Audit GitHub Actions workflows to detect security vulnerabilities in AI agent integrations like Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Identify prompt injection risks and unsafe input flows in CI/CD pipelines before deployment.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
npx claudepluginhub trailofbits/skills --plugin agentic-actions-auditorBuilds multi-language source code graphs for security analysis: call graphs, attack surface mapping, blast radius, taint propagation, complexity hotspots, and entry point enumeration. Generates Mermaid diagrams (call graphs, class hierarchies, dependency maps, heatmaps). Compares code graph snapshots for structural diff and evolution analysis. Runs graph-informed mutation testing triage (genotoxic). Generates mutation-driven test vectors (vector-forge). Extracts crypto protocol message flows and converts Mermaid diagrams to ProVerif models. Projects SARIF and weAudit findings onto code graphs. Use when analyzing call paths, mapping attack surface, visualizing code architecture, triaging survived mutants, generating cryptographic test vectors, diagramming crypto protocols, formally verifying protocols, or augmenting audits with static analysis findings.
trailofbitsConfigures mewt or muton mutation testing campaigns — scopes targets, tunes timeouts, and optimizes long-running runs. Use when the user mentions mewt, muton, mutation testing, or wants to configure or optimize a mutation testing campaign.
trailofbitsAnnotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.
trailofbitsGenerate minimal macOS Seatbelt sandbox configurations for applications
trailofbitsAutomatically reviews and fixes Claude Code skills through iterative refinement until they meet quality standards. Requires plugin-dev plugin.
trailofbitsRuns code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits. Bundles Codex's built-in MCP server for direct tool access.
trailofbitsSelf-audit AI agent, tool, and MCP-server code for security and reliability misconfigurations with Trustabl, the static analyzer for the OpenAI Agents SDK, Claude Agent SDK, Google ADK, and MCP. Ships two skills (trustabl-scan and trustabl-enrich) and a subagent (trustabl) that together form a scan → enrich → review → apply pipeline.
trustablOffline security scanner for AI-agent repos, skills, plugins, and MCP servers
alexgreenshAI-powered cybersecurity code review with 8 specialist agents, OWASP Top 10:2021, CWE Top 25:2024, MITRE ATT&CK v15, and framework-aware false-positive suppression
AgriciDanielGoPlus AgentGuard — AI agent security guard. Blocks dangerous commands, prevents data leaks, protects secrets. 20 detection rules, runtime action evaluation, trust registry.
GoPlusSecuritySecurity testing skills for AI-assisted IDEs and coding agents. 25 vulnerability patterns across code execution, prompt injection, data exfiltration, and trust persistence.
Mindgard