feat(skills): package 16 Trail of Bits skills#466
Merged
Conversation
Adds spec.yaml entries for the broadly-applicable security skills from
trailofbits/skills (CC-BY-SA-4.0), pinned to commit e8cc5ba. Each skill
passes skill-scanner against the per-skill allowlist; the most common
allowlist entry (MANIFEST_MISSING_LICENSE) covers upstream's practice
of licensing at the repo root rather than in per-skill frontmatter.
Skills:
- agentic-actions-auditor, codeql, semgrep, sarif-parsing,
semgrep-rule-creator, semgrep-rule-variant-creator
- supply-chain-risk-auditor, insecure-defaults, sharp-edges,
fp-check, differential-review, variant-analysis
- constant-time-analysis, zeroize-audit, property-based-testing
- yara-rule-authoring
🛡️ Skill Security Scan Results✅ agentic-actions-auditor
✅ codeql
✅ constant-time-analysis
✅ differential-review
✅ fp-check
✅ insecure-defaults
✅ property-based-testing
✅ sarif-parsing
✅ semgrep
✅ semgrep-rule-creator
✅ semgrep-rule-variant-creator
✅ sharp-edges
✅ supply-chain-risk-auditor
✅ variant-analysis
✅ yara-rule-authoring
✅ zeroize-audit
Summary: Scanned 16 skill(s), all passed security checks. ✅ |
rdimitrov
approved these changes
Apr 17, 2026
This was referenced Apr 17, 2026
Merged
JAORMX
added a commit
that referenced
this pull request
Apr 20, 2026
Packages 18 agent skills from getsentry/skills (Apache-2.0) into Dockyard, all pinned to upstream commit 94ea2a2 (main as of 2026-04-20). Second vendor in the per-vendor skills sweep after #466 (Trail of Bits). Security / review (strong fit with Dockyard's existing security catalog): - security-review — OWASP-style vulnerability review with confidence scoring - gha-security-review — GitHub Actions pwn-request/expression-injection audits - skill-scanner — scans other skills for injection, malicious code, overreach - find-bugs — diff-scoped bug/security/quality review with checklist - code-review — Sentry engineering-practice code review - claude-settings-audit — settings.json permission audit from detected stack - django-access-review — Django access-control and IDOR investigation - django-perf-review — validated Django performance review Skill authoring and workflow: - skill-writer — create/improve agent skills per the Agent Skills spec - prompt-optimizer — eval-driven prompt optimization with family adapters - agents-md — minimal AGENTS.md / CLAUDE.md maintenance - doc-coauthoring — structured three-stage doc co-authoring workflow - code-simplifier — clarity-first refactoring without behavior change Git and PR workflow: - commit — Sentry conventional-commit format with issue references - create-branch — Sentry naming-convention branch creation - pr-writer — Sentry-style PR titles and why-focused descriptions - iterate-pr — CI-passing loop with LOGAF-ranked feedback handling - gh-review-requests — team-filtered review-request notifications Skills excluded (Sentry-internal or narrow): brand-guidelines, blog-writing-guide, sred-project-organizer, sred-work-summary, typing-exclusion-worker, presentation-creator. Security allowlists: All 18 skills carry a MANIFEST_MISSING_LICENSE entry — upstream licenses are set at the repo root (Apache-2.0) rather than as SPDX identifiers in per-skill SKILL.md frontmatter. Three security-oriented skills carry additional entries for scanner false positives where the skill teaches attack patterns it is designed to detect: - gha-security-review: PIPELINE_TAINT_FLOW (curl|bash examples in reference docs, flagged by the scanner itself as instructional) - iterate-pr: RESOURCE_ABUSE_INFINITE_LOOP (bounded-retry poll loop in scripts/monitor_pr_checks.py with timeout and exit conditions) - skill-scanner: OBFUSCATION_BASE64_LARGE, PROMPT_INJECTION_UNRESTRICTED_MODE, YARA_prompt_injection_unicode_steganography (the skill documents each pattern it teaches other scanners to detect) All 18 skills pass 'task validate-skill' locally, and all 18 pass 'task scan-skill' with only allowlisted findings. Refs #478 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5 tasks
JAORMX
added a commit
that referenced
this pull request
Apr 20, 2026
