Which agents does trail-of-bits work with?

Claude Code, Cursor, Codex CLI.

How do I install trail-of-bits?

Run `npx skills add trailofbits/skills` for Claude Code. See the install panel for per-agent commands.

Is trail-of-bits free to use?

Yes — trail-of-bits is open source (Apache-2.0).

Who maintains trail-of-bits?

trail-of-bits is published by Trail of Bits and was last updated on 2026-04-22.

trail-of-bits

Name: trail-of-bits
Author: Trail of Bits

Security audits run by a real security firm. CodeQL + Semgrep + audit workflows.

Score 0(?)VerifiedCodeby Trail of BitsSource

Verified for:

Install

$ npx skills add trailofbits/skills

Best for

Pre-release vulnerability scans, ongoing security review.

About this skill

CodeQL + Semgrep static analysis, vulnerability detection, audit workflows from a top-tier security firm.

CodeQLSemgrepAudit

Score breakdown

rubric 1.0

Install count

0/20

Provenance

12.8/15

GitHub stars

0/15

Recency

8.5/10

Compatibility

6/10

Documentation depth

6.5/10

Install ergonomics

10/10

License

5/5

Verification freshness

4.3/5

Composite 0–100 score derived from 9 verifiable signals. See the rubric →

k8s-security-policies

Security

Community

Kubernetes hardening by the book. NetworkPolicies, RBAC, OPA, service mesh.

KubernetesRBACOPA

Code

Medium4 min

shannon

Security

Verified

Real exploits, no false positives. 96.15% exploit success across 50+ vuln types.

PentestExploitationAction-taking

Code

High15 min

code-review-plugin

Code Review

Official

Structured PR reviews with severity-tagged findings — bugs, security, perf, style.

ReviewSecurityPR

Code

Low0 min

Install

Best for

About this skill

Score breakdown

Score breakdown

Related skills

k8s-security-policies

shannon

code-review-plugin