Repositories list

• claude-code-config

  Public

  trailofbits/claude-code-config’s past year of commit activity
  Opinionated defaults, documentation, and workflows for Claude Code at Trail of Bits

  claudedeveloper-toolclaude-code+ 1claude-code-cli

  Shell

  •47•718•0•0•Updated Feb 14, 2026Feb 14, 2026

• vscode-weaudit

  Public

  trailofbits/vscode-weaudit’s past year of commit activity
  Create code bookmarks and code highlights with a click.

  TypeScript

  •

  GNU General Public License v3.0

  •28•228•14•6•Updated Feb 14, 2026Feb 14, 2026

• aifirst-insecure-agent-labs

  Public

  trailofbits/aifirst-insecure-agent-labs’s past year of commit activity
  Python

  •2•3•0•4•Updated Feb 13, 2026Feb 13, 2026

• codeql

  Public

  trailofbits/codeql’s past year of commit activity
  CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

  CodeQL

  •

  MIT License

  •1.9k•1•0•3•Updated Feb 13, 2026Feb 13, 2026

• it-depends

  Public

  trailofbits/it-depends’s past year of commit activity
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

  dependency-analysisdependency-graphhacktoberfest+ 5vulnerability-scannersbomhacktoberfest2021sbom-generatorsbom-tool

  Python

  •

  GNU Lesser General Public License v3.0

  •22•382•12•2•Updated Feb 13, 2026Feb 13, 2026

• protofuzz

  Public

  trailofbits/protofuzz’s past year of commit activity
  Google Protocol Buffers message generator

  protobufprotocol-buffersfuzzer

  Python

  •

  MIT License

  •36•283•9•2•Updated Feb 13, 2026Feb 13, 2026

• blight

  Public

  trailofbits/blight’s past year of commit activity
  A framework for instrumenting build tools

  instrumentationbuild-toolbuild-system+ 2hacktoberfestcompiler-wrapper

  Python

  •

  Apache License 2.0

  •7•90•20•6•Updated Feb 13, 2026Feb 13, 2026

• mcp-context-protector

  Public

  trailofbits/mcp-context-protector’s past year of commit activity
  MCP security wrapper

  Python

  •

  Apache License 2.0

  •17•206•5•5•Updated Feb 13, 2026Feb 13, 2026

• pylock-attestations

  Public

  trailofbits/pylock-attestations’s past year of commit activity
  CLI tool to add attestation identities to `pylock.toml` files

  Python

  •

  Apache License 2.0

  •1•5•4•0•Updated Feb 13, 2026Feb 13, 2026

• cookiecutter-python

  Public

  trailofbits/cookiecutter-python’s past year of commit activity
  A cookiecutter template for a best-practices Python project

  Python

  •

  Apache License 2.0

  •7•29•0•2•Updated Feb 13, 2026Feb 13, 2026

• skills

  Public

  trailofbits/skills’s past year of commit activity
  Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

  agent-skills

  Python

  •

  Creative Commons Attribution Share Alike 4.0 International

  •212•2.6k•5•3•Updated Feb 13, 2026Feb 13, 2026

• pajaMAS

  Public

  trailofbits/pajaMAS’s past year of commit activity
  Multi-agent system (MAS) hijacking demos

  multi-agent-systemsai-agentsai-security

  Python

  •

  Apache License 2.0

  •3•40•3•4•Updated Feb 13, 2026Feb 13, 2026

• gh-action-adapt-sigstore-pypi

  Public

  trailofbits/gh-action-adapt-sigstore-pypi’s past year of commit activity
  Python

  •

  Apache License 2.0

  •0•1•0•7•Updated Feb 13, 2026Feb 13, 2026

• irene3

  Public

  trailofbits/irene3’s past year of commit activity
  C++

  •

  GNU Affero General Public License v3.0

  •0•10•1•4•Updated Feb 13, 2026Feb 13, 2026

• siderophile

  Public

  trailofbits/siderophile’s past year of commit activity
  Find the ideal fuzz targets in a Rust codebase

  rustfuzzingprogram-analysis+ 1security-testing

  Rust

  •

  MIT License

  •13•223•12•13•Updated Feb 13, 2026Feb 13, 2026

• vscode-sarif-explorer

  Public
  SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results

  static-analysisvscode-extensionsarif

  TypeScript

  •

  GNU General Public License v3.0

  •9•45•6•16•Updated Feb 13, 2026Feb 13, 2026

• skills-curated

  Public

  trailofbits/skills-curated’s past year of commit activity
  Curated, community-vetted Claude Code plugin marketplace

  Python

  •

  Creative Commons Attribution Share Alike 4.0 International

  •1•99•0•0•Updated Feb 13, 2026Feb 13, 2026

• claude-code-devcontainer

  Public

  trailofbits/claude-code-devcontainer’s past year of commit activity
  Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.

