defi-amm-security

by affaan-m

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

Stars156.1k

Favorites0

Comments0

AddedApr 15, 2026

CategorySecurity Audit

Install Command

npx skills add affaan-m/everything-claude-code --skill defi-amm-security

Curation Score

This skill scores 78/100, which means it is a solid listing candidate for directory users who need DeFi AMM-specific security guidance. It gives enough concrete workflow content to be meaningfully more useful than a generic prompt, though it still lacks some adoption aids like a dedicated install command and supporting reference files.

78/100

Strengths

Clear use cases for AMM, liquidity-pool, and swap-flow audits, so agents can trigger it with low guesswork
Substantive checklist-plus-pattern content with security topics like reentrancy, CEI ordering, donation/inflation attacks, oracle manipulation, and admin controls
Good operational structure: valid frontmatter, multiple headings, and code examples that help an agent follow hardened implementation patterns

Cautions

No install command and no support files (scripts, references, resources), so adoption relies mainly on the SKILL.md content
The repository preview shows only one file, so users should expect a focused checklist skill rather than a broader automated audit workflow

Solidity Defi Smart Contracts Ethereum Blockchain Web3

Overview

Overview of defi-amm-security skill

What defi-amm-security is for

The defi-amm-security skill is a focused review aid for Solidity AMMs, liquidity pools, LP vaults, and swap logic. It helps you audit the parts that usually break first: reentrancy, checks-effects-interactions order, reserve and share math, slippage handling, oracle assumptions, donation or inflation attacks, and privileged admin controls.

Who should install it

Install the defi-amm-security skill if you are building or reviewing a DeFi protocol with token balances, pricing logic, or user-facing entrypoints. It is especially useful for auditors, protocol engineers, and security reviewers who need a practical defi-amm-security for Security Audit workflow instead of a generic Solidity checklist.

What makes it different

This skill is narrower than a general smart-contract security prompt. The value of defi-amm-security is that it centers the real AMM failure modes that affect funds, pricing, and share accounting. That means less guesswork when you need to decide whether a pool is safe to ship, whether a swap path is manipulable, or whether a vault’s math can be distorted by empty-state or balance-based edge cases.

How to Use defi-amm-security skill

Install and locate the skill

Use the repository install flow for your environment, then point your agent at skills/defi-amm-security. Start by reading SKILL.md first, because it contains the intended scope and the security categories the skill expects you to check.

Give the skill the right input

The defi-amm-security usage works best when your prompt includes:

the contract type: AMM, LP vault, router, swapper, or fee module
the risky functions: swap, deposit, withdraw, mint, burn, skim, sync
the token model: ERC20, fee-on-transfer, rebasing, or wrapped assets
the pricing model: constant product, stableswap, share-based accounting, or oracle-dependent pricing

A stronger prompt is specific, for example: “Audit this AMM for donation attacks, reentrancy, and reserve manipulation, and check whether token.balanceOf(address(this)) can be abused in share math.” That is much better than “review this DeFi contract.”

Read the repo in the right order

For defi-amm-security install, the highest-signal path is:

SKILL.md for scope and examples
the target AMM or vault contracts
any router, adapter, or oracle files that affect pricing or execution
tests that cover edge cases, especially zero-liquidity, fee changes, and unusual token behavior

This skill does not rely on helper folders in the repository, so the main value comes from applying its checklist to your codebase, not from extra assets.

Use a security-audit workflow

Treat the skill as a pass over each entrypoint and accounting assumption:

check external calls before state updates
verify slippage and deadline protections exist where users expect them
test whether deposits, withdrawals, or swaps can be skewed by stale balances
confirm admin powers cannot silently change economics without controls or events

The best defi-amm-security guide usage is to map each function to one threat class, then write down the exploit path you are trying to rule out.

defi-amm-security skill FAQ

Is this only for AMMs?

No. The defi-amm-security skill also fits LP vaults, swap routers, and any Solidity contract that prices assets from balances or reserves. If the contract moves tokens and computes shares, this skill is relevant.

When should I not use it?

Do not use defi-amm-security as your only review method for governance, cross-chain bridges, or non-DeFi business logic. It is specialized for pool math, swap execution, and token-flow security, so broader protocol risks need additional review.

Is it better than a generic prompt?

Usually yes for this use case. A generic prompt may miss donation attacks, reserve desync, oracle dependency, or CEI violations in swap paths. The defi-amm-security skill narrows attention to the issues that actually cause AMM losses.

Is it beginner-friendly?

Yes, if you already know basic Solidity and ERC20 behavior. The skill is useful for beginners because it gives a concrete review frame, but you still need to understand how balances, shares, and external calls interact before trusting the result.

