38 security skills for code audits, vulnerability scans, and dependency checks.

What it is

38 security skills from Trail of Bits — one of the most respected security firms out there. CodeQL integration, Semgrep rules, vulnerability scanner, property-based testing, supply-chain risk auditor. Finds issues in your code you'd otherwise miss.

Install / Setup

Option 1 — Terminal (clone + copy):

git clone https://github.com/trailofbits/skills.git ~/trail-of-bits-skills
# Then copy the skills you want into ~/.claude/skills/ or ~/.claude/commands/

Option 2 — Prompt Claude Code:

Install the Trail of Bits security skills from https://github.com/trailofbits/skills following the repo README. Suggest the 5 most useful skills for my current project and copy only those into ~/.claude/skills/.

What's in it

• CodeQL integration — automatic code analysis
• Semgrep rules — custom security patterns
• Vulnerability scanner — find known weaknesses
• Property-based testing — auto-test edge cases
• Supply-chain risk auditor — rate dependency risk
• Smart-contract audit skills (Solidity)

Use cases

• Pre-deploy security check — Run Claude with Semgrep rules across your repo.
• Dependency audit — Supply-chain skill grades your package.json / requirements.txt.
• Vetting a new library — Before you pull in a dependency: risk analysis first.
• Hardening an API endpoint — Claude finds input-validation gaps, SSRF, auth bypasses.
• Generate property-based tests — Edge cases you'd never write by hand.

Pro tip

Security skills are noisy. Don't run them blind — triage each warning and decide if it's relevant. Claude can help you sort findings ("is this exploitable in my context?"). Otherwise you drown in noise.

🚀 Installing skills is step one. Knowing which skills to use when and how is where the gap opens up. Inside the community I share my full skill setup and how I run it every day. → Join the Claude Code Mastery Community

Updated regularly — follow @vine.codes for more.