QUICK INFO
| Difficulty | Intermediate |
| Time Required | 15-20 minutes |
| Prerequisites |
|
| Tools Needed |
|
What You'll Learn:
- How to add and browse the Trail of Bits plugin marketplace in Claude Code
- Which security plugins to install for different audit workflows
- How to run an audit-context-building session on a real codebase
- How skills auto-activate versus commands you invoke manually
This guide walks you through setting up Trail of Bits' skills marketplace for Claude Code. It's aimed at security engineers, auditors, and developers who want Claude Code to think more like a security researcher and less like a generic coding assistant.
Trail of Bits is a well-known security research firm. They've open-sourced a set of Claude Code plugins that encode some of their audit methodology into reusable skills. These aren't chat prompts or wrappers; they're structured workflows that change how Claude approaches code analysis, from the questions it asks to the patterns it flags.
Getting Started
You need Claude Code running with plugin support. Anthropic shipped plugins as a public beta in late 2025, and they work in both the terminal and VS Code. If you can type /plugin in a Claude Code session and see a menu, you're set.
Open Claude Code in your terminal and run:
/plugin marketplace add trailofbits/skillsThis registers the Trail of Bits marketplace catalog. No plugins are installed yet. Claude Code fetches the marketplace.json from their GitHub repo and makes the listing available locally. It takes a few seconds.
Now open the plugin browser:
/plugin menuYou'll see a tabbed interface. Go to the Discover tab to browse what's available. There are around 18 plugins across several categories: smart contract security, code auditing, verification, reverse engineering, and a few utility plugins. You don't need all of them. Pick the ones that match what you actually do.
Which Plugins to Install
The marketplace groups plugins into categories, but in practice the ones you'll reach for depend on what kind of work you're doing. I'll cover the ones that matter most for general security work and skip the niche stuff.
For code audits (the core set)
Three plugins form the backbone of the audit workflow. audit-context-building is the most interesting one. It changes how Claude thinks during the early phase of an audit: instead of jumping to conclusions, it does line-by-line analysis, tracks cross-function data flows, and builds an explicit mental model of the codebase before hunting for bugs. It applies techniques like First Principles analysis and the "5 Whys" at a granular level. This is a skill, not a command, so it activates automatically when Claude detects you're doing audit-type work.
differential-review handles security-focused code review on diffs and git history. It estimates blast radius for changes, which is useful during fix verification or PR review on security-sensitive code. sharp-edges scans for error-prone APIs, dangerous default configurations, and what the plugin calls "footgun designs." Think of it as a structured checklist for the kinds of mistakes that slip through normal code review.
Install all three from the plugin menu, or directly:
/plugin install audit-context-building@trailofbits-skills
/plugin install differential-review@trailofbits-skills
/plugin install sharp-edges@trailofbits-skillsFor static analysis
The static-analysis plugin bundles CodeQL, Semgrep, and SARIF parsing into one toolkit. If you already have Semgrep or CodeQL installed locally, this plugin lets Claude drive them and interpret results. The semgrep-rule-creator is more specialized: it walks Claude through writing and refining custom Semgrep rules for patterns you've identified. There's also a semgrep-rule-variant-creator that ports existing rules to different languages, though I haven't tested that one as thoroughly.
For smart contracts
The building-secure-contracts plugin is based on Trail of Bits' Building Secure Contracts framework. It includes vulnerability scanners for six blockchains (Ethereum, Solana, and others) and development guideline assistants. The entry-point-analyzer identifies state-changing functions in smart contracts, categorizes them by access level, and generates structured reports. If you do blockchain audits, these two are worth installing together.
For verification work
The constant-time-analysis plugin detects compiler-induced timing side-channels in cryptographic code. This one has actually found real bugs: Trail of Bits lists a timing side-channel in ECDSA verification in the RustCrypto signatures crate that was discovered using this skill. That's a credible result. property-based-testing covers property-based testing patterns across multiple languages and smart contracts. spec-to-code-compliance checks whether an implementation matches its specification, aimed at blockchain audits specifically.
The remaining plugins (dwarf-expert for reverse engineering, fix-review for verifying audit fix commits, burpsuite-project-parser for extracting data from .burp files) are narrower. Install them when you need them.
Running Your First Audit Session
Once you've installed the plugins you want, the workflow changes are mostly invisible. Skills activate automatically based on what you're doing. There's no special command to "turn on" audit mode.
