trailofbits-skills
Security testing skills from creators of Slither, Echidna, Medusa. Smart contract vulnerability scanners, property-based testing, static analysis, and audit tools from Trail of Bits.
Best use case
trailofbits-skills is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Security testing skills from creators of Slither, Echidna, Medusa. Smart contract vulnerability scanners, property-based testing, static analysis, and audit tools from Trail of Bits.
Teams using trailofbits-skills should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/trailofbits-skills/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How trailofbits-skills Compares
| Feature / Agent | trailofbits-skills | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Security testing skills from creators of Slither, Echidna, Medusa. Smart contract vulnerability scanners, property-based testing, static analysis, and audit tools from Trail of Bits.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Trail of Bits Skills Official security testing skills from Trail of Bits, creators of Slither, Echidna, and Medusa. A Claude Code plugin marketplace providing skills for AI-assisted security analysis, testing, and development workflows. Includes smart contract vulnerability scanners for 6+ blockchains (Solidity, Cairo, Solana, TON, Cosmos, Substrate, Algorand), property-based testing guidance, static analysis with CodeQL and Semgrep, audit preparation, and security-focused code review tools. ## Installation ``` /plugin marketplace add trailofbits/skills ``` Or browse and install individual plugins: ``` /plugin menu ``` ## Available Security Skills ### Smart Contract Security - **building-secure-contracts** - Vulnerability scanners for Solidity, Cairo, Solana, TON, Cosmos, Substrate, Algorand - **entry-point-analyzer** - Identify state-changing entry points for security auditing - **token-integration-analyzer** - ERC20/ERC721 conformity and weird token pattern detection ### Code Auditing - **audit-context-building** - Ultra-granular code analysis for audit context - **differential-review** - Security-focused review of code changes - **variant-analysis** - Find similar vulnerabilities across codebases - **static-analysis** - CodeQL, Semgrep, and SARIF parsing toolkit - **supply-chain-risk-auditor** - Audit dependency supply-chain risks ### Verification - **property-based-testing** - Property-based testing for multiple languages and smart contracts - **spec-to-code-compliance** - Specification-to-code compliance checker - **constant-time-analysis** - Detect timing side-channels in cryptographic code ## Links - **GitHub**: https://github.com/trailofbits/skills - **Trail of Bits**: https://www.trailofbits.com - **Building Secure Contracts**: https://secure-contracts.com
Related Skills
senpi-skills
Agent Skills for autonomous crypto trading on Hyperliquid — trailing stops, market scanning, position management, and more.
bybit-ai-skills
253 API endpoints for trading, derivatives, earn products on Bybit. Comprehensive AI skills covering spot, futures, options, and institutional features.
binance-skills-hub
Binance Skills Hub is an open skills marketplace that gives AI agents native access to crypto
trailofbits-official-building-secure-contracts
Brought to you by [Trail of Bits](https://www.trailofbits.com/), this repository offers guidelines and best practices for developing secure smart contracts. Contributions are welcome, you can contribute by following our [contributing guidel
openzeppelin-skills
Authoritative knowledge of audited OpenZeppelin smart contract libraries. Reference for ERC-20, ERC-721, ERC-1155, access control, upgradeable contracts, and governance patterns.
ethskills
Use when a request involves Ethereum, the EVM, or blockchain systems. Applies to building, auditing, deploying, or interacting with smart contracts, dApps, wallets, or DeFi protocols. Covers Solidity development, contract addresses, token standards (ERC-20, ERC-721, ERC-4626, etc.), Layer 2 networks (Base, Arbitrum, Optimism, zkSync, Polygon), and integrations with DeFi protocols such as Uniswap, Aave, and Curve. Includes topics such as gas costs, contract decimals, oracle safety, reentrancy, MEV, bridging, wallets, querying data from onchain, production deployment, and protocol evolution (EIP lifecycle, fork tracking, upcoming changes).
drpc-official-agent-skills
[](https://github.com/drpcorg/drpc-agent-skills)
ctf-skills
Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more
arrays-skills
Skills that teach LLM agents how to call 114+ Arrays Data api endpoints across US equities, ETFs, crypto, macro, and more.
web3-awesome-skills
A curated registry of Web3 and AI-native skills, covering exchanges, DeFi, analytics, wallets, MCP tooling, and agent workflows in one repository.
tomorrowdao-agent-skills
TomorrowDAO governance, BP, and resource operations for agents.
nethermind-official-defi-skills
Build unsigned DeFi transactions from natural language. Use when the user wants to send, transfer, swap, stake, unstake, wrap, unwrap, supply, withdraw, borrow, repay, deposit, delegate, add liquidity, remove liquidity, or trade yield tokens on-chain. Covers ETH, ERC-20, ERC-721, Aave, Lido, Uniswap, Curve, Compound, MakerDAO, Rocket Pool, EigenLayer, Balancer, Pendle, and WETH.