Packages 8 supply-chain security skills from SocketDev/skills (MIT) into Dockyard, all pinned to upstream commit 25879b0 (main as of 2026-04-02). Third vendor in the per-vendor skills sweep after #466 (Trail of Bits) and #498 (Sentry). Socket.dev is a supply-chain security vendor; these skills complement Dockyard's existing supply-chain-risk-auditor. Scanning and inspection: - socket-scan — SBOM, vuln, malware, license audit + cdxgen fallback - socket-inspect — package-research workflow (scores, alerts, CVEs, alts) Setup: - socket-setup — CLI install, auth, CI and Dockerfile integration Dependency fixing (socket-fix umbrella + 4 sub-skills): - socket-fix — orchestrator (Fix All tiered / Fix Package modes) - socket-dep-cleanup — remove a single unused dependency - socket-dep-patch — apply Socket binary-level patches in place - socket-dep-replace — swap or inline a dependency - socket-dep-upgrade — socket fix with one-at-a-time version bumps Note: the socket-fix sub-skills reference `skills/_shared/verify-build.md` from the upstream repo. The OCI packager only bundles files under spec.path, so that shared reference file will not ship with the artifact. The skills still work from their SKILL.md; the shared reference is supplementary guidance. Security allowlists: All 8 skills carry MANIFEST_MISSING_LICENSE — upstream is MIT at the repo root rather than per-skill SPDX in SKILL.md frontmatter. socket-setup also allowlists PIPELINE_TAINT_FLOW: the skill's prerequisites cite the official nvm installer (`curl ... | bash`) as a documentation example. The scanner itself flags it as 'uses a well-known installer URL — likely a standard installation'. All 8 skills pass `task validate-skill` and `task scan-skill`. Refs #476 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5 tasks
JAORMX
added a commit
that referenced
this pull request
Apr 20, 2026
Packages 18 agent skills from getsentry/skills (Apache-2.0) into Dockyard, all pinned to upstream commit 94ea2a2 (main as of 2026-04-20). Second vendor in the per-vendor skills sweep after #466 (Trail of Bits). Security / review (strong fit with Dockyard's existing security catalog): - security-review — OWASP-style vulnerability review with confidence scoring - gha-security-review — GitHub Actions pwn-request/expression-injection audits - skill-scanner — scans other skills for injection, malicious code, overreach - find-bugs — diff-scoped bug/security/quality review with checklist - code-review — Sentry engineering-practice code review - claude-settings-audit — settings.json permission audit from detected stack - django-access-review — Django access-control and IDOR investigation - django-perf-review — validated Django performance review Skill authoring and workflow: - skill-writer — create/improve agent skills per the Agent Skills spec - prompt-optimizer — eval-driven prompt optimization with family adapters - agents-md — minimal AGENTS.md / CLAUDE.md maintenance - doc-coauthoring — structured three-stage doc co-authoring workflow - code-simplifier — clarity-first refactoring without behavior change Git and PR workflow: - commit — Sentry conventional-commit format with issue references - create-branch — Sentry naming-convention branch creation - pr-writer — Sentry-style PR titles and why-focused descriptions - iterate-pr — CI-passing loop with LOGAF-ranked feedback handling - gh-review-requests — team-filtered review-request notifications Skills excluded (Sentry-internal or narrow): brand-guidelines, blog-writing-guide, sred-project-organizer, sred-work-summary, typing-exclusion-worker, presentation-creator. Security allowlists: All 18 skills carry a MANIFEST_MISSING_LICENSE entry — upstream licenses are set at the repo root (Apache-2.0) rather than as SPDX identifiers in per-skill SKILL.md frontmatter. Three security-oriented skills carry additional entries for scanner false positives where the skill teaches attack patterns it is designed to detect: - gha-security-review: PIPELINE_TAINT_FLOW (curl|bash examples in reference docs, flagged by the scanner itself as instructional) - iterate-pr: RESOURCE_ABUSE_INFINITE_LOOP (bounded-retry poll loop in scripts/monitor_pr_checks.py with timeout and exit conditions) - skill-scanner: OBFUSCATION_BASE64_LARGE, PROMPT_INJECTION_UNRESTRICTED_MODE, YARA_prompt_injection_unicode_steganography (the skill documents each pattern it teaches other scanners to detect) All 18 skills pass 'task validate-skill' locally, and all 18 pass 'task scan-skill' with only allowlisted findings. Refs #478 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
JAORMX
added a commit
that referenced
this pull request
Apr 20, 2026
