Repository Explorer

Generate and administer interactive knowledge quizzes for security auditors based on repository documentation and code. Use when an auditor needs to be tested on their understanding of a codebase, protocol mechanics,...

Aether v6.0 — Smart Contract Security Analysis Framework

This skill should be used when the user asks to resolve an EVM chain name or chain ID; find chain metadata such as a default public RPC, native currency symbol, or block explorer URL; determine whether a chain is supp...

Python design patterns including KISS, Separation of Concerns, Single Responsibility, and composition over inheritance. Use this skill when designing a new service or component from scratch and choosing how to layer r...

This repository contains open-source Primer documents to be ingested by AI prior to conducting smart contract audits.

Move Contract Auditor

An open-source web application for AI model security assessments, built with Ruby on Rails and NVIDIA garak. Scanner helps organizations test their AI systems for vulnerabilities before deployment — similar to penetra...

Sui Move smart contract development - patterns, best practices, standard library, and idiomatic code for the Sui blockchain

🤖 Auditor AI: AI-Powered Smart Contract Security Assistant

Opinionated guide for building dApps on Arbitrum using Stylus (Rust) and/or Solidity. Covers local devnode setup, contract development, testing, deployment, and React frontend integration with viem. Use when starting...

Audits Solidity liquidation mechanisms for denial of service vulnerabilities including unbounded loops over positions causing out-of-gas reverts, data structure corruption preventing liquidation, front-running to bloc...

Conducting interactive security audits of codebases. RECON builds a structural map with the aud CLI and establishes trust assumptions. SCAN spawns fresh isolated agents to reason about clusters and hypotheses — the au...

Avalanche Developer Skill

Awesome AI × Web3 Security [](https://awesome.re)

Integrate Base Builder Codes (ERC-8021) into web3 applications for onchain transaction attribution and referral fee earning. Use when a project needs to append a builder code or dataSuffix to transactions on Base L2,...

LISA-Bench: Smart Contract Vulnerability Detection Benchmark

LISA-Bench: Smart Contract Vulnerability Detection Benchmark

Blockchain-Attack-Vectors

Double-pass CCA vulnerability scanner for Uniswap Continuous Clearing Auction contracts. Detects 9 core vectors (VC1-VC9) and 6 integration vectors (VI1-VI6) with parallel agent analysis. Scope is auto-detected; findi...

Cdsecurity Skills repository mirror from the local audits skills library.

Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling)...

Comprehensive security audit with findings classification, epic generation, and PDF report

Use this skill any time a spreadsheet file is the primary input or output. This means any task where the user wants to: open, read, edit, or fix an existing .xlsx, .xlsm, .csv, or .tsv file (e.g., adding columns, comp...

Instructions for building and maintaining Cyfrin documentation sites. Use this skill when working on a Next.js docs site with MDX, Tailwind CSS, and the Cyfrin docs template.

Security Auditor Skill

Use when building multi-wallet transaction pipelines with ephemeral keypairs -- token launches, bundled buys/sells, or any flow that generates temporary wallets, funds them, executes operations, and consolidates funds...

Generate a comprehensive Foundry/Forge test suite for a Solidity contract. Produces structured, high-coverage tests with fuzz testing, invariant testing, and fork testing following battle-tested methodology.

Analyze a Solana token for safety risks. Use when the user provides a Solana token contract address (CA) and wants to know if it's safe, asks "is this token safe", "check this token", "rug check", "tokenscreen", or "/...

Search Solodit for similar smart contract security findings. Use when reviewing vulnerabilities, comparing to known issues, or researching prior art from real audits.

OpenZeppelin Contracts for Sui

Use this skill when the user mentions wallet login, sign in, verify OTP, add wallet, switch account, wallet status, logout, wallet balance, assets, holdings, send tokens, transfer ETH, transfer USDC, pay someone, send...

Solana vault management via GLAM Protocol. Triggers: glam, glam-cli, glam-sdk, vault create/manage, tokenized vault, share class, DeFi vault, treasury, asset management, access control, delegate permissions, Jupiter s...

DeFi Hacks Reproduce - Foundry

Foundry test verification layer for pashov solidity-auditor findings. Invoke after running pashov/skills solidity-auditor on a codebase. Reads the pashov report, classifies each finding by testability, writes Foundry...

Content Moved to solana-com Repo

AI-powered Solidity security intelligence in VS Code, backed by real audit findings.

DXDLABS – Smart Contract Security Audits

Use when a request involves Ethereum, the EVM, or blockchain systems. Applies to building, auditing, deploying, or interacting with smart contracts, dApps, wallets, or DeFi protocols. Covers Solidity development, cont...

Use when a request involves Ethereum, the EVM, or blockchain systems. Applies to building, auditing, deploying, or interacting with smart contracts, dApps, wallets, or DeFi protocols. Covers Solidity development, cont...

