scv-scan

Curated Skills Marketplace

Trail of Bits' reviewed and approved Claude Code plugins. Every skill and marketplace here has been vetted for quality and safety.

Why This Exists

We don't want people at Trail of Bits installing random plugins from GitHub repos we haven't reviewed. Published skills have been found with backdoors and malicious hooks, and the ecosystem has no built-in quality gate. This repo is how we solve that problem internally.

Everything here has been code-reviewed by Trail of Bits staff. We're sharing it publicly so the broader community benefits from the same vetting.

Installation

/plugin marketplace add trailofbits/skills-curated
/plugin menu

Available Plugins

Development

Plugin	Description
planning-with-files	File-based planning with persistent markdown for complex multi-step tasks
python-code-simplifier	Simplify and refine Python code for clarity and maintainability
react-pdf	Generate PDF documents with React-PDF (flexbox layout, SVG, custom fonts)
skill-extractor	Extract reusable skills from work sessions

Security

Plugin	Description
ffuf-web-fuzzing	Expert guidance for ffuf web fuzzing during authorized penetration testing
ghidra-headless	Reverse engineer binaries using Ghidra's headless analyzer
scv-scan	Audit Solidity codebases for 36 smart contract vulnerability classes
security-awareness	Recognize and avoid phishing, credential theft, and social engineering during agent operation
wooyun-legacy	Web vulnerability testing methodology from 88,636 real-world cases (WooYun 2010-2016)

Research

Plugin	Description
last30days	Research any topic from the last 30 days across Reddit, X, and the web
x-research	Search X/Twitter for real-time perspectives, discussions, and expert opinions

Writing

Plugin	Description
humanizer	Identifies and removes AI writing patterns to make text sound natural

OpenAI (Converted)

Auto-converted from openai/skills using scripts/convert_openai_skills.py. Portable skills only (no MCP or OpenAI API dependencies).

Plugin	Description
openai-cloudflare-deploy	Deploy applications to Cloudflare Workers and Pages
openai-develop-web-game	Build and iterate on web games (HTML/JS) with a dev + testing loop
openai-doc	Read, create, and edit .docx documents with formatting fidelity
openai-gh-address-comments	Address review and issue comments on GitHub PRs
openai-gh-fix-ci	Debug and fix failing GitHub Actions CI checks
openai-jupyter-notebook	Create, scaffold, and edit Jupyter notebooks
openai-netlify-deploy	Deploy web projects to Netlify using the CLI
openai-pdf	Read, create, and review PDF files with layout awareness
openai-playwright	Automate real browsers from the terminal via playwright-cli
openai-screenshot	Take desktop or system screenshots
openai-security-best-practices	Language and framework specific security best-practice reviews
openai-security-ownership-map	Build security ownership topology from git history
openai-security-threat-model	Repository-grounded threat modeling with trust boundaries and abuse paths
openai-sentry	Inspect Sentry issues and summarize production errors
openai-spreadsheet	Create, edit, and analyze spreadsheets (.xlsx, .csv)
openai-yeet	Stage, commit, push, and open a GitHub PR in one flow

How It Works

There are three ways to get a skill approved for use:

1. Use an approved marketplace

The marketplaces below have been reviewed and are approved for use. Install plugins from them directly.