substrate-vulnerability-scanner

by trailofbits

substrate-vulnerability-scanner helps audit Substrate and FRAME pallets for critical issues like arithmetic overflow, panic DoS, bad origin checks, incorrect weights, and unsafe unsigned extrinsics. Use this substrate-vulnerability-scanner skill for Security Audit reviews of runtimes, pallet extrinsics, and weight logic.

Stars5k

Favorites0

Comments0

AddedMay 4, 2026

CategorySecurity Audit

Install Command

npx skills add trailofbits/skills --skill substrate-vulnerability-scanner

Curation Score

This skill scores 78/100, which means it is a solid listing candidate for directory users: it has a clear Substrate-specific security use case, enough procedural detail to guide execution, and enough repository substance to justify install consideration. Users should still expect some adoption friction because there is no install command and the workflow is documentation-driven rather than tool-automated.

78/100

Strengths

Clearly targeted at auditing Substrate/FRAME pallets, with explicit use cases like runtime review, pre-launch assessment, and dispatchable validation.
Provides concrete vulnerability coverage for 7 Substrate-specific patterns, backed by a dedicated reference file with detection patterns and mitigations.
Includes substantial operational guidance such as platform detection markers, code examples, and constraints, which lowers guesswork for an agent.

Cautions

No install command or automated scripts are provided, so users must integrate it manually into their workflow.
The skill appears documentation-heavy rather than execution-heavy, so results may depend on the agent interpreting the patterns correctly instead of following a runnable pipeline.

Substrate Polkadot Rust Auditing Security Vulnerability Discovery Developer Audience

Overview

Overview of substrate-vulnerability-scanner skill

What substrate-vulnerability-scanner does

The substrate-vulnerability-scanner skill helps you audit Substrate and FRAME code for seven high-risk, platform-specific bugs that can lead to crashes, denial of service, or unauthorized state changes. It is most useful when you need a focused substrate-vulnerability-scanner for Security Audit workflow rather than a general Rust review.

Who should use it

Use this skill if you are reviewing custom pallets, runtime extrinsics, weight logic, or unsigned transaction validation in Polkadot parachains or standalone Substrate chains. It is a strong fit for security engineers, protocol developers, and reviewers who need a fast first-pass security screen before deeper manual analysis.

What it catches best

The repository is tuned for patterns that often slip through ordinary code review: arithmetic overflow, panic-triggered DoS, bad origin checks, incorrect weights, unsafe unsigned extrinsics, and related FRAME-specific mistakes. The main value is not broad code understanding; it is identifying the security classes that matter most in Substrate runtime code.

How to Use substrate-vulnerability-scanner skill

Install and scope the review

Run the substrate-vulnerability-scanner install flow with the trailofbits skills package, then aim it at a runtime or pallet boundary rather than an entire monorepo. Best results come when the input clearly says what is being audited, which pallet or chain is in scope, and whether you care about exploitability, fix recommendations, or a checklist-style pass.

Read these files first

Start with SKILL.md to understand the detection logic, then read resources/VULNERABILITY_PATTERNS.md for the actual check patterns and mitigations. If your repository has multiple pallets, inspect the pallet lib.rs or mod.rs files first, plus weight files and any unsigned transaction validation code, because those are the most likely places where this skill adds value.

Give the skill a complete prompt

A weak prompt says: “Scan this pallet for issues.” A stronger prompt says: “Review pallet_balances for Substrate-specific vulnerabilities. Focus on extrinsics, storage mutation, weight calculation, and origin checks. Flag any arithmetic that is not checked, any panic path reachable from user input, and any unsigned extrinsic validation gaps. Return findings with file paths, impacted function names, exploit impact, and remediation suggestions.” That kind of prompt makes substrate-vulnerability-scanner usage more reliable because it tells the model what to prioritize and what output format you want.

Workflow tips that improve signal

Use the skill as a structured first pass, then verify every flagged path against the runtime context. When you paste code, include surrounding type definitions and helper functions, because many Substrate bugs depend on config traits, origin types, or weight assumptions that are not obvious from one function alone. If the repo contains multiple pallets, run the skill per pallet instead of asking for a single global verdict.

substrate-vulnerability-scanner skill FAQ

Is substrate-vulnerability-scanner only for Substrate?

Yes, it is designed for Substrate/FRAME patterns, not generic Rust applications. A normal prompt can find code smells, but substrate-vulnerability-scanner is better when you need chain-runtime security judgment tied to pallet semantics and dispatchable behavior.

Do I need to be a Substrate expert?

No, but you will get better results if you can identify which code is runtime logic versus off-chain tooling. Beginners can still use the skill if they provide the exact pallet path and ask for concrete findings instead of broad advice.

When should I not use this skill?

Do not use it as your only audit method for business logic, cryptography, or off-chain services. If the risky area is outside runtime pallets, the skill may miss the real issue because its detection rules are optimized for FRAME and dispatchable functions.

How is it different from a generic security prompt?

A generic prompt may produce broad review notes, but this skill is anchored to a curated set of Substrate vulnerability patterns and the places they usually appear. That makes the substrate-vulnerability-scanner guide more decision-friendly when you need a security-oriented pass on runtime code with less guesswork.

