cosmos-vulnerability-scanner

by trailofbits

cosmos-vulnerability-scanner finds consensus-critical bugs in Cosmos SDK modules, CosmWasm contracts, IBC integrations, and Cosmos EVM stacks. Use this cosmos-vulnerability-scanner guide for security audit workflows, chain-halt risks, fund-loss paths, and pre-launch reviews.

Stars4.9k

Favorites0

Comments0

AddedApr 30, 2026

CategorySecurity Audit

Install Command

npx skills add trailofbits/skills --skill cosmos-vulnerability-scanner

Curation Score

This skill scores 83/100, which means it is a solid directory listing for users auditing Cosmos SDK, CosmWasm, IBC, and Cosmos EVM code. The repository gives enough workflow detail, pattern coverage, and usage boundaries that an agent can trigger it with far less guesswork than a generic prompt, though install users should still expect some manual interpretation of findings.

83/100

Strengths

Strong triggerability and scope clarity: the frontmatter and When to Use / When NOT to Use sections explicitly target Cosmos SDK modules, CosmWasm contracts, IBC integrations, and chain-halt / fund-loss investigations.
Good operational depth: the skill body is long, has multiple headings, code fences, repo/file references, and a defined output directory workflow that supports an agentic scan-and-write process.
Broad reusable leverage: resources cover Cosmos, IBC, EVM, CosmWasm, state, and advanced vulnerability patterns, giving the agent concrete detection patterns instead of a generic audit prompt.

Cautions

No install command or scripts are provided, so users may need to wire the skill into their own agent workflow manually.
The skill is pattern-heavy and resource-backed but appears to rely on the agent’s interpretation rather than executable automation, so results may vary by target repo quality and audit context.

Security Cosmos Cosmwasm Ibc Blockchain Go Rust

Overview

Overview of cosmos-vulnerability-scanner skill

What cosmos-vulnerability-scanner does

The cosmos-vulnerability-scanner skill is built for finding consensus-critical bugs in Cosmos SDK code, CosmWasm contracts, IBC integrations, and Cosmos EVM stacks. It focuses on issues that can halt a chain, break consensus, desync state, or lose funds—not generic code smells. If you are doing a cosmos-vulnerability-scanner for Security Audit workflow, this is the right fit when the question is “can this chain be exploited or bricked?” rather than “is the code clean?”

Who should install it

Use the cosmos-vulnerability-scanner skill if you audit custom x/ modules, bridge or IBC logic, pre-launch app chains, or CosmWasm contracts with meaningful on-chain value. It is especially useful when your team needs a structured pass across multiple vulnerability classes instead of ad hoc prompt-based review. It is less useful for pure Solidity audits, generic Go review, or chain components outside the application layer.

What makes it different

The skill is not just a checklist; it organizes scans by vulnerability category and produces separate markdown findings. That matters because Cosmos bugs often span several surfaces at once: state bookkeeping, IBC packet handling, module authority, and EVM/Cosmos atomicity. The supporting resources/ files give you concrete pattern families, which is more actionable than a broad “review for bugs” prompt.

How to Use cosmos-vulnerability-scanner skill

Install and point it at the right repo

For cosmos-vulnerability-scanner install, add the skill to your agent workspace with the standard skills command used by your environment, then open the skill file and the linked support docs before scanning a target repo. In practice, the skill works best when you tell it exactly what codebase to analyze and where you want output written. The default output directory is .bughunt_cosmos/, but you should override it if your workflow expects another location.

Give the skill the right input shape

A strong cosmos-vulnerability-scanner usage prompt includes: the repo path, the chain type, the app’s purpose, and any known hotspots. For example: “Scan this Cosmos SDK app chain for consensus-critical issues in custom modules, IBC handlers, and module-account logic. Focus on pre-blockers, msg servers, keeper writes, and any code that can affect supply, consensus, or cross-chain transfers.” That is much better than “review this repo,” because it steers the scanner toward the code paths that matter.

Read these files first

Start with SKILL.md, then read CHANGELOG.md for scope changes, and the relevant pattern files in resources/: DISCOVERY.md, VULNERABILITY_PATTERNS.md, STATE_VULNERABILITY_PATTERNS.md, IBC_VULNERABILITY_PATTERNS.md, EVM_VULNERABILITY_PATTERNS.md, and COSMWASM_VULNERABILITY_PATTERNS.md. If the target is a Cosmos EVM chain, read the EVM file first; if it is contract-heavy, prioritize the CosmWasm file. These files tell you what the skill actually checks, which avoids missing entire bug classes.

Use a practical audit workflow

First, classify the chain: pure Cosmos SDK, IBC-enabled, CosmWasm, or Cosmos EVM. Next, inventory custom modules, ABCI hooks, keepers, and message servers, because those define the attack surface. Then run the skill on the highest-risk paths first: state mutation, authority checks, packet receive/acknowledgement handlers, and anything touching bank, staking, authz, or module accounts. This gives better results than scanning files in repository order.

cosmos-vulnerability-scanner skill FAQ

Is this only for full-chain audits?

No. The cosmos-vulnerability-scanner skill is useful for partial reviews too, such as one custom module, one IBC middleware stack, or one CosmWasm contract package. The key is that the code must influence consensus state, token movement, or cross-chain behavior. If your review target is not on that path, the skill is probably the wrong tool.

How does it compare with a normal prompt?

A normal prompt can ask for a security review, but cosmos-vulnerability-scanner gives you a domain-specific structure, pattern library, and output discipline. That reduces the chance of missing Cosmos-specific failure modes like packet trust mistakes, module-account abuse, or EVM/Cosmos state desync. It is a better fit when you want repeatable cosmos-vulnerability-scanner guide behavior instead of a one-off opinion.

Is it beginner-friendly?

Yes, if you can identify the chain type and the files that define state transitions. The skill is more valuable when the user provides a little context up front: SDK version, IBC stack, whether there is an EVM runtime, and whether the target is a launch review or a live incident. Beginners usually struggle when they omit this context and expect the scanner to infer the audit boundary.

When should I not use it?

Do not use cosmos-vulnerability-scanner for pure EVM/Solidity projects, generic Rust contracts without wasmd, or code that is clearly outside consensus impact. It is also a poor fit for documentation-only work or frontend/client code. If your goal is usability testing rather than security analysis, use a different workflow.

How to Improve cosmos-vulnerability-scanner skill

Provide chain context, not just code

The best results come when you tell the skill what the chain does: DEX, staking, bridge, lending, or general-purpose app chain. Add the SDK version, ibc-go version, and whether the code uses x/evm, wasmd, or ICA middleware. This helps the scanner prioritize the right vulnerability families instead of spending time on irrelevant ones.

Name the risky paths explicitly

If you already suspect a bug, say where to look: keeper/msg_server.go, app.go, ante.go, IBC OnRecvPacket handlers, module account logic, or any custom BeginBlocker/EndBlocker. Strong inputs beat broad ones because they force the skill to inspect the mutation points where Cosmos incidents usually originate. If you know a feature area, mention it directly.

Iterate from findings to narrower prompts

After the first pass, take the highest-risk finding and rerun the skill with a tighter question. For example, ask it to re-check one module for invariant breaks, or one IBC path for channel trust and packet replay issues. This is the fastest way to improve precision in cosmos-vulnerability-scanner usage without drowning in duplicate output.

Watch for common miss cases

The most common failure mode is under-describing state transitions: code may look harmless until it touches mint/burn authority, escrow, cross-chain callbacks, or precompile boundaries. Another miss case is assuming non-consensus code is safe simply because it is not a handler; a module helper can still be dangerous if it feeds the consensus path. The skill works best when you tell it where state can change and who can trigger that change.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

solana-vulnerability-scanner

by trailofbits

solana-vulnerability-scanner is a focused Solana security audit skill for native Rust and Anchor programs. It helps review CPI logic, PDA validation, signer and ownership checks, and sysvar spoofing to catch six critical Solana-specific vulnerabilities before deployment.

Security Audit

Favorites 0GitHub 4.9k

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

secure-workflow-guide

by trailofbits

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

Security Audit

Favorites 0GitHub 4.9k

algorand-vulnerability-scanner

by trailofbits

algorand-vulnerability-scanner is a security-audit skill for Algorand TEAL and PyTeal. It helps find 11 common issues, including rekeying attacks, fee validation gaps, field checks, and access control flaws. Use the algorand-vulnerability-scanner skill for a practical first-pass review before a manual audit.

Security Audit

Favorites 0GitHub 4.9k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

token-integration-analyzer

by trailofbits

token-integration-analyzer is a security-review skill for token implementations and token integrations. It checks ERC20/ERC721 conformity, weird token patterns, owner privileges, scarcity, and non-standard token handling for Security Audit workflows. Use the token-integration-analyzer guide to reduce guesswork and assess compatibility risk.

Security Audit

Favorites 0GitHub 4.9k

audit-website

by squirrelscan

The audit-website skill uses the squirrel CLI to audit websites and webapps across 230+ rules for SEO, technical, content, performance, security, links, and site health, then returns actionable LLM-ready reports.

UX Audit

Favorites 0GitHub 68

skill-comply

by affaan-m

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Compliance Review

Favorites 0GitHub 156.3k

security-scan

by affaan-m

The security-scan skill audits your Claude Code .claude/ configuration for secrets, risky MCP setup, injection-prone instructions, dangerous bypass flags, and weak agent or hook definitions using AgentShield. Use it for repeatable security checks before committing or onboarding.

Security Audit

Favorites 0GitHub 156.3k

perl-security

by affaan-m

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

Security Audit

Favorites 0GitHub 156.2k

laravel-security

by affaan-m

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

Security Audit

Favorites 0GitHub 156.2k

healthcare-eval-harness

by affaan-m

healthcare-eval-harness is a patient safety evaluation harness for healthcare app deployments. It helps teams verify CDSS accuracy, PHI exposure, data integrity, clinical workflow behavior, and integration compliance before release. Critical failures block deployment, making it useful for healthcare-eval-harness for Model Evaluation and CI safety gates.

Model Evaluation

Favorites 0GitHub 156.2k

github-ops

by affaan-m

github-ops is a GitHub operations skill for triaging issues, managing PRs, checking CI failures, preparing releases, and monitoring repository health with the gh CLI. Use the github-ops skill when you need repeatable github-ops usage for a real repository, with auth via gh auth login and clear repo context.

Github

Favorites 0GitHub 156.2k

ecc-tools-cost-audit

by affaan-m

ecc-tools-cost-audit is an evidence-first audit skill for ECC Tools cost spikes, runaway PR creation, quota bypass, premium-model leakage, and duplicate jobs. Use it for Backend Development investigations that trace a request from webhook to worker to billing decision and prove where spend is being created.

Backend Development

Favorites 0GitHub 156.1k

defi-amm-security

by affaan-m

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

Security Audit

Favorites 0GitHub 156.1k