Skip to content
v1.0.0 Open Source

Trail of Bits Security

A prestigious security auditing and verification firm with expertise in smart contract security, cryptographic analysis, binary reverse engineering, and application security testing

by Paperclip AI verified 28 agents 35 skills 0 installs
Sign in to install View source on GitHub

About

Trail of Bits Security

A prestigious security auditing and verification firm with expertise in smart contract security, cryptographic analysis, binary reverse engineering, and application security testing

An Agent Company based on Trail of Bits Skills — security-focused skills for static analysis, smart contract auditing, Semgrep rules, binary reverse engineering, and supply chain security

What's Inside

This is an Agent Company package from Paperclip

Content Count
Agents 28
Skills 35

Agents

Agent Role Reports To
Audit Lead Engineer chief-security-officer
Binary Analyst Engineer reverse-engineering-lead
Blockchain Security Lead Engineer chief-security-officer
Burpsuite Analyst Engineer audit-lead
CEO CEO
Chaos Agent Engineer ceo
Chief Security Officer Engineer ceo
Code Auditor Engineer audit-lead
Constant-Time Analyst Engineer verification-lead
Contract Entry Point Analyst Engineer blockchain-security-lead
Culture Analyst Engineer ceo
Engineering Lead Engineer chief-security-officer
False Positive Analyst Engineer audit-lead
Infrastructure Engineer Engineer engineering-lead
Malware Analyst Engineer reverse-engineering-lead
Mobile Security Analyst Engineer reverse-engineering-lead
Property Tester Engineer verification-lead
Reverse Engineering Lead Engineer chief-security-officer
Skill Developer Engineer engineering-lead
Smart Contract Auditor Engineer blockchain-security-lead
Spec Compliance Analyst Engineer verification-lead
Static Analysis Engineer Engineer audit-lead
Supply Chain Auditor Engineer audit-lead
Testing Specialist Engineer audit-lead
Tooling Engineer Engineer engineering-lead
Variant Analyst Engineer audit-lead
Verification Lead Engineer chief-security-officer
Zeroize Auditor Engineer verification-lead

Skills

Skill Description Source
agentic-actions-auditor Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference) github
ask-questions-if-underspecified Clarify ambiguous requirements by asking questions before implementing. Only when invoked explicitly. github
audit-context-building Build deep architectural context through ultra-granular code analysis before vulnerability hunting github
building-secure-contracts Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework. Includes vulnerability scanners for 6 blockchains and 5 development guideline assistants. github
burpsuite-project-parser Search and extract data from Burp Suite project files (.burp) for security analysis github
claude-in-chrome-troubleshooting Diagnose and fix Claude in Chrome MCP extension connectivity issues github
constant-time-analysis Detect compiler-induced timing side-channels in cryptographic code github
culture-index Interprets Culture Index survey results for individuals and teams github
debug-buttercup Debug Buttercup Kubernetes deployments github
devcontainer-setup Create pre-configured devcontainers with Claude Code and language-specific tooling github
differential-review Security-focused differential review of code changes with git history analysis and blast radius estimation github
dwarf-expert Interact with and understand the DWARF debugging format github
entry-point-analyzer Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level, and generates structured audit reports. github
firebase-apk-scanner Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only. github
fp-check Systematic false positive verification for security bug analysis with mandatory gate reviews github
gh-cli Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI. github
git-cleanup Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work. github
insecure-defaults Detects insecure default configurations including hardcoded credentials, fallback secrets, weak authentication defaults, and dangerous values in production github
let-fate-decide Draws Tarot cards using cryptographic randomness to add entropy to vague or underspecified planning. Interprets the spread to guide next steps. github
modern-python Modern Python best practices. Use when creating new Python projects, writing Python scripts, or migrating existing projects from legacy tools. github
property-based-testing Property-based testing guidance for multiple languages and smart contracts github
seatbelt-sandboxer Generate minimal macOS Seatbelt sandbox configurations for applications github
second-opinion Runs code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits. github
semgrep-rule-creator Create custom Semgrep rules for detecting bug patterns and security vulnerabilities github
semgrep-rule-variant-creator Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation github
sharp-edges Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes github
skill-improver Automatically reviews and fixes Claude Code skills through iterative refinement until they meet quality standards. github
spec-to-code-compliance Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis github
static-analysis Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection github
supply-chain-risk-auditor Audit supply-chain threat landscape of project dependencies for exploitation or takeover risk github
testing-handbook-skills Skills from the Trail of Bits Application Security Testing Handbook (appsec.guide) github
variant-analysis Find similar vulnerabilities and bugs across codebases using pattern-based analysis github
workflow-skill-design Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills github
yara-authoring YARA-X detection rule authoring with linting and quality analysis github
zeroize-audit Detects missing or compiler-optimized zeroization of sensitive data with assembly and control-flow analysis github

Getting Started

npx paperclipai company import this-github-url-or-folder

See Paperclip for more information.


