security
the sleeper category. Trail of Bits alone makes this one of the strongest skill domains. see company-skills for Trail of Bits' full profile.
related: development · company skills · frameworks · tooling
Trail of Bits (trailofbits/skills)
40+ professional security skills from one of the top security auditing firms. if you do any security work, these are the highest-quality skills available.
analysis & detection
- static-analysis — CodeQL + Semgrep integration
- variant-analysis — find variants of known vulnerabilities
- insecure-defaults — detect insecure default configurations
- sharp-edges — identify API misuse patterns
- constant-time-analysis — verify constant-time implementations
- differential-review — security-focused diff review
smart contracts & blockchain
- building-secure-contracts — secure smart contract development
- audit-context-building — build context for security audits
supply chain & compliance
- supply-chain-risk-auditor — audit dependency supply chain
- spec-to-code-compliance — verify code matches specification
- zeroize-audit — verify sensitive data is properly zeroed
testing
- mutation-testing — test suite quality via mutation analysis
- property-based-testing — generate property-based tests
detection & hunting
- semgrep-rule-creator — create custom Semgrep rules
- yara-authoring — write YARA rules for malware detection
- firebase-apk-scanner — scan Android APKs for Firebase misconfigurations
also in tooling: trailofbits/skills-curated (348 stars) — their vetted plugin marketplace.
community security skills
- FFUF Web Fuzzing — integrates ffuf web fuzzer. also in development. by @jthack
- threat-hunting-with-sigma-rules — Sigma detection rules for threat hunting. by @jthack
- iothackbot (735 stars) — IoT penetration testing skills and tooling.
- android-reverse-engineering (1.5k stars) — Android app reverse engineering support.
forensics (from claude-skills-marketplace)
- computer-forensics — digital forensics analysis
- file-deletion — secure file deletion and sanitization
- metadata-extraction — file metadata extraction for forensic purposes