How to Improve defi-amm-security skill

Provide the contract context up front

The quality of defi-amm-security output improves when you include the pool design, token behavior, and trust assumptions. Say whether fees exist, whether the protocol uses an oracle, and whether admins can pause, upgrade, or set parameters. Those details change the attack surface.

Ask for the failure mode, not just the bug

A good defi-amm-security usage prompt asks the model to explain how the issue could be exploited and what state transition makes it possible. That produces more useful review notes than a simple “find vulnerabilities” request.

Force edge-case checks

The biggest failure modes in AMM review are usually around empty pools, first deposit, rounding, fee-on-transfer tokens, and balance-based accounting. Ask the skill to test those paths explicitly so you get signal beyond standard reentrancy advice.

Iterate with code and test outputs

After the first pass, feed the skill the exact function, invariant, or failing test you want rechecked. For defi-amm-security for Security Audit, the fastest improvement comes from narrowing the question: “Does this withdraw path still resist donation attacks if the token charges a transfer fee?”

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

audit-website

by squirrelscan

The audit-website skill uses the squirrel CLI to audit websites and webapps across 230+ rules for SEO, technical, content, performance, security, links, and site health, then returns actionable LLM-ready reports.

UX Audit

Favorites 0GitHub 68

skill-comply

by affaan-m

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Compliance Review

Favorites 0GitHub 156.3k

security-scan

by affaan-m

The security-scan skill audits your Claude Code .claude/ configuration for secrets, risky MCP setup, injection-prone instructions, dangerous bypass flags, and weak agent or hook definitions using AgentShield. Use it for repeatable security checks before committing or onboarding.

Security Audit

Favorites 0GitHub 156.3k

perl-security

by affaan-m

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

Security Audit

Favorites 0GitHub 156.2k

laravel-security

by affaan-m

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

Security Audit

Favorites 0GitHub 156.2k

healthcare-eval-harness

by affaan-m

healthcare-eval-harness is a patient safety evaluation harness for healthcare app deployments. It helps teams verify CDSS accuracy, PHI exposure, data integrity, clinical workflow behavior, and integration compliance before release. Critical failures block deployment, making it useful for healthcare-eval-harness for Model Evaluation and CI safety gates.

Model Evaluation

Favorites 0GitHub 156.2k

github-ops

by affaan-m

github-ops is a GitHub operations skill for triaging issues, managing PRs, checking CI failures, preparing releases, and monitoring repository health with the gh CLI. Use the github-ops skill when you need repeatable github-ops usage for a real repository, with auth via gh auth login and clear repo context.

Github

Favorites 0GitHub 156.2k

ecc-tools-cost-audit

by affaan-m

ecc-tools-cost-audit is an evidence-first audit skill for ECC Tools cost spikes, runaway PR creation, quota bypass, premium-model leakage, and duplicate jobs. Use it for Backend Development investigations that trace a request from webhook to worker to billing decision and prove where spend is being created.

Backend Development

Favorites 0GitHub 156.1k

code-reviewer

by Shubhamsaboo

code-reviewer is an AI code review skill that follows a strict review order: security, performance, correctness, and maintainability. It uses rule files for SQL injection, XSS, N+1 queries, error handling, naming, and type hints, making PR reviews more consistent than a generic review prompt.

Code Review

Favorites 0GitHub 104.2k

stride-analysis-patterns

by wshobson

stride-analysis-patterns helps agents run a structured STRIDE threat-modeling pass for architectures, APIs, and data flows. Install from the wshobson/agents repo, read the SKILL.md file, and use it to turn system descriptions into categorized threats and control-focused review output.

Threat Modeling

Favorites 0GitHub 32.6k

anti-reversing-techniques

by wshobson

anti-reversing-techniques is a reverse-engineering skill for authorized malware analysis, CTF work, packed binary triage, and security audits. It helps you identify anti-debugging, anti-VM, packing, and obfuscation patterns, then choose a practical analysis workflow using the core skill and advanced reference.

Security Audit

Favorites 0GitHub 32.6k

k8s-security-policies

by wshobson

k8s-security-policies helps teams draft Kubernetes NetworkPolicy, Pod Security Standards labels, and RBAC patterns using repo-backed templates and references for hardening and audit-ready rollout planning.

Security Audit

Favorites 0GitHub 32.6k

security

by markdown-viewer

The security skill creates PlantUML security architecture diagrams with AWS stencils for identity, encryption, firewalling, compliance, and threat detection. Use it for IAM flows, zero-trust designs, encryption pipelines, Security Audit diagrams, and review-ready documentation. It is not meant for general cloud infrastructure or generic UML modeling.

Security Audit

Favorites 0GitHub 1.1k