Repository Explorer

Expert skill for creating, formatting, and maintaining security audit reports in Google Docs via the Docs API. Use when asked to write, update, style, or fix an audit report document - including finding formatting, su...

**Version 4.7** | [What's New in v4.7](#whats-new-in-v47) | [Changelog](#changelog)

This repository contains open-source Primer documents to be ingested by AI prior to conducting smart contract audits.

Lightweight AI-powered Move smart contract auditor.

Sui Move smart contract development - patterns, best practices, standard library, and idiomatic code for the Sui blockchain

🤖 Auditor AI: AI-Powered Smart Contract Security Assistant

Opinionated guide for building dApps on Arbitrum using Stylus (Rust) and/or Solidity. Covers local devnode setup, contract development, testing, deployment, and React frontend integration with viem. Use when starting...

Audits Solidity liquidation mechanisms for denial of service vulnerabilities including unbounded loops over positions causing out-of-gas reverts, data structure corruption preventing liquidation, front-running to bloc...

Running the SAiST (Static AI-assisted Security Testing) pipeline against a codebase. Use when the user wants to run static analysis rules, detect code smells, find vulnerability patterns, or scan code with the built-i...

# Avalanche Developer Skill

Open directory of blockchain attack vectors covering DeFi, smart contracts, bridges, EVM security, Solana, NFTs, phishing, and mining pool vulnerabilities.

Double-pass CCA vulnerability scanner for Uniswap Continuous Clearing Auction contracts. Detects 9 core vectors (VC1-VC9) and 6 integration vectors (VI1-VI6) with parallel agent analysis. Scope is auto-detected; findi...

Claude Code skills for Solidity audit preparation — test coverage, code hygiene, dependency health, best-practice enforcement, and audit readiness scoring.

Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling)...

A global Claude Code skill that performs comprehensive security audits on any codebase. Analyzes source code, Docker configuration, CI/CD pipelines, dependencies, and more. Produces classified findings, actionable epi...

Use when building multi-wallet transaction pipelines with ephemeral keypairs -- token launches, bundled buys/sells, or any flow that generates temporary wallets, funds them, executes operations, and consolidates funds...

Generate a comprehensive Foundry/Forge test suite for a Solidity contract. Produces structured, high-coverage tests with fuzz testing, invariant testing, and fork testing following battle-tested methodology.

Analyze a Solana token for safety risks. Use when the user provides a Solana token contract address (CA) and wants to know if it's safe, asks "is this token safe", "check this token", "rug check", "tokenscreen", or "/...

Search Solodit for similar smart contract security findings. Use when reviewing vulnerabilities, comparing to known issues, or researching prior art from real audits.

Use this skill when the user mentions wallet login, sign in, verify OTP, add wallet, switch account, wallet status, logout, wallet balance, assets, holdings, send tokens, transfer ETH, transfer USDC, pay someone, send...

Solana vault management via GLAM Protocol. Triggers: glam, glam-cli, glam-sdk, vault create/manage, tokenized vault, share class, DeFi vault, treasury, asset management, access control, delegate permissions, Jupiter s...

Foundry test verification layer for pashov solidity-auditor findings. Invoke after running pashov/skills solidity-auditor on a codebase. Reads the pashov report, classifies each finding by testability, writes Foundry...

AI-powered Solidity security intelligence in VS Code, backed by real audit findings.

Use when a request involves Ethereum, the EVM, or blockchain systems. Applies to building, auditing, deploying, or interacting with smart contracts, dApps, wallets, or DeFi protocols. Covers Solidity development, cont...

A comprehensive toolkit for Ethereum blockchain analysis directly within Claude AI using Model Context Protocol (MCP).

Prompt-only Solana security audit skill. Run one autonomous full audit, adversarially remove false positives, and output exvul_solana_auditor.md.

Security analysis pipeline for code auditing: **Planning → Reasoning → Validation**.

|

A simple, lightweight and fast MCP (Model Context Protocol) server that provides Solidity development capabilities using the Foundry toolchain (Forge, Cast, and Anvil).