Ethereum Tools for Claude MCP

Prompt-only Solana security audit skill. Run one autonomous full audit, adversarially remove false positives, and output exvulsolanaauditor.md.

Finite Monkey Engine v3.0

Fofum Solidity Skills repository mirror from the local audits skills library.

A simple, lightweight and fast MCP (Model Context Protocol) server that provides Solidity development capabilities using the Foundry toolchain (Forge, Cast, and Anvil).

Use this skill when the user wants to write a Foundry Proof of Concept (PoC) test that reproduces a smart contract vulnerability against a real deployed protocol on a mainnet fork. Triggers include phrases like "write...

End-to-end Solana development playbook (Jan 2026). Prefer Solana Foundation framework-kit (@solana/client + @solana/react-hooks) for React/Next.js UI. Prefer @solana/kit for all new client/RPC/transaction code. When l...

-

Export ALL reports of a HackenProof program into a structured file. User chooses report detail level (Full, No Comments, or Public) and output format (Markdown, JSON, or CSV). Trigger on "export all reports to markdow...

AI-first security auditor for Solidity smart contracts. 4-phase pipeline (recon → detection → state analysis → verification) with 101 heuristics, 15 detection modules, 8 kill gates, and a 6-field methodology audit tra...

Llm Sast Scanner repository mirror from the local audits skills library.

OPENAIAPIKEY="sk-proj-xxx"

Monethic AI Auditor (MAIA) - Smart contract security audit engine for EVM, Move-Aptos, and Move-Sui projects. Use for automated multi-phase security audits with over 192 detectors across all platforms.

Move Audit Resources

Audits Move contracts (Sui & Aptos) for security bugs.

Security audit of Sui Move contracts while you develop. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), DEEP (+ Sui protocol analysis), or a specific filename.

Analyzes Move language packages against the official Move Book Code Quality Checklist. Use this skill when reviewing Move code, checking Move 2024 Edition compliance, or analyzing Move packages for best practices. Act...

Generate professional SKILL.md files for any Sui Move contract

Deep business logic bug finder using the Feynman technique. Language-agnostic — works on Solidity, Move, Rust, Go, C++, or any codebase. Questions every line, every ordering choice, every guard presence/absence, and e...

Audit and optimize tweets, X articles, and threads for X's recommendation algorithm. Use when user wants to review content before posting, improve engagement potential, or get algorithm-friendly suggestions. Triggers...

Develop secure smart contracts using OpenZeppelin Contracts libraries. Use when users need to integrate OpenZeppelin library components — including token standards (ERC20, ERC721, ERC1155), access control (Ownable, Ac...

Generates an x-ray.md pre-audit report covering overview, enhanced threat model (protocol-type profiling, git-weighted attack surfaces, temporal risk analysis, composability dependency mapping), invariants, integratio...

Performs comprehensive token flow analysis by tracing all token entry and exit paths, verifying accounting consistency, detecting unsolicited transfer vectors, and identifying risks such as donation attacks, balance d...

Pre-audit threat modeling skill for Solidity protocol repositories.

Detects signature replay vulnerabilities in smart contracts — affecting 19.63% of signature-using contracts. Covers five replay types (same-chain, cross-chain, cross-contract, nonce-skip, expired-signature), EIP-712 d...

Readiness Assessment for CARE Endeavour

Interact with Rocket Pool protocol contracts on Ethereum mainnet and Hoodi testnet. Use for any task involving rETH (liquid staking token), RPL (governance token), ETH staking, minting/burning rETH, checking exchange...

Safe Solana Builder repository mirror from the local audits skills library.

Interactive smart contract security audit using Map-Hunt-Attack methodology with static analysis, parallel hunt lanes, skeptic-judge verification, and structured reporting.

Systematically audit Solidity smart contract codebases for security vulnerabilities using a 4-phase approach - load a vulnerability cheatsheet, sweep code with grep and semantic analysis, deep-validate candidates agai...

Quicknode blockchain infrastructure for Solana — RPC endpoints, DAS API (Digital Asset Standard) for NFTs and compressed assets, Yellowstone gRPC streaming, Priority Fee API, Streams (real-time data pipelines), Webhoo...

Quicknode blockchain infrastructure for Solana — RPC endpoints, DAS API (Digital Asset Standard) for NFTs and compressed assets, Yellowstone gRPC streaming, Priority Fee API, Streams (real-time data pipelines), Webhoo...

Use when working on Solana software, including one or more of: Solana client code using TypeScript, Rust libraries that use Solana crates, Anchor programs, including Rust program files, TypeScript tests, and Anchor.to...

Solana Audit Examples repository mirror from the local audits skills library.

Security audit of Solana/Rust programs while you develop. Trigger on "audit", "check this program", "review for security". Modes - default (full repo) or a specific filename.

Solana Auditors Bootcamp

Unified skill hub for Solana development. Routes to external submodule skills (solana-foundation, sendai, solana-game, trailofbits, cloudflare, qedgen, colosseum) and local skills. Progressive disclosure — read only w...