Packages 8 supply-chain security skills from SocketDev/skills (MIT) into Dockyard, all pinned to upstream commit 25879b0 (main as of 2026-04-02). Third vendor in the per-vendor skills sweep after #466 (Trail of Bits) and #498 (Sentry). Socket.dev is a supply-chain security vendor; these skills complement Dockyard's existing supply-chain-risk-auditor. Scanning and inspection: - socket-scan — SBOM, vuln, malware, license audit + cdxgen fallback - socket-inspect — package-research workflow (scores, alerts, CVEs, alts) Setup: - socket-setup — CLI install, auth, CI and Dockerfile integration Dependency fixing (socket-fix umbrella + 4 sub-skills): - socket-fix — orchestrator (Fix All tiered / Fix Package modes) - socket-dep-cleanup — remove a single unused dependency - socket-dep-patch — apply Socket binary-level patches in place - socket-dep-replace — swap or inline a dependency - socket-dep-upgrade — socket fix with one-at-a-time version bumps Note: the socket-fix sub-skills reference `skills/_shared/verify-build.md` from the upstream repo. The OCI packager only bundles files under spec.path, so that shared reference file will not ship with the artifact. The skills still work from their SKILL.md; the shared reference is supplementary guidance. Security allowlists: All 8 skills carry MANIFEST_MISSING_LICENSE — upstream is MIT at the repo root rather than per-skill SPDX in SKILL.md frontmatter. socket-setup also allowlists PIPELINE_TAINT_FLOW: the skill's prerequisites cite the official nvm installer (`curl ... | bash`) as a documentation example. The scanner itself flags it as 'uses a well-known installer URL — likely a standard installation'. All 8 skills pass `task validate-skill` and `task scan-skill`. Refs #476 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Packages 16 security-focused agent skills from
trailofbits/skills(CC-BY-SA-4.0) into Dockyard. All skills pinned to upstream commite8cc5ba(main as of 2026-04-17).This is the first of a planned vendor-by-vendor sweep of publicly-available hardened agent skills. A parallel survey of Chainguard's recently-announced Agent Skills catalog turned up no open-source content — their catalog is beta-gated behind contact sales — so there's nothing to repackage from them.
Skills added
Security analysis
agentic-actions-auditor— audits GitHub Actions workflows for AI-agent security holes (prompt injection, env-var intermediary, wildcard allowlists)codeql,semgrep,sarif-parsing— classic SAST tooling from thestatic-analysispluginsemgrep-rule-creator,semgrep-rule-variant-creator— authoring and porting custom Semgrep rulesSupply chain and defensive review
supply-chain-risk-auditor— dependency takeover/exploitation riskinsecure-defaults— fail-open configurations and hardcoded secretssharp-edges— footgun APIs and dangerous defaultsfp-check— false-positive verification with gate reviewsdifferential-review— security-focused PR/commit reviewvariant-analysis— finding bug variants across a codebaseCryptographic verification
constant-time-analysis— timing side-channels across 12 languageszeroize-audit— compiler-eliminated zeroization in C/C++/Rustproperty-based-testing— PBT guidance across multiple languagesMalware analysis
yara-rule-authoring— YARA-X detection rule authoringSkills intentionally excluded
TOB internal / narrow-audience plugins (
debug-buttercup,culture-index,claude-in-chrome-troubleshooting,let-fate-decide,skill-improver,workflow-skill-design, etc.), fuzzing toolkits fromtesting-handbook-skills(15 skills — candidates for a follow-up PR if there's interest), blockchain-specific scanners frombuilding-secure-contracts(11 skills — same), andtrailmark(10 skills, TOB-specific workflow).Security allowlists
All 16 carry one allowlist entry for
MANIFEST_MISSING_LICENSE(INFO) — upstream licenses at the repo root under CC-BY-SA-4.0 rather than in per-skill SKILL.md frontmatter. Four skills carry additional per-skill entries for scanner false positives documented inline:sarif-parsing/semgrep—ALLOWED_TOOLS_*_VIOLATION(scanner doesn't account forBashcovering grep/write transitively)semgrep-rule-creator—YARA_code_execution_genericmatching documentedeval()examples the skill teaches you to detectzeroize-audit—PATH_TRAVERSAL_OPEN,YARA_coercive_injection_generic,DATA_EXFIL_SENSITIVE_FILESmatching the word "secret" in a skill that audits zeroization of secretsTest plan
task validate-skill -- skills/<name>against all 16 (all VALID)Build Skill Artifactsworkflow succeeds on this PRskill-scan-reportsurfaces only allowlisted findingsghcr.io/stacklok/dockyard/skills/<name>:0.1.0🤖 Generated with Claude Code