Step 1: Point Claude at a codebase
Navigate to your project directory and start Claude Code. If you've installed audit-context-building, ask Claude to analyze the architecture:
Analyze the architecture of this codebase. Map the modules, entrypoints, actors, and storage patterns.Claude will start doing ultra-granular analysis: reading files line by line, tracking data flows across functions, and building an explicit model of how the system works. This takes longer than a normal Claude response, sometimes 30-60 seconds for complex codebases, because it's doing actual depth-first analysis rather than skimming.
Expected result: Claude produces a structured breakdown of the codebase architecture, including entry points, trust boundaries, external dependencies, and data flow paths. It should explicitly state assumptions and flag areas where it's uncertain.
Step 2: Run targeted analysis
After the context-building phase, you can ask more targeted questions. With sharp-edges installed, try:
Identify sharp edges in the authentication module. Focus on error-prone APIs and dangerous defaults.If you have the static-analysis plugin and Semgrep installed locally, Claude can run actual scans:
Run Semgrep against the auth module and analyze the results for security issues.The difference between using these skills and just asking Claude to "find vulnerabilities" is structural. The skills encode specific methodologies: what to look for, in what order, and how to categorize findings. Without them, Claude tends to produce surface-level observations. With them, it follows something closer to an actual audit workflow.
Step 3: Review findings
Claude presents findings with varying confidence levels. The sharp-edges plugin categorizes issues by severity and includes the reasoning chain that led to each finding. This matters because it lets you quickly evaluate whether Claude's analysis is sound or whether it's pattern-matching on superficial similarities.
I should clarify: these plugins don't replace a human auditor. They change Claude from a general-purpose assistant into something that follows security-specific workflows, but the judgment calls are still yours. Trail of Bits themselves note that if a skill doesn't find a variant of a bug, that doesn't guarantee the bug isn't there.
Skills vs. Commands vs. Agents
This trips people up. Claude Code plugins can contain three types of components, and they behave differently. Skills load into the current session and activate automatically when Claude's task matches the skill description. You don't invoke them; Claude decides when they're relevant. Commands are slash commands you type explicitly, like /plugin menu. Agents run in separate context windows with their own system prompts, and return summaries to the main session.
Most Trail of Bits plugins are skills. That means after installation, they work silently in the background. You won't see a "sharp-edges activated" message. You'll just notice that Claude's analysis is more structured and covers patterns it wouldn't otherwise flag.
The audit-context-building plugin is a good example. Its documentation explicitly says it governs how Claude thinks during the context-building phase. It doesn't add commands or produce reports on its own. It changes Claude's analytical approach.
Scope and Marketplace Management
When you install a plugin, Claude Code asks whether you want it at user scope (available everywhere) or project scope (just this repo). For security skills, user scope usually makes sense since you'll want them available across audits.
To check what you have installed, /plugin menu and look at the Installed tab. To remove a marketplace entirely: /plugin marketplace remove trailofbits/skills. This also uninstalls any plugins you got from it.
Trail of Bits also maintains a curated marketplace that includes vetted third-party skills. They code-review every submission because, as they note, published skills have been found with backdoors and malicious hooks. If you want to pull in skills from other sources, using the curated marketplace as a filter is a reasonable approach.
Troubleshooting
Symptom: /plugin marketplace add trailofbits/skills hangs or fails with a git error.
Fix: Make sure Git is installed and you can reach GitHub. The command clones the repo's marketplace manifest. If you're behind a corporate proxy, configure Git's proxy settings first.
Symptom: Skills don't seem to activate. Claude's responses look the same as before.
Fix: Check the Installed tab in /plugin menu to confirm the plugin actually installed. Skills activate based on task description matching, so your prompt needs to be in the right domain. Asking "find bugs" is too vague. Asking "analyze this contract's entry points for access control issues" will trigger the relevant skills.
Symptom: Static analysis plugin can't find Semgrep or CodeQL.
Fix: These tools need to be installed separately. The plugin gives Claude the knowledge to use them but doesn't bundle the binaries. Install Semgrep with pip install semgrep or follow Semgrep's docs.
One more thing: if you install or remove plugins mid-session, you'll likely need to restart Claude Code for the changes to fully take effect. The docs don't emphasize this enough.
What's Next
You now have a security-focused Claude Code setup. For a deeper look at how Trail of Bits configures Claude Code internally (sandboxing, permissions, hooks, agent teams), check their claude-code-config repository.