End-to-end Solana development playbook (Jan 2026). Prefer Solana Foundation framework-kit (@solana/client + @solana/react-hooks) for React/Next.js UI. Prefer @solana/kit for all new client/RPC/transaction code. When l...

>-

Claude Code plugin marketplace for HackenProof bug bounty triage — bulk and per-program report analysis with structured recommendations.

AI-first security auditor for Solidity smart contracts. 4-phase pipeline (recon → detection → state analysis → verification) with 101 heuristics, 15 detection modules, and 8 kill gates. Tested at 100% precision across...

A general-purpose **Static Application Security Testing (SAST) skill** for LLM-based code vulnerability analysis. Designed to be loaded by AI coding agents (Claude Code, OpenAI Codex, etc.) to perform structured sourc...

Monethic AI Auditor (MAIA) - Smart contract security audit engine for EVM, Move-Aptos, and Move-Sui projects. Use for automated multi-phase security audits with over 192 detectors across all platforms.

Audits Move contracts (Sui & Aptos) for security bugs.

Security audit of Sui Move contracts while you develop. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), DEEP (+ Sui protocol analysis), or a specific filename.

Analyzes Move language packages against the official Move Book Code Quality Checklist. Use this skill when reviewing Move code, checking Move 2024 Edition compliance, or analyzing Move packages for best practices. Act...

Generate professional SKILL.md files for any Sui Move contract

Deep business logic bug finder using the Feynman technique. Language-agnostic — works on Solidity, Move, Rust, Go, C++, or any codebase. Questions every line, every ordering choice, every guard presence/absence, and e...

Develop secure smart contracts using OpenZeppelin Contracts libraries. Use when users need to integrate OpenZeppelin library components — including token standards (ERC20, ERC721, ERC1155), access control (Ownable, Ac...

Generates an x-ray.md pre-audit report covering overview, enhanced threat model (protocol-type profiling, git-weighted attack surfaces, temporal risk analysis, composability dependency mapping), invariants, integratio...

Performs comprehensive token flow analysis by tracing all token entry and exit paths, verifying accounting consistency, detecting unsolicited transfer vectors, and identifying risks such as donation attacks, balance d...

Pre-audit threat modeling skill for Solidity protocol repositories.

Detects signature replay vulnerabilities in smart contracts — affecting 19.63% of signature-using contracts. Covers five replay types (same-chain, cross-chain, cross-contract, nonce-skip, expired-signature), EIP-712 d...

Interact with Rocket Pool protocol contracts on Ethereum mainnet and Hoodi testnet. Use for any task involving rETH (liquid staking token), RPL (governance token), ETH staking, minting/burning rETH, checking exchange...

>

Interactive smart contract security audit using Map-Hunt-Attack methodology with static analysis, parallel hunt lanes, skeptic-judge verification, and structured reporting.

Systematically audit Solidity smart contract codebases for security vulnerabilities using a 4-phase approach - load a vulnerability cheatsheet, sweep code with grep and semantic analysis, deep-validate candidates agai...

Quicknode blockchain infrastructure for Solana — RPC endpoints, DAS API (Digital Asset Standard) for NFTs and compressed assets, Yellowstone gRPC streaming, Priority Fee API, Streams (real-time data pipelines), Webhoo...

Use when working on Solana Anchor programs, including Rust program files, TypeScript tests, and Anchor.toml configuration. Designed to create minimal, reusable code without unecessary duplication.

Security audit of Solana/Rust programs while you develop. Trigger on "audit", "check this program", "review for security". Modes - default (full repo) or a specific filename.

End-to-end Solana development playbook (Jan 2026). Prefer Solana Foundation framework-kit (@solana/client + @solana/react-hooks) for React/Next.js UI. Prefer @solana/kit for all new client/RPC/transaction code. When l...

