Skills trailmark-summary
Runs a trailmark summary analysis on a codebase. Returns language detection, entry point count, and dependency graph shape. Use when vivisect or galvanize needs a quick structural overview. Triggers: trailmark summary, code summary, structural overview.
install
source · Clone the upstream repo
git clone https://github.com/trailofbits/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/trailofbits/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/trailmark/skills/trailmark-summary" ~/.claude/skills/trailofbits-skills-trailmark-summary && rm -rf "$T"
manifest:
plugins/trailmark/skills/trailmark-summary/SKILL.mdsource content
Trailmark Summary
Runs
trailmark analyze --summaryWhen to Use
- Vivisect Phase 0 needs a quick structural overview before decomposition
- Galvanize Phase 1 needs language detection and entry point count
- Quick orientation on an unfamiliar codebase before deeper analysis
When NOT to Use
- Full structural analysis with all passes needed (use
)trailmark-structural - Detailed code graph queries (use the main
skill directly)trailmark - You need hotspot scores or taint data (use
)trailmark-structural
Rationalizations to Reject
| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "I can read the code manually instead" | Manual reading misses dependency graph shape and entry point enumeration | Install and run trailmark |
| "Language detection doesn't matter" | Wrong language flag produces empty or incorrect analysis | Detect language from file extensions first |
| "Partial output is good enough" | Missing any of the three required outputs (language, entry points, dependencies) means incomplete analysis | Verify all three are present |
| "Tool isn't installed, I'll skip it" | This skill exists specifically to run trailmark | Report the installation gap instead of skipping |
Usage
The target directory is passed via the
argsExecution
Step 1: Check that trailmark is available.
trailmark analyze --help 2>/dev/null || \ uv run trailmark analyze --help 2>/dev/null
If neither command works, report "trailmark is not installed" and return. Do NOT run
pip installuv pip installgit cloneStep 2: Detect the primary language.
find {args} -type f \( -name '*.rs' -o -name '*.py' \ -o -name '*.go' -o -name '*.js' -o -name '*.jsx' \ -o -name '*.ts' -o -name '*.tsx' -o -name '*.sol' \ -o -name '*.c' -o -name '*.h' -o -name '*.cpp' \ -o -name '*.hpp' -o -name '*.hh' -o -name '*.cc' \ -o -name '*.cxx' -o -name '*.hxx' \ -o -name '*.rb' -o -name '*.php' -o -name '*.cs' \ -o -name '*.java' -o -name '*.hs' -o -name '*.erl' \ -o -name '*.cairo' -o -name '*.circom' \) 2>/dev/null | \ sed 's/.*\.//' | sort | uniq -c | sort -rn | head -5
Map the most common extension to a language flag:
->.rs--language rust
-> (no flag, Python is default).py
->.go--language go
/.js
->.jsx--language javascript
/.ts
->.tsx--language typescript
->.sol--language solidity
/.c
->.h--language c
/.cpp
/.hpp
/.hh
/.cc
/.cxx
->.hxx--language cpp
->.rb--language ruby
->.php--language php
->.cs--language c_sharp
->.java--language java
->.hs--language haskell
->.erl--language erlang
->.cairo--language cairo
->.circom--language circom
Step 3: Run the summary.
trailmark analyze --summary {language_flag} {args} 2>&1 || \ uv run trailmark analyze --summary {language_flag} {args} 2>&1
Step 4: Verify the output.
The output must include ALL THREE of:
- Language detection (at least one language name)
- Entry point count (or "no entry points found")
- Dependency graph shape (module count or "single module")
If any are missing, report the gap. Do not fabricate output.
Return the full trailmark output.