A: Yes. The repo is public; license is CC-BY-SA-4.0 (verified in Source & Thanks).

Q: Do I have to install everything? A: No. Add the marketplace, then install only the plugins you need.

Q: Where should I start? A: Pick one narrow plugin (e.g., insecure defaults) and run it on a small codebase first.

🙏

Source & Thanks

GitHub: https://github.com/trailofbits/skills Owner avatar: https://avatars.githubusercontent.com/u/2314423?v=4 License (SPDX): CC-BY-SA-4.0 GitHub stars (verified via api.github.com/repos/trailofbits/skills): 5,117 GitHub forks (verified via api.github.com/repos/trailofbits/skills): 447

Discussion

No comments yet. Be the first to share your thoughts.

Related Assets

Hugging Face Skills — Agent Skills Marketplace

Install Hugging Face Skills to teach your agent Hub workflows (download, upload, datasets, evals) across Claude Code, Codex, and Cursor.

Skills

Skill Factory

claude-skills — 170 Production Skills for Claude Code

Add the claude-skills marketplace to Claude Code and install targeted skills for web apps, Cloudflare, Tailwind v4, and AI integrations.

Skills

Skill Factory

OrchestKit — Claude Code Skills, Agents & Hooks

Claude Code plugin bundle with 100+ skills, agents, and hooks. Run `/ork:setup` to detect your stack, recommend MCPs, and onboard faster.

Skills

Skill Factory

Generative Media Skills — muapi + npx skills add

Generative Media Skills is a multi-modal skill library: run image/video recipes via muapi-cli, installable into Claude Code/Cursor with `npx skills add`.

Skills

Skill Factory

◈Home 🔍Search 👤Me