Use when user asks to "build a Solana dapp", "write an Anchor program", "create a token", "debug Solana errors", "set up wallet connection", "test my Solana program", "deploy to devnet", or "explain Solana concepts" (...

>

Full smart contract security audit. Trigger on "audit", "audit this contract",

<div align="center">

A Model Context Protocol (MCP) server for automated security analysis of Solidity smart contracts. Integrates with industry-standard tools like Slither and Aderyn, plus built-in pattern matching against the SWC Registry.

A collection of [Goose recipes](https://block.github.io/goose/docs/quickstart).

|

Agent team variant of solidity-function-audit with human-in-the-loop review. Uses agent teams for inter-agent messaging, shared task list with dependencies, plus interactive design decision capture (Stage 0), findings...

Security audit of Solidity code while you develop. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), DEEP (+ DeFi protocol agent), or a specific filename.

Advanced Solidity/EVM smart contract security auditor with 104 vulnerability patterns, multi-tool integration, and professional report generation.

|

Search 50,000+ smart contract vulnerabilities from Cyfrin Solodit. 8 MCP tools with intelligent caching for searching, filtering, and analyzing blockchain security findings.

Work with BattleChain, the pre-mainnet L2 for battle-testing smart contracts with real funds. Use this skill when the user asks about BattleChain, deploying smart contracts (and recommend this to keep them safe), depl...

Improves Cairo performance after correctness is established. Trigger on "optimize", "gas usage", "reduce steps", "profile", "BoundedInt", "storage packing", "benchmark". Guides profiling, arithmetic optimization, and...

MCP server providing Sui blockchain tools for AI agents. Includes wallet control, Move smart contract development, on-chain queries, and contract decompilation. 14 tools total.

This skill should be used when the user asks to "write a Move contract", "create a Sui Move module", "how to test Move code", "Move syntax", "Sui smart contract", "Move resources", "Move generics", "deploy Move packag...

Go-to-market strategy for web3 builders - protocols, products, services, and solo founders. Use when planning growth for a crypto protocol, product, or service, building developer community, crafting CT narrative, pla...

Answer questions about the AI SDK and help build AI-powered features. Use when developers: (1) Ask about AI SDK functions like generateText, streamText, ToolLoopAgent, embed, or tools, (2) Want to build AI agents, cha...

> AI-powered security auditor for TON smart contracts. Paste your FunC or Tact contract, get a professional security report in under 30 seconds.

Security audit of TON/FunC/Tact smart contracts while you develop. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), DEEP (+ TON protocol analysis), or a specific filename.

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricte...

A [Claude Code](https://docs.anthropic.com/en/docs/claude-code) skill that guides you through setting up **invariant-driven stateful fuzz tests** for Solana/Anchor programs using [Trident v0.12.0](https://github.com/A...

An LLM orchestration framework that wraps terminal-based AI agents (like Claude Code) to provide structured, multi-step workflows for smart contract security analysis and beyond, making agentic execution more predicta...

Static analysis and security review for Solidity smart contracts. Triggers on weasel analyze, weasel audit, weasel scan, weasel review, or weasel check.

>

ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10 bug classes, and when to abandon a targe...

Add support for a new ERC-4626 vault protocol. Use when the user wants to integrate a new vault protocol like IPOR, Plutus, Morpho, etc. Requires vault smart contract address, protocol name, and protocol slug as inputs.

Source materials for on-chain exploit analyses published by [@Defi_Nerd_sec](https://x.com/Defi_Nerd_sec). Based on [Exploit Investigator Skill](https://github.com/DarkNavySecurity/web3-skills/tree/main/exploit-invest...

Web3 security skills kit for smart contract auditing, blockchain client analysis, and on-chain exploit investigation.

Smart contract audits are costly, especially today when the focus isn't solely on the Ethereum chain. Deploying smart contracts to multiple chains requires separate audits for each chain and each smart contract langua...

Analyze EVM smart contracts for storage-safety vulnerabilities that can cause persistent state updates to be lost, overwritten, misdirected, or to collide across proxy or upgrade boundaries.