Trail of Bits claude-code-config banner
trailofbits trailofbits

Trail of Bits claude-code-config

Security community intermediate
SOURCE https://github.com/trailofbits/claude-code-config

Description

Opinionated defaults, documentation, and workflows for Claude Code at Trail of Bits. Covers sandboxing, permissions, hooks, skills, MCP servers, and usage patterns we've found effective across security audits, development, and research.

Installation

Terminal
claude install-skill https://github.com/trailofbits/claude-code-config

README

Trail of Bits Claude Code Config

Opinionated defaults, documentation, and workflows for Claude Code at Trail of Bits. Covers sandboxing, permissions, hooks, skills, MCP servers, and usage patterns we've found effective across security audits, development, and research.

Also see: [skills](https://github.com/trailofbits/skills) · [skills-curated](https://github.com/trailofbits/skills-curated) · [claude-code-devcontainer](https://github.com/trailofbits/claude-code-devcontainer) · [dropkit](https://github.com/trailofbits/dropkit)

**First-time setup:**

git clone https://github.com/trailofbits/claude-code-config.git
cd claude-code-config
claude

Then inside the session, run `/trailofbits:config`. It walks you through installing each component, detects what you already have, and self-installs the command so future runs work from any directory. Run `/trailofbits:config` again after updates.

Contents

**[Getting Started](#getting-started)**

    undefined

**[Configuration](#configuration)**

    undefined

**[Usage](#usage)**

    undefined

Getting Started

Read These First

Before configuring anything, read these to understand the context for why this setup works the way it does:

...

Related Skills

Defense in Depth preview

Defense in Depth

Implement multi-layered testing and security best practices.

obra Security community
SecLists Official Repository preview

SecLists Official Repository

[OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)

danielmiessler Security community
Threat Hunting with Sigma Rules preview

Threat Hunting with Sigma Rules

Use Sigma detection rules to hunt for threats and analyze security events

jthack Security community
Maintenance Walkthrough - 2026-03-29 preview

Maintenance Walkthrough - 2026-03-29

- Re-triaged the full 2026-03-15 security finding set against current `main` and wrote a fresh current-head report in `docs/maintainers/security-findings-triage-2026-03-29-refresh.md`. - Added a match

sickn33 Security community
Google Workspace Model Armor preview

Google Workspace Model Armor

Filter user-generated content for safety

Google Workspace Security community
Google Workspace Alert Center preview

Google Workspace Alert Center

Manage security alerts

Google Workspace Security community

Related Agents

Accessibility Audit

| You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive tec... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

wcag-audit-patterns

| Comprehensive guide to auditing web content against WCAG 2.2 guidelines with actionable remediation... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

Deps Audit

| You are a dependency security expert specializing in vulnerability scanning, license compliance, and... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent