@harrisonqian /  Awesome Claude Skills /  history /  18e7caa226d4
Create wiki/security.md
18e7caa226d4 harrisonqian 2026-04-12 1 file
wiki/security.md
new file mode 100644
index 0000000..b7571ed
@@ -0,0 +1,51 @@
+---
+visibility: public
+---
+
+# security
+
+the sleeper category. Trail of Bits alone makes this one of the strongest skill domains.
+
+## Trail of Bits ([trailofbits/skills](https://github.com/trailofbits/skills))
+
+**40+ professional security skills** from one of the top security auditing firms. if you do any security work, these are the highest-quality skills available.
+
+### analysis & detection
+- **static-analysis** — CodeQL + Semgrep integration
+- **variant-analysis** — find variants of known vulnerabilities
+- **insecure-defaults** — detect insecure default configurations
+- **sharp-edges** — identify API misuse patterns
+- **constant-time-analysis** — verify constant-time implementations
+- **differential-review** — security-focused diff review
+
+### smart contracts & blockchain
+- **building-secure-contracts** — secure smart contract development
+- **audit-context-building** — build context for security audits
+
+### supply chain & compliance
+- **supply-chain-risk-auditor** — audit dependency supply chain
+- **spec-to-code-compliance** — verify code matches specification
+- **zeroize-audit** — verify sensitive data is properly zeroed
+
+### testing
+- **mutation-testing** — test suite quality via mutation analysis
+- **property-based-testing** — generate property-based tests
+
+### detection & hunting
+- **semgrep-rule-creator** — create custom Semgrep rules
+- **yara-authoring** — write YARA rules for malware detection
+- **firebase-apk-scanner** — scan Android APKs for Firebase misconfigurations
+
+also: **[trailofbits/skills-curated](https://github.com/trailofbits/skills-curated)** (348 stars) — their vetted plugin marketplace.
+
+## community security skills
+
+- **[FFUF Web Fuzzing](https://github.com/jthack/ffuf_claude_skill)** — integrates ffuf web fuzzer. also in [[development]]. by @jthack
+- **[threat-hunting-with-sigma-rules](https://github.com/jthack/threat-hunting-with-sigma-rules-skill)** — Sigma detection rules for threat hunting. by @jthack
+- **[iothackbot](https://github.com/BrownFineSecurity/iothackbot)** (735 stars) — IoT penetration testing skills and tooling.
+- **[android-reverse-engineering](https://github.com/SimoneAvogadro/android-reverse-engineering-skill)** (1.5k stars) — Android app reverse engineering support.
+
+### forensics (from [claude-skills-marketplace](https://github.com/mhattingpete/claude-skills-marketplace))
+- **computer-forensics** — digital forensics analysis
+- **file-deletion** — secure file deletion and sanitization
+- **metadata-extraction** — file metadata extraction for forensic purposes
\ No newline at end of file