How to Improve substrate-vulnerability-scanner skill

Provide the right context up front

The best inputs name the pallet, the chain type, and the code paths you care about most. Include whether the code handles balances, rewards, fees, governance, unsigned transactions, or root-only calls, because those details change which vulnerabilities matter most.

Ask for exploitable paths, not just matches

A common failure mode is a list of suspicious lines with no security meaning. Ask the skill to explain whether a pattern is actually reachable, what input triggers it, what the impact is, and whether the issue is a false positive caused by config traits or upstream invariants. That makes substrate-vulnerability-scanner usage more actionable for triage.

Tighten the review after the first pass

If the first output is noisy, narrow the scope to one pallet, one extrinsic, or one concern such as ensure_* checks, weight math, or storage arithmetic. If the first output is too shallow, ask for a second pass that compares the flagged code against the patterns in resources/VULNERABILITY_PATTERNS.md and the surrounding trait bounds, because those details often separate real bugs from safe abstractions.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

solana-vulnerability-scanner

by trailofbits

solana-vulnerability-scanner is a focused Solana security audit skill for native Rust and Anchor programs. It helps review CPI logic, PDA validation, signer and ownership checks, and sysvar spoofing to catch six critical Solana-specific vulnerabilities before deployment.

Security Audit

Favorites 0GitHub 4.9k

sharp-edges

by trailofbits

The sharp-edges skill helps you find APIs, configs, and interfaces where the easy path leads to insecure use. Use it to review authentication flows, cryptographic wrappers, dangerous defaults, null or zero semantics, and misuse-prone design choices. It is a strong fit for sharp-edges for Security Audit work when you need concrete footguns, not generic security guesses.

Security Audit

Favorites 0GitHub 5k

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

ossfuzz

by trailofbits

Learn the ossfuzz skill for continuous fuzzing setup, project enrollment, harness planning, and build workflow review. This guide helps security engineers and maintainers assess readiness, spot build blockers, and prepare a practical path from source tree to OSS-Fuzz or private fuzzing infrastructure.

Security Audit

Favorites 0GitHub 5k

codeql

by trailofbits

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

Security Audit

Favorites 0GitHub 5k

semgrep-rule-creator

by trailofbits

semgrep-rule-creator creates production-quality Semgrep rules for security vulnerabilities, bug patterns, taint-flow detections, and coding standards. Use the semgrep-rule-creator skill for Security Audit work when you need precise rules, test cases, and validation instead of a generic draft.

Security Audit

Favorites 0GitHub 5k

insecure-defaults

by trailofbits

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

Security Audit

Favorites 0GitHub 5k

constant-time-analysis

by trailofbits

constant-time-analysis is a security-audit skill for finding timing side-channel risks in cryptographic code before they become exploitable bugs. Use it to review secret-dependent math, branches, comparisons, and compiled output when checking C, C++, Go, Rust, Swift, Java, Kotlin, PHP, JavaScript, TypeScript, Python, or Ruby.

Security Audit

Favorites 0GitHub 5k

secure-workflow-guide

by trailofbits

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

Security Audit

Favorites 0GitHub 4.9k

algorand-vulnerability-scanner

by trailofbits

algorand-vulnerability-scanner is a security-audit skill for Algorand TEAL and PyTeal. It helps find 11 common issues, including rekeying attacks, fee validation gaps, field checks, and access control flaws. Use the algorand-vulnerability-scanner skill for a practical first-pass review before a manual audit.

Security Audit

Favorites 0GitHub 4.9k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

entra-agent-id

by microsoft

entra-agent-id is a Microsoft Entra Agent ID preview skill for backend development teams building OAuth2-capable AI agent identities with Graph beta. It covers blueprint setup, blueprint principals, agent identities, permissions, sponsors, workload identity federation, and sidecar-based auth. Use it to understand entra-agent-id install, usage, and rollout constraints.

Backend Development

Favorites 0GitHub 0

token-integration-analyzer

by trailofbits

token-integration-analyzer is a security-review skill for token implementations and token integrations. It checks ERC20/ERC721 conformity, weird token patterns, owner privileges, scarcity, and non-standard token handling for Security Audit workflows. Use the token-integration-analyzer guide to reduce guesswork and assess compatibility risk.

Security Audit

Favorites 0GitHub 4.9k

cosmos-vulnerability-scanner

by trailofbits

cosmos-vulnerability-scanner finds consensus-critical bugs in Cosmos SDK modules, CosmWasm contracts, IBC integrations, and Cosmos EVM stacks. Use this cosmos-vulnerability-scanner guide for security audit workflows, chain-halt risks, fund-loss paths, and pre-launch reviews.

Security Audit

Favorites 0GitHub 4.9k

ruzzy

by trailofbits

ruzzy is a coverage-guided Ruby fuzzing skill for testing pure Ruby code and Ruby C extensions. Use the ruzzy guide to set up a supported Linux environment, verify sanitizer wiring, and build practical fuzzing workflows for Security Audit work.

Security Audit

Favorites 0GitHub 5k