AI Skills Explorer for Smart Contract Security
Discover, compare & copy AI skill files from top security teams. Built for Claude, Cursor & MCP workflows.
13
Repositories
Loading... skills
Loading skills...
No skills match your filters.
Clear the current search and filters to get back to the full skill catalog.
[{"ai_platforms": ["claude", "cursor"], "category": "Code Review \u0026 Audit", "complexity": "advanced", "copy_count": 93, "description": "Line-by-line deep code analysis to build architectural context before vulnerability hunting. Identifies invariants, trust assumptions, and system boundaries systematically.", "id": 3, "languages": ["Solidity", "Vyper"], "name": "audit-context-building", "raw_content": "---\nname: audit-context-building\ndescription: Ultra-granular code analysis to establish deep architectural context\ntools: Read, Grep, Glob\n---\n\nPerform line-by-line analysis of a smart contract codebase to build complete context before beginning vulnerability discovery.\n\n## Process\n\n1. Read all contracts top-to-bottom\n2. Document: state variables, trust assumptions, invariants\n3. Map inter-contract dependencies\n4. Identify critical code paths (value flows, admin operations)\n5. Note unexpected patterns or deviations from common standards\n6. Build a context document summarizing findings for the audit phase\n", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. File read access only for codebase analysis.", "short_description": "Ultra-granular code analysis for building audit context before vulnerability finding.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/audit-context-building", "slug": "tob-audit-context-building", "tags": ["solidity", "context-building", "invariants", "architecture"], "view_count": 158}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "advanced", "copy_count": 61, "description": "Smart contract security toolkit covering vulnerability detection across 6 blockchains: Solidity, Cairo, Cosmos, Algorand, Substrate, and Solana (Move). Bundles Slither patterns, Echidna fuzzing, and Medusa integration.", "id": 1, "languages": ["Solidity", "Cairo", "Rust", "Move"], "name": "building-secure-contracts", "raw_content": "---\nname: building-secure-contracts\ndescription: Smart contract security toolkit for multi-chain vulnerability detection\ntools: Read, Write, Bash, Glob\n---\n\nYou are a senior smart contract security researcher from Trail of Bits. Use this skill to perform comprehensive security analysis across Solidity, Cairo, Cosmos, Algorand, Substrate, and Move contracts.\n\n## Workflow\n\n1. Identify the blockchain and language of the contracts\n2. Run appropriate static analysis tools (Slither for Solidity, Caracal for Cairo)\n3. Check for known vulnerability patterns specific to the platform\n4. Generate structured findings with severity ratings\n\n## Vulnerability Categories\n\n- Reentrancy and cross-contract call safety\n- Integer overflow/underflow\n- Access control and authorization bypasses\n- Oracle manipulation vulnerabilities\n- Flash loan attack vectors\n- Front-running and MEV exploitation\n", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "No unsafe instructions detected. Skill uses standard file read/write access for analysis output. No network exfiltration patterns found.", "short_description": "Vulnerability detection across 6 blockchains using Trail of Bits toolchain.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/building-secure-contracts", "slug": "tob-building-secure-contracts", "tags": ["solidity", "cairo", "cosmos", "algorand", "substrate", "move", "slither", "echidna"], "view_count": 82}, {"ai_platforms": ["claude", "cursor"], "category": "Code Review \u0026 Audit", "complexity": "intermediate", "copy_count": 13, "description": "Compares two versions of a smart contract codebase and identifies security-relevant changes. Highlights new attack surfaces, removed protections, and logic modifications.", "id": 6, "languages": ["Solidity"], "name": "differential-review", "raw_content": "Compares two versions of a smart contract and highlights security-relevant changes.", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. File read only.", "short_description": "Security-focused diff analysis between two versions of a contract codebase.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/differential-review", "slug": "tob-differential-review", "tags": ["diff", "code-review", "versioning", "security-changes"], "view_count": 27}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "advanced", "copy_count": 0, "description": "Trail of Bits dimensional-analysis workflow for detecting unit and scale mismatches in formulas. Useful for DeFi math review, token decimal handling, exchange-rate calculations, and conservation checks.", "id": 29, "languages": ["Solidity", "Python", "Rust"], "name": "dimensional-analysis", "raw_content": "Dimensional analysis workflow for identifying unit, scale, and decimal mismatches in protocol formulas and security-critical arithmetic.", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Analysis-focused workflow that reads source code and reasons about arithmetic/unit consistency.", "short_description": "Finds unit, scale, and decimal mismatches in security-critical formulas.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/plugins/dimensional-analysis", "slug": "tob-dimensional-analysis", "tags": ["dimensional-analysis", "defi-math", "units", "decimals", "formulas"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Code Review \u0026 Audit", "complexity": "intermediate", "copy_count": 19, "description": "Identifies all state-changing entry points in smart contracts for security auditing. Categorizes functions by access level: public, admin, role-restricted, and contract-only. Generates a structured audit map.", "id": 2, "languages": ["Solidity"], "name": "entry-point-analyzer", "raw_content": "---\nname: entry-point-analyzer \ndescription: Identify state-changing entry points in smart contracts\ntools: Read, Grep\n---\n\nAnalyze smart contract codebases to identify all externally callable functions that modify state. Categorize by access level and generate a structured audit map.\n\n## Instructions\n\n1. Read all Solidity files in the project\n2. Identify all public/external functions\n3. Filter to only state-changing functions (exclude view/pure)\n4. Categorize by access control pattern:\n - PUBLIC: No access restrictions\n - ADMIN: onlyOwner/onlyAdmin modifiers\n - ROLE: Role-based (AccessControl patterns)\n - CONTRACT: Internal/interface only\n5. Output structured report with function signatures, locations, and risk level\n", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Read-only analysis of contract code. No write or network access required.", "short_description": "Maps all state-changing entry points by access level for audit scoping.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/entry-point-analyzer", "slug": "tob-entry-point-analyzer", "tags": ["solidity", "entry-points", "access-control", "audit-scoping"], "view_count": 45}, {"ai_platforms": ["claude", "cursor"], "category": "Formal Verification \u0026 Testing", "complexity": "intermediate", "copy_count": 0, "description": "Guides property-based test design and invariant testing. Useful for turning audit hypotheses into fuzzable properties and strengthening Foundry/Echidna-style tests.", "id": 31, "languages": ["Solidity", "Python", "Rust"], "name": "property-based-testing", "raw_content": "Property-based testing workflow for deriving invariants, fuzz targets, generators, and failure-minimization strategies from code and specifications.", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Produces local test ideas and code. No network behavior required.", "short_description": "Designs property-based tests and invariants for security-critical behavior.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/plugins/property-based-testing", "slug": "tob-property-based-testing", "tags": ["property-based-testing", "invariants", "fuzzing", "echidna", "foundry"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Static Analysis", "complexity": "advanced", "copy_count": 7, "description": "Creates custom Semgrep rules targeting specific vulnerability patterns in smart contracts and general code. Generates YAML rules with test cases for CI/CD integration.", "id": 4, "languages": ["Solidity", "Python", "JavaScript"], "name": "semgrep-rule-creator", "raw_content": "---\nname: semgrep-rule-creator\ndescription: Create custom Semgrep rules for vulnerability detection\ntools: Read, Write\n---\n\nCreate production-quality Semgrep rules to detect specific security vulnerabilities or code patterns, with test cases.\n\n## Output Format\n\nGenerate valid YAML Semgrep rules with:\n- Clear pattern matching for the vulnerability\n- Fix suggestion where applicable\n- Test cases (ok: and error: examples)\n- Appropriate languages field\n- Severity and confidence metadata\n", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Creates YAML output files for Semgrep. No external network calls.", "short_description": "Generates custom Semgrep rules for vulnerability pattern detection.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/semgrep-rule-creator", "slug": "tob-semgrep-rule-creator", "tags": ["semgrep", "static-analysis", "solidity", "ci-cd"], "view_count": 22}, {"ai_platforms": ["claude", "cursor"], "category": "Code Review \u0026 Audit", "complexity": "advanced", "copy_count": 0, "description": "Checks whether implementation behavior matches protocol specifications, docs, NatSpec, and stated invariants. Good fit for audits where design docs and code can drift.", "id": 30, "languages": ["Solidity", "Rust", "Python"], "name": "spec-to-code-compliance", "raw_content": "Spec-to-code compliance workflow for detecting divergences between design documentation, NatSpec, invariants, and implementation behavior.", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Reads source and documentation to compare intended behavior against implementation.", "short_description": "Compares specs, docs, and NatSpec against implementation behavior.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/plugins/spec-to-code-compliance", "slug": "tob-spec-to-code-compliance", "tags": ["spec-compliance", "natspec", "invariants", "documentation", "implementation-drift"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "advanced", "copy_count": 28, "description": "Finds similar vulnerabilities across codebases using pattern-based analysis. Use when hunting bug variants after finding an initial issue, or for systematic security audits.", "id": 5, "languages": ["Solidity", "Python", "Rust"], "name": "variant-analysis", "raw_content": "---\nname: variant-analysis\ndescription: Find similar vulnerabilities across codebases using pattern-based analysis\ntools: Read, Grep, Glob, Bash\n---\n\nGiven a known vulnerability pattern or finding, systematically search for variants throughout the codebase.\n\n## Workflow\n\n1. Understand the root-cause pattern of the initial finding\n2. Abstract it into a generic vulnerability template\n3. Search for all code locations matching the pattern\n4. Evaluate each candidate for exploitability\n5. Report confirmed variants with severity and evidence\n", "repo": {"avatar_url": "https://github.com/trailofbits.png?size=64", "description": "The leading AI security skills marketplace. Comprehensive skill collection covering smart contract auditing, static analysis, malware analysis, and security research workflows.", "display_name": "Trail of Bits Skills", "forks": 258, "full_name": "trailofbits/skills", "github_url": "https://github.com/trailofbits/skills", "license": "CC-BY-SA-4.0", "stars": 3274}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Code analysis only, no write or network operations.", "short_description": "Hunts bug variants across a codebase after finding an initial vulnerability.", "skill_file_url": "https://github.com/trailofbits/skills/tree/main/variant-analysis", "slug": "tob-variant-analysis", "tags": ["bug-variants", "pattern-matching", "codeql", "semgrep", "audit"], "view_count": 35}, {"ai_platforms": ["claude"], "category": "Code Review \u0026 Audit", "complexity": "intermediate", "copy_count": 47, "description": "Fast security feedback on Solidity code changes \u2014 typically under 5 minutes. Best for dev-time checks before commits. Not a formal audit substitute. Modes: full repo, deep adversarial, specific files, or file-output report.", "id": 7, "languages": ["Solidity"], "name": "solidity-auditor", "raw_content": "---\nname: solidity-auditor\ndescription: Fast security feedback on Solidity changes\nusage: /solidity-auditor | /solidity-auditor deep | /solidity-auditor \u003cfile\u003e\n---\n\nProvide fast security feedback on Solidity code changes. This is the check you should never skip.\n\n## Modes\n\n- `/solidity-auditor` \u2014 Full repo scan (fast, \u003c5 min)\n- `/solidity-auditor deep` \u2014 Adversarial reasoning agent (slower, more thorough)\n- `/solidity-auditor src/Vault.sol` \u2014 Specific file(s)\n- `/solidity-auditor --file-output` \u2014 Write report to markdown\n\n## Strong At\n\nPattern matching: missing access controls, unchecked return values, known reentrancy shapes.\n\n## Known Limitations\n\nWorks best up to ~2,500 lines. Struggles with: multi-transaction state setups, specification/invariant bugs, cross-protocol composability, game-theory attacks.