  Shell

  •

  Apache License 2.0

  •27•346•0•0•Updated Feb 13, 2026Feb 13, 2026

• cargo-unmaintained

  Public

  trailofbits/cargo-unmaintained’s past year of commit activity
  Find unmaintained packages in Rust projects

  rustunmaintainedpackage-management

  Rust

  •

  GNU Affero General Public License v3.0

  •13•85•11•2•Updated Feb 13, 2026Feb 13, 2026

• codeql-queries

  Public

  trailofbits/codeql-queries’s past year of commit activity
  CodeQL queries developed by Trail of Bits

  CodeQL

  •

  GNU Affero General Public License v3.0

  •7•145•5•4•Updated Feb 13, 2026Feb 13, 2026

• checksec-anywhere

  Public

  trailofbits/checksec-anywhere’s past year of commit activity
  Analyze binary security features instantly in your browser.

  Rust

  •

  Apache License 2.0

  •2•17•6•1•Updated Feb 13, 2026Feb 13, 2026

• vscode-masm

  Public

  trailofbits/vscode-masm’s past year of commit activity
  VS Code extension for the Miden assembly language

  TypeScript

  •0•4•0•0•Updated Feb 13, 2026Feb 13, 2026

• masm-lsp

  Public

  trailofbits/masm-lsp’s past year of commit activity
  An LSP server for the Miden assembly language

  Rust

  •1•2•1•0•Updated Feb 13, 2026Feb 13, 2026

• vast

  Public

  trailofbits/vast’s past year of commit activity
  VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit represe…

  ccppclang+ 5compilersprogram-analysisintermediate-representationcompiler-frontendmlir

  C++

  •

  Apache License 2.0

  •32•434•168•3•Updated Feb 13, 2026Feb 13, 2026

• vendetect

  Public

  trailofbits/vendetect’s past year of commit activity
  A tool to automatically detect copy+pasted and vendored code between repositories

  program-analysisplagiarism-detectionsbom+ 1sbom-tool

  Python

  •

  GNU Affero General Public License v3.0

  •6•74•2•3•Updated Feb 13, 2026Feb 13, 2026

• go-slh-dsa

  Public

  trailofbits/go-slh-dsa’s past year of commit activity
  FIPS-205 / SLH-DSA (Stateless Hash-Based Digital Signature Algorithm)

  Go

  •

  BSD 3-Clause "New" or "Revised" License

  •1•8•0•0•Updated Feb 13, 2026Feb 13, 2026

• graphtage

  Public

  trailofbits/graphtage’s past year of commit activity
  A semantic diff utility and library for tree-like files such as JSON, JSON5, XML, HTML, YAML, and CSV.

  pythondiffutility+ 5librarygraph-algorithmscommand-line-toolhacktoberfesthacktoberfest2021

  Python

  •

  GNU Lesser General Public License v3.0

  •54•2.5k•20•8•Updated Feb 13, 2026Feb 13, 2026

• eatmynetwork

  Public

  trailofbits/eatmynetwork’s past year of commit activity
  A small script for running programs with (minimal) network sandboxing

  macoslinuxsandbox+ 1resilience-testing

  Shell

  •

  Apache License 2.0

  •2•53•0•0•Updated Feb 13, 2026Feb 13, 2026

• maat

  Public

  trailofbits/maat’s past year of commit activity
  Open-source symbolic execution framework: https://maat.re

  C++

  •

  Other

  •44•648•21•12•Updated Feb 13, 2026Feb 13, 2026

• LeftoverLocalsRelease

  Public

  trailofbits/LeftoverLocalsRelease’s past year of commit activity
  The public release of LeftoverLocals code

  C++

  •

  Apache License 2.0

  •16•72•1•0•Updated Feb 13, 2026Feb 13, 2026