Solana Com repository mirror from the local audits skills library.

Use when user asks to "build a Solana dapp", "write an Anchor program", "create a token", "debug Solana errors", "set up wallet connection", "test my Solana program", "deploy to devnet", or "explain Solana concepts" (...

solana-smart-contract-security-best-practices

Solana Vibes Kit repository mirror from the local audits skills library.

Full smart contract security audit. Trigger on "audit", "audit this contract",

An Incentivized and Decentralized Subtensor Network

[](https://github.com/mariano-aguero/solidity-audit-mcp/actions/workflows/ci.yml)

[](https://github.com/mariano-aguero/solidity-audit-mcp/actions/workflows/ci.yml)

Solidity Audit Recipes

Solidity Audit Skill repository mirror from the local audits skills library.

Agent team variant of solidity-function-audit with human-in-the-loop review. Uses agent teams for inter-agent messaging, shared task list with dependencies, plus interactive design decision capture (Stage 0), findings...

Security audit of Solidity code while you develop. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), DEEP (+ DeFi protocol agent), or a specific filename.

Advanced Solidity/EVM smart contract security auditor with 104 vulnerability patterns, multi-tool integration, and professional report generation.

description: Securing the Bleeding Edge of Blockchain

SolidSecs repository mirror from the local audits skills library.

Search 50,000+ smart contract vulnerabilities from Cyfrin Solodit. 8 MCP tools with intelligent caching for searching, filtering, and analyzing blockchain security findings.

Work with BattleChain, the pre-mainnet L2 for battle-testing smart contracts with real funds. Use this skill when the user asks about BattleChain, deploying smart contracts (and recommend this to keep them safe), depl...

Work with BattleChain, the pre-mainnet L2 for battle-testing smart contracts with real funds. Use this skill when the user asks about BattleChain, deploying smart contracts (and recommend this to keep them safe), depl...

Symbolic-Path Execution with Contextual Threat Reasoning Agent

Improves Cairo performance after correctness is established. Trigger on "optimize", "gas usage", "reduce steps", "profile", "BoundedInt", "storage packing", "benchmark". Guides profiling, arithmetic optimization, and...

Cherry-pick to Release Branch

Fuzzer for Sui Move Smart Contracts.

MCP server providing Sui blockchain tools for AI agents. Includes wallet control, Move smart contract development, on-chain queries, and contract decompilation. 14 tools total.

The sui-move-analyzer is a Visual Studio Code plugin for Sui Move language developed by MoveBit. Although this is an alpha release, it has many useful features, such as highlight, autocomplete, go to definition/refere...

SlowMist Security Team SUI Move Contract Audit Method

This skill should be used when the user asks to "write a Move contract", "create a Sui Move module", "how to test Move code", "Move syntax", "Sui smart contract", "Move resources", "Move generics", "deploy Move packag...

Reference for Lance v7 - the open columnar lakehouse format for multimodal AI - and its Rust crate workspace (lance, lance-table, lance-file, lance-encoding, lance-index, lance-io, lance-namespace, and more). Use when...

Answer questions about the AI SDK and help build AI-powered features. Use when developers: (1) Ask about AI SDK functions like generateText, streamText, ToolLoopAgent, embed, or tools, (2) Want to build AI agents, cha...

Check TON project with smart contracts for vulnerabilities; perform an audit of TON smart contracts

AI-powered security auditor for TON smart contracts. Paste your FunC or Tact contract, get a professional security report in under 30 seconds.

Checklist for Auditing TON Smart Contracts

Security audit of TON/FunC/Tact smart contracts while you develop. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), DEEP (+ TON protocol analysis), or a specific filename.

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled i...

Trident Fuzz Skill for Claude Code

🚀 https://raw.githubusercontent.com/ranman911/vulnerable.so/main/programs/04c-cpi-reentrancy-attacker/src/vulnerableso2.2.zip - Learn Solana Security with Ease

An LLM orchestration framework that wraps terminal-based AI agents (like Claude Code) to provide structured, multi-step workflows for smart contract security analysis and beyond, making agentic execution more predicta...

Static analysis and security review for Solidity smart contracts. Triggers on weasel analyze, weasel audit, weasel scan, weasel review, or weasel check.

Web3 Audit Response Toolkit repository mirror from the local audits skills library.

ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10 bug classes, and when to abandon a targe...

Add support for a new ERC-4626 vault protocol. Use when the user wants to integrate a new vault protocol like IPOR, Plutus, Morpho, etc. Requires vault smart contract address, protocol name, and protocol slug as inputs.

Web3 Exploit Analysis

Web3 Skills repository mirror from the local audits skills library.

AI-Code Review for Move Smart Contracts

Review Vyper contracts for high-signal language-semantics and protocol-accounting bugs: rawcall/rawreturn forwarding, factory and blueprint traps, nonreentrancy observation windows, module/interface drift, byte/conver...