\n", "repo": {"avatar_url": "https://github.com/pashov.png?size=64", "description": "Fast (\u003c5 min) Solidity security feedback while you develop. Not a formal audit substitute \u2014 the security check you should never skip before committing.", "display_name": "Pashov Audit Group Skills", "forks": 22, "full_name": "pashov/skills", "github_url": "https://github.com/pashov/skills", "license": "MIT", "stars": 156}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Read access to Solidity files. Optional write for --file-output mode.", "short_description": "Fast (\u003c5 min) dev-time Solidity security check by Pashov Audit Group.", "skill_file_url": "https://github.com/pashov/skills", "slug": "pashov-solidity-auditor", "tags": ["solidity", "dev-time-security", "fast", "reentrancy", "access-control"], "view_count": 108}, {"ai_platforms": ["claude"], "category": "Audit Readiness", "complexity": "advanced", "copy_count": 0, "description": "Pre-audit protocol x-ray by Pashov Audit Group. V2 generates architecture, entry point, threat-model, test, git-history, and cross-linked invariant reports before a deep audit starts.", "id": 32, "languages": ["Solidity"], "name": "x-ray", "raw_content": "Generates an x-ray/ folder with architecture, entry-points, threat model, testing, git history, and a dedicated cross-linked invariants.md catalog for Solidity audit readiness.", "repo": {"avatar_url": "https://github.com/pashov.png?size=64", "description": "Fast (\u003c5 min) Solidity security feedback while you develop. Not a formal audit substitute \u2014 the security check you should never skip before committing.", "display_name": "Pashov Audit Group Skills", "forks": 22, "full_name": "pashov/skills", "github_url": "https://github.com/pashov/skills", "license": "MIT", "stars": 156}, "safety_label": "safe", "safety_risk_factors": ["Runs local build/test/coverage commands when available", "Performs a remote version check against GitHub"], "safety_summary": "Safe. Reads source, docs, and git history, runs local analysis commands, and writes local x-ray report files.", "short_description": "Pre-audit x-ray with cross-linked invariants, entry points, tests, and git risk.", "skill_file_url": "https://github.com/pashov/skills/tree/main/x-ray", "slug": "pashov-x-ray", "tags": ["audit-readiness", "x-ray", "entry-points", "invariants", "threat-model"], "view_count": 0}, {"ai_platforms": ["claude"], "category": "Bug Bounty \u0026 Triage", "complexity": "advanced", "copy_count": 0, "description": "Multi-target bug bounty orchestration skill for smart contracts, Web/API targets, triage, CVSS, and platform-specific report generation across HackerOne, Bugcrowd, Intigriti, and Immunefi.", "id": 40, "languages": ["Solidity", "Move", "Rust"], "name": "bountyforge", "raw_content": "All-round bug bounty orchestrator for Solidity/EVM, Move, Solana, TRON, Web/API testing, triage, CVSS, and platform-specific report generation.", "repo": {"avatar_url": "https://github.com/Gabson0x.png?size=64", "description": "All-round bug bounty orchestration skill covering smart contracts, Web/API security, triage, and submission-ready report generation.", "display_name": "BountyForge", "forks": 10, "full_name": "Gabson0x/bountyforge", "github_url": "https://github.com/Gabson0x/bountyforge", "license": null, "stars": 109}, "safety_label": "safe", "safety_risk_factors": ["Broad security testing skill; use only on authorized scopes", "Performs a remote version check against GitHub"], "safety_summary": "Safe for authorized security work. Reads local target files, can spawn parallel analysis agents, and can write a local report when requested.", "short_description": "Parallel bug bounty orchestration for smart contracts, Web/API, triage, and reports.", "skill_file_url": "https://github.com/Gabson0x/bountyforge/blob/main/SKILL.md", "slug": "gabson0x-bountyforge", "tags": ["bug-bounty", "multi-chain", "solidity", "move", "solana", "reporting"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Development Standards", "complexity": "beginner", "copy_count": 21, "description": "Production-grade Solidity development standards by Patrick Collins. Makes Claude more intelligent about smart contract sensitivity, testing thoroughness, and code quality. Development-focused (not audit-focused).", "id": 8, "languages": ["Solidity"], "name": "solskill", "raw_content": "Production-grade Solidity code writing standards from Cyfrin.", "repo": {"avatar_url": "https://github.com/Cyfrin.png?size=64", "description": "Production-grade Solidity development standards by Patrick Collins and Cyfrin. Makes Claude more intelligent about smart contract sensitivity, testing, and code quality.", "display_name": "Cyfrin Solskill", "forks": 16, "full_name": "Cyfrin/solskill", "github_url": "https://github.com/Cyfrin/solskill", "license": null, "stars": 96}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Development guidance only. No file operations beyond standard code generation.", "short_description": "Production Solidity dev standards by Patrick Collins / Cyfrin.", "skill_file_url": "https://github.com/Cyfrin/solskill", "slug": "cyfrin-solskill", "tags": ["solidity", "development", "standards", "quality", "cyfrin"], "view_count": 47}, {"ai_platforms": ["claude", "cursor"], "category": "Static Analysis", "complexity": "beginner", "copy_count": 0, "description": "Copy-paste grep arsenal for first-pass smart contract audit surface mapping. Covers access control, reentrancy, oracle use, arithmetic, token handling, proxies, signatures, and 2025 bug patterns.", "id": 37, "languages": ["Solidity"], "name": "web3-grep-arsenal", "raw_content": "Master grep arsenal for Web3 auditing: access control, reentrancy, oracle/price, arithmetic, input validation, token handling, ERC4626, proxies, signatures, and state completeness.", "repo": {"avatar_url": "https://github.com/shuvonsec.png?size=64", "description": "Web3 bug bounty skill set built around Immunefi-style hunting workflows, Foundry PoCs, triage gates, and real vulnerability case studies.", "display_name": "Web3 Bug Bounty AI Skills", "forks": 21, "full_name": "shuvonsec/web3-bug-bounty-hunting-ai-skills", "github_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills", "license": "MIT", "stars": 87}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Provides local grep command patterns for authorized code review.", "short_description": "First-pass grep blocks for access control, oracles, reentrancy, math, proxies, and signatures.", "skill_file_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills/tree/main/web3-grep-arsenal", "slug": "shuvonsec-web3-grep-arsenal", "tags": ["grep", "surface-map", "static-analysis", "solidity", "bug-patterns"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Bug Bounty \u0026 Triage", "complexity": "beginner", "copy_count": 0, "description": "Web3 bug bounty hunting foundation: target scoring, hunter mindset, protocol recon, crown jewels mapping, prior audit review, static analysis setup, and attack-surface checklist.", "id": 36, "languages": ["Solidity"], "name": "web3-hunt-foundation", "raw_content": "Hunter mindset, 10-point target scorecard, recon checklist, prior audit review, crown jewels mapping, and protocol-type attack-surface prompts for Web3 bug bounty work.", "repo": {"avatar_url": "https://github.com/shuvonsec.png?size=64", "description": "Web3 bug bounty skill set built around Immunefi-style hunting workflows, Foundry PoCs, triage gates, and real vulnerability case studies.", "display_name": "Web3 Bug Bounty AI Skills", "forks": 21, "full_name": "shuvonsec/web3-bug-bounty-hunting-ai-skills", "github_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills", "license": "MIT", "stars": 87}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Methodology and checklist content for evaluating bug bounty targets and scope.", "short_description": "Bug bounty target scoring, recon, crown jewels, and attack-surface setup.", "skill_file_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills/tree/main/web3-hunt-foundation", "slug": "shuvonsec-web3-hunt-foundation", "tags": ["bug-bounty", "recon", "target-scoring", "immunefi", "attack-surface"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Bug Bounty \u0026 Triage", "complexity": "intermediate", "copy_count": 0, "description": "Foundry PoC writing guide with fork-test templates, cheatcode reference, DeFi exploit reproduction patterns, and runnable report-ready proof formats.", "id": 38, "languages": ["Solidity"], "name": "web3-poc-foundry", "raw_content": "Foundry PoC guide covering fork tests, cheatcodes, exploit templates, DeFiHackLabs patterns, invariant tests, debugging commands, and report-ready output expectations.", "repo": {"avatar_url": "https://github.com/shuvonsec.png?size=64", "description": "Web3 bug bounty skill set built around Immunefi-style hunting workflows, Foundry PoCs, triage gates, and real vulnerability case studies.", "display_name": "Web3 Bug Bounty AI Skills", "forks": 21, "full_name": "shuvonsec/web3-bug-bounty-hunting-ai-skills", "github_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills", "license": "MIT", "stars": 87}, "safety_label": "safe", "safety_risk_factors": ["Exploit PoC guidance must be used only on authorized targets"], "safety_summary": "Safe for authorized testing. Provides local Foundry PoC templates and examples for reproducing vulnerabilities.", "short_description": "Foundry exploit PoC templates, cheatcodes, and DeFiHackLabs-style patterns.", "skill_file_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills/tree/main/web3-poc-foundry", "slug": "shuvonsec-web3-poc-foundry", "tags": ["foundry", "poc", "fork-test", "defihacklabs", "immunefi"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Bug Bounty \u0026 Triage", "complexity": "beginner", "copy_count": 0, "description": "Bug triage and report-writing skill with a 7-question validity gate, severity matrix, Immunefi report template, rejection reasons, and paid bounty case studies.", "id": 39, "languages": ["Solidity", "Rust", "Cairo"], "name": "web3-triage-report", "raw_content": "Triage system with seven validation gates, severity downgrade triggers, report template, PoC requirements, common rejection reasons, and real paid-bounty examples.", "repo": {"avatar_url": "https://github.com/shuvonsec.png?size=64", "description": "Web3 bug bounty skill set built around Immunefi-style hunting workflows, Foundry PoCs, triage gates, and real vulnerability case studies.", "display_name": "Web3 Bug Bounty AI Skills", "forks": 21, "full_name": "shuvonsec/web3-bug-bounty-hunting-ai-skills", "github_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills", "license": "MIT", "stars": 87}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Report validation and writing guidance; no code execution required.", "short_description": "Validity gates, severity calibration, and Immunefi-style report templates.", "skill_file_url": "https://github.com/shuvonsec/web3-bug-bounty-hunting-ai-skills/tree/main/web3-triage-report", "slug": "shuvonsec-web3-triage-report", "tags": ["triage", "report-writing", "severity", "immunefi", "case-studies"], "view_count": 0}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "advanced", "copy_count": 19, "description": "Four-phase Solidity vulnerability scanner using 36 vulnerability classes. Phase 1: Load CHEATSHEET.md with keywords. Phase 2: Full codebase sweep. Phase 3: Deep validation per finding against reference files. Phase 4: Structured report with severity and fixes.", "id": 9, "languages": ["Solidity"], "name": "scv", "raw_content": "---\nname: scv\ndescription: 4-phase Solidity vulnerability scanner with 36 vulnerability classes\n---\n\n## Phase 1: Load Cheatsheet\nRead CHEATSHEET.md \u2014 36 vulnerability classes, grep keywords, detection heuristics.\n\n## Phase 2: Codebase Sweep\nSyntactic grep across all Solidity files + semantic read for logic bugs.\n\n## Phase 3: Deep Validation\nFor each candidate finding, load the full reference file (reentrancy.md, overflow.md, etc.) to validate with detection heuristics and false-positive conditions.\n\n## Phase 4: Report\nOutput structured findings with: severity, code snippets, fix recommendations.\n\n## Vulnerability Classes Covered\nReentrancy, overflow/underflow, delegatecall, signature replay, oracle manipulation, flash loan attacks, front-running, access control, DoS, and 27 more.\n", "repo": {"avatar_url": "https://github.com/kadenzipfel.png?size=64", "description": "Solidity vulnerability scanner referencing 36 unique vulnerability types. Four-phase audit workflow: Load Cheatsheet \u2192 Sweep \u2192 Deep Validate \u2192 Report.", "display_name": "SCV Scan", "forks": 8, "full_name": "kadenzipfel/scv-scan", "github_url": "https://github.com/kadenzipfel/scv-scan", "license": null, "stars": 77}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Reads contract files and reference documents. Writes report output.", "short_description": "4-phase Solidity scanner covering 36 vulnerability classes with deep reference files.", "skill_file_url": "https://github.com/kadenzipfel/scv-scan", "slug": "kadenzipfel-scv", "tags": ["solidity", "vulnerability-scanner", "36-vuln-classes", "systematic", "reentrancy", "overflow"], "view_count": 35}, {"ai_platforms": ["claude", "github-copilot", "gemini", "codex"], "category": "Infrastructure Security", "complexity": "intermediate", "copy_count": 7, "description": "Infrastructure security audit framework for IaC, Docker, Kubernetes, and cloud configurations. Not smart-contract-specific but useful for auditing DeFi protocol infrastructure.", "id": 11, "languages": ["YAML", "Terraform", "Shell"], "name": "infrastructure-security-audit", "raw_content": "Infrastructure security audit framework for IaC, Docker, Kubernetes, and cloud configs.", "repo": {"avatar_url": "https://github.com/forefy.png?size=64", "description": "Multi-agent AI skills for smart contract auditing. Generates triaged, industry-grade report findings with attack story flow graphs and PoC scenarios. Compatible with Claude, Cursor, Gemini CLI, and Codex.", "display_name": "Forefy .context", "forks": 13, "full_name": "forefy/.context", "github_url": "https://github.com/forefy/.context", "license": "MIT", "stars": 70}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Configuration file analysis only.", "short_description": "Infrastructure security audit for Docker, K8s, cloud configs and IaC.", "skill_file_url": "https://github.com/forefy/.context", "slug": "forefy-infrastructure-security-audit", "tags": ["infrastructure", "docker", "kubernetes", "iac", "cloud"], "view_count": 24}, {"ai_platforms": ["claude", "github-copilot", "gemini", "codex"], "category": "Code Review \u0026 Audit", "complexity": "advanced", "copy_count": 19, "description": "Full smart contract audit framework with multi-expert AI analysis. Supports Solidity, Anchor (Solana), and Vyper. Generates triaged findings with attacker story flow graphs, PoC scenarios, and industry-grade report format. Compatible with Claude, GitHub Copilot, Gemini CLI, and Codex.", "id": 10, "languages": ["Solidity", "Solana/Anchor", "Vyper"], "name": "smart-contract-security-audit", "raw_content": "Full smart contract audit framework \u2014 multi-expert analysis for Solidity, Anchor, and Vyper with triaged industry-grade reports.", "repo": {"avatar_url": "https://github.com/forefy.png?size=64", "description": "Multi-agent AI skills for smart contract auditing. Generates triaged, industry-grade report findings with attack story flow graphs and PoC scenarios. Compatible with Claude, Cursor, Gemini CLI, and Codex.", "display_name": "Forefy .context", "forks": 13, "full_name": "forefy/.context", "github_url": "https://github.com/forefy/.context", "license": "MIT", "stars": 70}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Read access for contract analysis. Write access only for local report files.", "short_description": "Multi-platform SC audit skill generating triaged reports with PoC story flow graphs.", "skill_file_url": "https://github.com/forefy/.context", "slug": "forefy-smart-contract-security-audit", "tags": ["solidity", "anchor", "vyper", "multi-platform", "poc", "report", "triaged"], "view_count": 64}, {"ai_platforms": ["claude", "cursor"], "category": "Code Review \u0026 Audit", "complexity": "advanced", "copy_count": 8, "description": "Comprehensive audit methodology using behavioral intent extraction, multi-dimensional threat modeling (economic, access control, state integrity), and Bayesian confidence scoring. Generates PoC exploits and covers OWASP Smart Contract Top 10.", "id": 12, "languages": ["Solidity"], "name": "behavioral-state-analysis", "raw_content": "Behavioral intent extraction, multi-dimensional threat modeling, adversarial simulation with PoC generation, Bayesian confidence scoring across OWASP Smart Contract Top 10.", "repo": {"avatar_url": "https://github.com/quillai-network.png?size=64", "description": "10 specialized AI skills covering OWASP Smart Contract Top 10. Uses semantic behavioral analysis, mathematical invariant detection, and Bayesian confidence scoring.", "display_name": "QuillAI Network Skills", "forks": 7, "full_name": "quillai-network/qs_skills", "github_url": "https://github.com/quillai-network/qs_skills", "license": "MIT", "stars": 62}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Extensive read-only analysis. Uses structured reasoning patterns.", "short_description": "Full-spectrum audit with behavioral decomposition, threat modeling, and Bayesian scoring.", "skill_file_url": "https://github.com/quillai-network/qs_skills", "slug": "quill-behavioral-state-analysis", "tags": ["owasp", "threat-modeling", "behavioral-analysis", "bayesian", "poc", "defi"], "view_count": 32}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "intermediate", "copy_count": 4, "description": "Detects DoS and griefing vulnerabilities: unbounded loops, gas limit exhaustion, external call failure DoS, 63/64 gas griefing, storage bloat, timestamp griefing, and self-destruct force-feeding.", "id": 17, "languages": ["Solidity"], "name": "dos-griefing-analysis", "raw_content": "Detects unbounded loops, gas limit DoS, external call failure DoS, 63/64 gas griefing, storage bloat, timestamp griefing, self-destruct force-feeding.", "repo": {"avatar_url": "https://github.com/quillai-network.png?size=64", "description": "10 specialized AI skills covering OWASP Smart Contract Top 10. Uses semantic behavioral analysis, mathematical invariant detection, and Bayesian confidence scoring.", "display_name": "QuillAI Network Skills", "forks": 7, "full_name": "quillai-network/qs_skills", "github_url": "https://github.com/quillai-network/qs_skills", "license": "MIT", "stars": 62}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "DoS and griefing detection including gas griefing, storage bloat, and self-destruct attacks.", "skill_file_url": "https://github.com/quillai-network/qs_skills", "slug": "quill-dos-griefing-analysis", "tags": ["dos", "griefing", "gas-griefing", "unbounded-loops", "self-destruct"], "view_count": 15}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "advanced", "copy_count": 14, "description": "Detects price oracle manipulation and flash loan attack vectors. Classifies oracle trust models (Chainlink, TWAP, spot price), stale prices, circular dependencies, and flash loan atomicity exploitation.", "id": 14, "languages": ["Solidity"], "name": "oracle-flashloan-analysis", "raw_content": "Detects price oracle manipulation and flash loan vectors. Covers Chainlink, TWAP, spot price trust models, stale data, circular deps, and flash loan atomicity.", "repo": {"avatar_url": "https://github.com/quillai-network.png?size=64", "description": "10 specialized AI skills covering OWASP Smart Contract Top 10. Uses semantic behavioral analysis, mathematical invariant detection, and Bayesian confidence scoring.", "display_name": "QuillAI Network Skills", "forks": 7, "full_name": "quillai-network/qs_skills", "github_url": "https://github.com/quillai-network/qs_skills", "license": "MIT", "stars": 62}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Analysis only.", "short_description": "Oracle manipulation and flash loan attack detection with oracle trust model classification.", "skill_file_url": "https://github.com/quillai-network/qs_skills", "slug": "quill-oracle-flashloan-analysis", "tags": ["oracle", "flash-loan", "chainlink", "twap", "price-manipulation", "defi"], "view_count": 19}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "advanced", "copy_count": 6, "description": "Detects vulnerabilities in upgradeable proxy architectures: storage layout collisions, uninitialized implementations, function selector clashing. Covers Transparent, UUPS, Beacon, Diamond (EIP-2535), and Minimal proxy.", "id": 15, "languages": ["Solidity"], "name": "proxy-upgrade-safety", "raw_content": "Detects storage layout collisions, uninitialized proxy implementations, function selector clashing in Transparent, UUPS, Beacon, Diamond/EIP-2535, and Minimal proxy patterns.", "repo": {"avatar_url": "https://github.com/quillai-network.png?size=64", "description": "10 specialized AI skills covering OWASP Smart Contract Top 10. Uses semantic behavioral analysis, mathematical invariant detection, and Bayesian confidence scoring.", "display_name": "QuillAI Network Skills", "forks": 7, "full_name": "quillai-network/qs_skills", "github_url": "https://github.com/quillai-network/qs_skills", "license": "MIT", "stars": 62}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Proxy upgrade safety: storage collisions, selector clashing, uninitialized implementations.", "skill_file_url": "https://github.com/quillai-network/qs_skills", "slug": "quill-proxy-upgrade-safety", "tags": ["proxy", "upgradeable", "uups", "transparent-proxy", "diamond", "eip-2535", "storage-collision"], "view_count": 10}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "intermediate", "copy_count": 4, "description": "Detects all reentrancy variants: classic, cross-function, cross-contract, read-only, and ERC-777/ERC-1155 callback reentrancy. Builds call graphs and verifies CEI pattern compliance.", "id": 13, "languages": ["Solidity"], "name": "reentrancy-pattern-analysis", "raw_content": "Detects classic, cross-function, cross-contract, read-only, and ERC-777/ERC-1155 callback reentrancy. Builds call graphs and verifies CEI pattern compliance.", "repo": {"avatar_url": "https://github.com/quillai-network.png?size=64", "description": "10 specialized AI skills covering OWASP Smart Contract Top 10. Uses semantic behavioral analysis, mathematical invariant detection, and Bayesian confidence scoring.", "display_name": "QuillAI Network Skills", "forks": 7, "full_name": "quillai-network/qs_skills", "github_url": "https://github.com/quillai-network/qs_skills", "license": "MIT", "stars": 62}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Analysis only.", "short_description": "Full reentrancy variant detection including cross-contract and ERC-777/ERC-1155 callbacks.", "skill_file_url": "https://github.com/quillai-network/qs_skills", "slug": "quill-reentrancy-pattern-analysis", "tags": ["reentrancy", "cross-function", "cross-contract", "erc777", "erc1155", "cei-pattern"], "view_count": 10}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "intermediate", "copy_count": 10, "description": "Detects 5 signature replay attack types: same-chain, cross-chain, cross-contract, nonce-skip, and expired signature replay. Validates EIP-712 domain, ecrecover safety, and permit/permit2 patterns.", "id": 16, "languages": ["Solidity"], "name": "signature-replay-analysis", "raw_content": "Detects same-chain, cross-chain, cross-contract, nonce-skip, and expired signature replays. Validates EIP-712 domain, ecrecover safety, permit/permit2.", "repo": {"avatar_url": "https://github.com/quillai-network.png?size=64", "description": "10 specialized AI skills covering OWASP Smart Contract Top 10. Uses semantic behavioral analysis, mathematical invariant detection, and Bayesian confidence scoring.", "display_name": "QuillAI Network Skills", "forks": 7, "full_name": "quillai-network/qs_skills", "github_url": "https://github.com/quillai-network/qs_skills", "license": "MIT", "stars": 62}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Detects all 5 signature replay variants including cross-chain and EIP-712 issues.", "skill_file_url": "https://github.com/quillai-network/qs_skills", "slug": "quill-signature-replay-analysis", "tags": ["signature-replay", "eip-712", "ecrecover", "permit", "permit2", "cross-chain"], "view_count": 9}, {"ai_platforms": ["claude", "cursor"], "category": "Vulnerability Detection", "complexity": "advanced", "copy_count": 5, "description": "Infers mathematical relationships between state variables (sum, conservation, ratio, monotonic, synchronization) then finds functions that violate them. Detects broken tokenomics and accounting desynchronization.", "id": 18, "languages": ["Solidity"], "name": "state-invariant-detection", "raw_content": "Infers sum/conservation/ratio/monotonic/synchronization invariants between state variables. Finds functions that violate them \u2014 detects supply/balance mismatches, broken tokenomics.", "repo": {"avatar_url": "https://github.com/quillai-network.png?size=64", "description": "10 specialized AI skills covering OWASP Smart Contract Top 10. Uses semantic behavioral analysis, mathematical invariant detection, and Bayesian confidence scoring.", "display_name": "QuillAI Network Skills", "forks": 7, "full_name": "quillai-network/qs_skills", "github_url": "https://github.com/quillai-network/qs_skills", "license": "MIT", "stars": 62}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Mathematical invariant inference \u2014 finds functions that break them.", "skill_file_url": "https://github.com/quillai-network/qs_skills", "slug": "quill-state-invariant-detection", "tags": ["invariants", "mathematical", "tokenomics", "accounting", "defi"], "view_count": 15}, {"ai_platforms": ["claude", "codex"], "category": "Code Review \u0026 Audit", "complexity": "advanced", "copy_count": 10, "description": "Interactive Map-Hunt-Attack audit workflow with MCP tool integration (Slither, Aderyn, Cyfrin checklist, Solodit search). Requires Solodit API key. Available for Claude Code and Codex CLI.", "id": 19, "languages": ["Solidity"], "name": "security-auditor", "raw_content": "SETUP \u2192 MAP \u2192 HUNT \u2192 ATTACK workflow. Integrates Slither and Aderyn static analysis, Cyfrin checklist, and Solodit findings search via MCP tools.", "repo": {"avatar_url": "https://github.com/Archethect.png?size=64", "description": "MCP server + Claude Code skill integrating Slither, Aderyn, Cyfrin checklist, and Solodit search. Map-Hunt-Attack structured audit methodology.", "display_name": "Archethect SC Auditor", "forks": 9, "full_name": "Archethect/sc-auditor", "github_url": "https://github.com/Archethect/sc-auditor", "license": "All rights reserved", "stars": 47}, "safety_label": "safe", "safety_risk_factors": ["Requires external API key (Solodit) \u2014 review API terms before use"], "safety_summary": "Safe. MCP server requires Solodit API key. All network calls go to Solodit API and local tools (Slither, Aderyn).", "short_description": "Map-Hunt-Attack workflow with Slither, Aderyn, and Solodit MCP integration.", "skill_file_url": "https://github.com/Archethect/sc-auditor", "slug": "archethect-security-auditor", "tags": ["mcp", "slither", "aderyn", "solodit", "map-hunt-attack", "static-analysis"], "view_count": 31}, {"ai_platforms": ["claude"], "category": "Audit Readiness", "complexity": "intermediate", "copy_count": 0, "description": "Solidity audit preparation pipeline. Scores coverage, test quality, NatSpec docs, code hygiene, dependency health, best practices, deployment readiness, and project documentation.", "id": 34, "languages": ["Solidity", "JavaScript", "TypeScript"], "name": "audit-prep", "raw_content": "Solidity audit preparation orchestrator that creates a scored readiness report across coverage, quality, docs, hygiene, dependencies, best practices, deployment, and project context.", "repo": {"avatar_url": "https://github.com/CDSecurity.png?size=64", "description": "Audit-preparation skills for Solidity and Solana/Rust projects. Scores test coverage, docs, hygiene, dependencies, deployment readiness, and optional scanner usage.", "display_name": "CD Security Skills", "forks": 5, "full_name": "CDSecurity/cdsecurity-skills", "github_url": "https://github.com/CDSecurity/cdsecurity-skills", "license": "MIT", "stars": 33}, "safety_label": "safe", "safety_risk_factors": ["Optional --fix mode can edit source files", "Can clone a user-provided GitHub repo into a temp directory"], "safety_summary": "Safe by default. Reads project files, runs local checks, and can optionally write reports or apply fixes when flags are explicitly used.", "short_description": "Solidity audit readiness scorecard across tests, docs, hygiene, deps, and deploy prep.", "skill_file_url": "https://github.com/CDSecurity/cdsecurity-skills/tree/main/audit-prep", "slug": "cdsecurity-audit-prep", "tags": ["audit-readiness", "solidity", "coverage", "natspec", "dependencies"], "view_count": 0}, {"ai_platforms": ["claude"], "category": "Audit Readiness", "complexity": "intermediate", "copy_count": 0, "description": "Solana/Rust audit preparation skill for Anchor and native solana_program projects. Reviews tests, Rust docs, code hygiene, dependency health, compute-unit hints, and best practices.", "id": 35, "languages": ["Rust", "Solana/Anchor"], "name": "rust-audit-prep", "raw_content": "Solana/Rust audit preparation workflow for Anchor and native programs covering tests, docs, hygiene, dependencies, best practices, and optional scanner results.", "repo": {"avatar_url": "https://github.com/CDSecurity.png?size=64", "description": "Audit-preparation skills for Solidity and Solana/Rust projects. Scores test coverage, docs, hygiene, dependencies, deployment readiness, and optional scanner usage.", "display_name": "CD Security Skills", "forks": 5, "full_name": "CDSecurity/cdsecurity-skills", "github_url": "https://github.com/CDSecurity/cdsecurity-skills", "license": "MIT", "stars": 33}, "safety_label": "safe", "safety_risk_factors": ["Optional --fix mode can edit source files", "Can clone a user-provided GitHub repo into a temp directory"], "safety_summary": "Safe by default. Reads project files and can optionally write reports or apply small prep fixes when flags are explicitly used.", "short_description": "Solana/Rust audit readiness for Anchor and native SBF programs.", "skill_file_url": "https://github.com/CDSecurity/cdsecurity-skills/tree/main/rust-audit-prep", "slug": "cdsecurity-rust-audit-prep", "tags": ["solana", "rust", "anchor", "audit-readiness", "sbf"], "view_count": 0}, {"ai_platforms": ["claude", "codex"], "category": "Bug Bounty \u0026 Triage", "complexity": "intermediate", "copy_count": 7, "description": "Bug bounty triage workflow for the HackenProof platform. Handles scope validation, PoC verification, duplicate detection, and severity classification via 4 mandatory pre-validation gates.", "id": 20, "languages": ["Solidity"], "name": "hackenproof-triage-marketplace", "raw_content": "4-gate pre-validation: commit match, scope match, duplicate check, PoC presence. Then severity classification, state transitions, and comment generation for HackenProof reports.", "repo": {"avatar_url": "https://github.com/hackenproof-public.png?size=64", "description": "Bug bounty triage skill for the HackenProof platform. Handles scope validation, PoC verification, duplicate detection, and severity classification workflows.", "display_name": "HackenProof Skills", "forks": 0, "full_name": "hackenproof-public/skills", "github_url": "https://github.com/hackenproof-public/skills", "license": null, "stars": 7}, "safety_label": "safe", "safety_risk_factors": ["HackenProof-platform-specific \u2014 requires active account and program access"], "safety_summary": "Safe. Platform-specific workflow skill. API calls go only to HackenProof platform.", "short_description": "HackenProof bug bounty triage: scope validation, duplicate check, severity classification.", "skill_file_url": "https://github.com/hackenproof-public/skills", "slug": "hackenproof-triage", "tags": ["bug-bounty", "triage", "hackenproof", "scope-validation", "poc-verification"], "view_count": 22}, {"ai_platforms": ["claude", "cursor"], "category": "Static Analysis", "complexity": "intermediate", "copy_count": 0, "description": "Writes Glider queries for Solidity smart contract security analysis. Covers correct entry point selection, bounded execution, labeling/classification workflows, and common API pitfalls.", "id": 33, "languages": ["Solidity", "Python"], "name": "glider-query-writing", "raw_content": "Glider query writing guide: choose Contracts/Functions/Instructions entry points, use bounded exec(limit), return valid objects, and load API references on demand.", "repo": {"avatar_url": "https://github.com/Hexens.png?size=64", "description": "Glider query writing skill for Solidity smart contract security analysis. Helps write correct, bounded Glider queries for vulnerability pattern detection and labeling.", "display_name": "Hexens Glider Skills", "forks": 0, "full_name": "Hexens/glider-skills", "github_url": "https://github.com/Hexens/glider-skills", "license": null, "stars": 1}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe. Generates Glider query code and recommends bounded query execution.", "short_description": "Writes bounded Glider queries for Solidity vulnerability pattern detection.", "skill_file_url": "https://github.com/Hexens/glider-skills/tree/main/skills/glider-query-writing", "slug": "hexens-glider-query-writing", "tags": ["glider", "static-analysis", "solidity", "query-writing", "pattern-detection"], "view_count": 0}, {"ai_platforms": ["claude"], "category": "DeFi Protocol Security", "complexity": "advanced", "copy_count": 5, "description": "Deep-dive audit skill for lending protocol vulnerabilities. Covers interest rate manipulation, collateral management flaws, liquidation logic errors, and economic exploits in Aave/Compound-style protocols.", "id": 21, "languages": ["Solidity"], "name": "audit-lending", "raw_content": "Lending protocol security audit \u2014 interest rate manipulation, collateral management, liquidation logic, economic exploits.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Lending protocol security: interest rate manipulation, collateral management, liquidation logic.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-lending", "tags": ["defi", "lending", "aave", "compound", "collateral", "interest-rate"], "view_count": 13}, {"ai_platforms": ["claude"], "category": "DeFi Protocol Security", "complexity": "advanced", "copy_count": 4, "description": "Liquidation mechanism security audit. Covers economic exploits, incentive misalignment, MEV extraction during liquidation events, and liquidation price manipulation.", "id": 22, "languages": ["Solidity"], "name": "audit-liquidation", "raw_content": "Liquidation mechanism security: economic exploits, incentive misalignment, MEV extraction.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Liquidation mechanism security: economic exploits, MEV extraction, incentive misalignment.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-liquidation", "tags": ["defi", "liquidation", "mev", "incentives", "aave"], "view_count": 6}, {"ai_platforms": ["claude"], "category": "Vulnerability Detection", "complexity": "intermediate", "copy_count": 5, "description": "Arithmetic security audit for Solidity. Detects precision loss, rounding exploitation, ERC4626 inflation attacks, unsafe type casting, and Solidity 0.8+ unchecked block risks.", "id": 26, "languages": ["Solidity"], "name": "audit-math-precision", "raw_content": "Arithmetic security: precision loss, rounding exploitation, ERC4626 inflation attacks, unsafe casting, unchecked blocks.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Arithmetic security: precision loss, rounding exploitation, ERC4626 inflation attacks.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-math-precision", "tags": ["arithmetic", "precision", "rounding", "erc4626", "overflow", "casting"], "view_count": 7}, {"ai_platforms": ["claude"], "category": "DeFi Protocol Security", "complexity": "intermediate", "copy_count": 6, "description": "Price feed manipulation and oracle dependency security audit. Detects stale data vulnerabilities, single-source oracle risk, and oracle dependency attack chains in DeFi protocols.", "id": 23, "languages": ["Solidity"], "name": "audit-oracle", "raw_content": "Oracle security audit \u2014 price feed manipulation, stale data vulnerabilities, oracle dependency attack chains.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Oracle security: price manipulation, stale data, single-source risks.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-oracle", "tags": ["oracle", "price-feed", "stale-data", "chainlink", "defi"], "view_count": 7}, {"ai_platforms": ["claude"], "category": "Vulnerability Detection", "complexity": "intermediate", "copy_count": 5, "description": "Comprehensive reentrancy vulnerability audit covering classic, cross-function, and external call pattern analysis. Checks CEI compliance and generates targeted fix recommendations.", "id": 24, "languages": ["Solidity"], "name": "audit-reentrancy", "raw_content": "Reentrancy vulnerability audit \u2014 classic, cross-function, external call patterns, CEI compliance checks.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Reentrancy audit: classic, cross-function, external call patterns, CEI compliance.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-reentrancy", "tags": ["reentrancy", "cross-function", "external-calls", "cei", "checks-effects-interactions"], "view_count": 5}, {"ai_platforms": ["claude"], "category": "Vulnerability Detection", "complexity": "intermediate", "copy_count": 6, "description": "EIP-712 and signature security audit. Detects ecrecover misuse, missing nonce/deadline validation, signature malleability, and cross-chain replay vulnerabilities.", "id": 27, "languages": ["Solidity"], "name": "audit-signature", "raw_content": "Signature security audit \u2014 EIP-712 vulnerabilities, ecrecover misuse, replay attacks, signature malleability.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Signature security: EIP-712, ecrecover misuse, replay attacks, malleability.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-signature", "tags": ["signature", "eip-712", "ecrecover", "replay", "malleability", "nonce"], "view_count": 7}, {"ai_platforms": ["claude"], "category": "DeFi Protocol Security", "complexity": "intermediate", "copy_count": 6, "description": "DEX slippage protection and MEV vulnerability audit. Detects sandwich attacks, missing slippage parameters, deadline validation issues, and protocol-specific integration risks.", "id": 25, "languages": ["Solidity"], "name": "audit-slippage", "raw_content": "DEX slippage protection audit \u2014 sandwich attacks, MEV vulnerabilities, missing slippage params, deadline validation.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "DEX slippage: sandwich attacks, missing params, deadline validation, MEV.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-slippage", "tags": ["dex", "slippage", "sandwich-attack", "mev", "uniswap", "defi"], "view_count": 9}, {"ai_platforms": ["claude"], "category": "DeFi Protocol Security", "complexity": "intermediate", "copy_count": 13, "description": "Staking contract security audit. Covers reward distribution bugs, slashing mechanism vulnerabilities, reward token manipulation, and economic exploits in staking protocols.", "id": 28, "languages": ["Solidity"], "name": "audit-staking", "raw_content": "Staking contract security \u2014 reward distribution bugs, slashing mechanisms, reward token manipulation.", "repo": {"avatar_url": "https://github.com/auditmos.png?size=64", "description": "14 specialized DeFi protocol security audit skills for Claude. Deepest DeFi coverage available: 3 liquidation skills, CLM, staking, oracle, reentrancy, and more.", "display_name": "Auditmos Skills", "forks": 0, "full_name": "auditmos/skills", "github_url": "https://github.com/auditmos/skills", "license": "MIT", "stars": 0}, "safety_label": "safe", "safety_risk_factors": [], "safety_summary": "Safe.", "short_description": "Staking security: reward distribution, slashing, reward token manipulation.", "skill_file_url": "https://github.com/auditmos/skills", "slug": "auditmos-audit-staking", "tags": ["staking", "rewards", "slashing", "defi", "yield"], "view_count": 26}]