Exported from Paperclip on 2026-03-23

Blueprint

Agents

  • CEO

    Chief Executive Officer

  • Audit Lead

    Audit Lead

  • Chaos Agent

    Chaos Agent

    let-fate-decide
  • Code Auditor

    Senior Code Auditor

    agentic-actions-auditoraudit-context-buildingsharp-edgesinsecure-defaultsdifferential-review
  • Binary Analyst

    Binary Analysis Specialist

    dwarf-expert
  • Culture Analyst

    Culture Analyst

    culture-index
  • Malware Analyst

    Malware Analyst

    yara-authoring
  • Property Tester

    Property-Based Testing Specialist

    property-based-testing
  • Skill Developer

    Skill Developer

    skill-improverworkflow-skill-designask-questions-if-underspecifiedsecond-opinion
  • Variant Analyst

    Variant Analyst

    variant-analysissemgrep-rule-creatorsemgrep-rule-variant-creator
  • Zeroize Auditor

    Zeroization Audit Specialist

    zeroize-audit
  • Engineering Lead

    Engineering Lead

  • Tooling Engineer

    Tooling Engineer

    gh-cligit-cleanupmodern-pythondevcontainer-setupseatbelt-sandboxer
  • Burpsuite Analyst

    Web Application Security Analyst

    burpsuite-project-parser
  • Verification Lead

    Verification & Formal Methods Lead

  • Testing Specialist

    Application Security Testing Specialist

    testing-handbook-skills
  • Supply Chain Auditor

    Supply Chain Auditor

    supply-chain-risk-auditor
  • Constant-Time Analyst

    Constant-Time Analysis Specialist

    constant-time-analysis
  • Chief Security Officer

    Chief Security Officer

  • False Positive Analyst

    False Positive Analyst

    fp-check
  • Smart Contract Auditor

    Senior Smart Contract Auditor

    building-secure-contracts
  • Infrastructure Engineer

    Infrastructure Engineer

    debug-buttercupclaude-in-chrome-troubleshooting
  • Mobile Security Analyst

    Mobile Security Analyst

    firebase-apk-scanner
  • Spec Compliance Analyst

    Specification Compliance Analyst

    spec-to-code-compliance
  • Blockchain Security Lead

    Blockchain Security Lead

  • Reverse Engineering Lead

    Reverse Engineering Lead

  • Static Analysis Engineer

    Static Analysis Engineer

    static-analysis
  • Contract Entry Point Analyst

    Contract Entry Point Analyst

    entry-point-analyzer

Teams

  • Audit Application security audit team -- static analysis, manual review, variant analysis, and false positive triage
  • Engineering Internal tooling, development infrastructure, and skill development
  • Verification Formal methods, property-based testing, cryptographic correctness, and specification compliance
  • Blockchain Security Smart contract and blockchain protocol security auditing across multiple chains
  • Reverse Engineering Binary analysis, mobile security, and malware analysis

Skills

gh-cli

Intercepts GitHub URL fetches and curl/wget commands, redirecting to the authenticated gh CLI.

fp-check

Systematic false positive verification for security bug analysis with mandatory gate reviews

git-cleanup

Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work.

sharp-edges

Identify error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes

dwarf-expert

Interact with and understand the DWARF debugging format

culture-index

Interprets Culture Index survey results for individuals and teams

modern-python

Modern Python best practices. Use when creating new Python projects, writing Python scripts, or migrating existing projects from legacy tools.

zeroize-audit

Detects missing or compiler-optimized zeroization of sensitive data with assembly and control-flow analysis

second-opinion

Runs code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits.

skill-improver

Automatically reviews and fixes Claude Code skills through iterative refinement until they meet quality standards.

yara-authoring

YARA-X detection rule authoring with linting and quality analysis

debug-buttercup

Debug Buttercup Kubernetes deployments

let-fate-decide

Draws Tarot cards using cryptographic randomness to add entropy to vague or underspecified planning. Interprets the spread to guide next steps.

static-analysis

Static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection

variant-analysis

Find similar vulnerabilities and bugs across codebases using pattern-based analysis

insecure-defaults

Detects insecure default configurations including hardcoded credentials, fallback secrets, weak authentication defaults, and dangerous values in production

devcontainer-setup

Create pre-configured devcontainers with Claude Code and language-specific tooling

seatbelt-sandboxer

Generate minimal macOS Seatbelt sandbox configurations for applications

differential-review

Security-focused differential review of code changes with git history analysis and blast radius estimation

entry-point-analyzer

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level, and generates structured audit reports.

firebase-apk-scanner

Scan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.

semgrep-rule-creator

Create custom Semgrep rules for detecting bug patterns and security vulnerabilities

workflow-skill-design

Teaches design patterns for workflow-based Claude Code skills and provides a review agent for auditing existing skills

audit-context-building

Build deep architectural context through ultra-granular code analysis before vulnerability hunting

constant-time-analysis

Detect compiler-induced timing side-channels in cryptographic code

property-based-testing

Property-based testing guidance for multiple languages and smart contracts

agentic-actions-auditor

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference)

spec-to-code-compliance

Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis

testing-handbook-skills

Skills from the Trail of Bits Application Security Testing Handbook (appsec.guide)

burpsuite-project-parser

Search and extract data from Burp Suite project files (.burp) for security analysis

building-secure-contracts

Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework. Includes vulnerability scanners for 6 blockchains and 5 development guideline assistants.

supply-chain-risk-auditor

Audit supply-chain threat landscape of project dependencies for exploitation or takeover risk

semgrep-rule-variant-creator

Creates language variants of existing Semgrep rules with proper applicability analysis and test-driven validation

ask-questions-if-underspecified

Clarify ambiguous requirements by asking questions before implementing. Only when invoked explicitly.

claude-in-chrome-troubleshooting

Diagnose and fix Claude in Chrome MCP extension connectivity issues

Reviews

No reviews yet.