SkillsMay 11, 2026·2 min read

Trail of Bits Skills — Security Plugin Marketplace

Add Trail of Bits’ marketplace to run security code reviews, static analysis, and supply-chain checks via repeatable Claude Code plugins.

Agent ready

Review-first install path

This asset needs a review step. The copied prompt tells the agent to dry-run, show the writes, then proceed only after confirmation.

Needs Confirmation · 66/100Policy: confirm
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Single
Trust
Trust: Established
Entrypoint
Asset
Review-first command
npx -y tokrepo@latest install a6994752-c6af-40ec-b414-2afe5df6b18a --target codex

Dry-run first, confirm the writes, then run this command.

Intro

Add Trail of Bits’ marketplace to run security code reviews, static analysis, and supply-chain checks via repeatable Claude Code plugins.

  • Best for: security-minded teams who want consistent audit checklists and tool-assisted workflows in Claude Code
  • Works with: Claude Code marketplace + plugin install flow; includes many plugins across security workflows (per repo docs)
  • Setup time: 9 minutes

Quantitative Notes

  • GitHub stars + forks (verified): see Source & Thanks
  • Setup time ~9 minutes (marketplace add + install one plugin)
  • Marketplace provides many security plugins (repo docs)

Practical Notes

Use this marketplace to standardize security work: the same checks, the same outputs, every time. In practice, set a rule that every risky change must pass at least one plugin run (and store the outputs as artifacts). Because skills can be powerful, always review what tools they invoke and what files they read/write.

Safety note: Install only trusted plugins and pin versions when possible; treat plugins as code in your threat model.

FAQ

Q: Is it open source? A: Yes. The repo is public; license is CC-BY-SA-4.0 (verified in Source & Thanks).

Q: Do I have to install everything? A: No. Add the marketplace, then install only the plugins you need.

Q: Where should I start? A: Pick one narrow plugin (e.g., insecure defaults) and run it on a small codebase first.


🙏

Source & Thanks

GitHub: https://github.com/trailofbits/skills Owner avatar: https://avatars.githubusercontent.com/u/2314423?v=4 License (SPDX): CC-BY-SA-4.0 GitHub stars (verified via api.github.com/repos/trailofbits/skills): 5,117 GitHub forks (verified via api.github.com/repos/trailofbits/skills): 447

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets