token-integration-analyzer

by trailofbits

token-integration-analyzer is a security-review skill for token implementations and token integrations. It checks ERC20/ERC721 conformity, weird token patterns, owner privileges, scarcity, and non-standard token handling for Security Audit workflows. Use the token-integration-analyzer guide to reduce guesswork and assess compatibility risk.

Stars4.9k

Favorites0

Comments0

AddedApr 30, 2026

CategorySecurity Audit

Install Command

npx skills add trailofbits/skills --skill token-integration-analyzer

Curation Score

This skill scores 83/100, which means it is a solid directory candidate: it gives agents a clear trigger, a substantive token-analysis workflow, and reusable report formats that should reduce guesswork versus a generic prompt. For directory users, it looks worth installing if they need structured ERC20/ERC721 integration review or weird-token risk analysis, though they should expect some workflow specifics to be inferred from the docs rather than automated by scripts.

83/100

Strengths

Strong operational scope: it explicitly targets token implementations, token integrations, on-chain scarcity analysis, and 20+ weird token patterns.
Good triggerability and structure: the frontmatter description and multi-phase workflow make it easy for an agent to recognize when to use the skill.
Useful deliverables: assessment categories and report templates provide concrete output structure for reviews.

Cautions

No install command or helper scripts are included, so execution still depends on the agent following the written procedure.
The repository is documentation-heavy and appears to rely on manual analysis steps, which may limit speed and consistency in complex engagements.

Security Audit Solidity Ethereum Smart Contracts Erc20 Erc721 Slither

Overview

Overview of token-integration-analyzer skill

What token-integration-analyzer does

token-integration-analyzer is a focused security-review skill for token code and token-facing protocols. It helps you check whether a token really behaves like ERC20 or ERC721, whether a protocol can safely handle weird or non-standard tokens, and whether owner powers, scarcity, or upgrade paths create hidden risk.

Who should use it

Use the token-integration-analyzer skill if you are reviewing a token launch, a DeFi integration, a vault, a bridge, a marketplace, or any system that accepts third-party tokens. It is especially useful for teams doing a token-integration-analyzer for Security Audit workflow where token behavior is part of the threat model, not just the application logic.

Why it is different

This skill is not a generic “analyze my Solidity repo” prompt. It is built around a token-integration checklist, weird-token pattern coverage, and context discovery. That means the token-integration-analyzer install is most valuable when you need decision-grade output on compatibility and edge cases, not just a superficial standards check.

How to Use token-integration-analyzer skill

Install and locate the right files

For token-integration-analyzer install, use the repo’s skill path from trailofbits/skills and then start with SKILL.md. Next, read resources/ASSESSMENT_CATEGORIES.md for the check categories and resources/REPORT_TEMPLATES.md for the expected output shape. Those two files are the fastest way to understand what evidence the skill will ask for.

Turn a rough goal into a usable prompt

Good token-integration-analyzer usage starts with a clear target:

“Review this ERC20 for non-standard transfer behavior and owner controls.”
“Assess whether our lending protocol safely handles fee-on-transfer and rebasing tokens.”
“Check this NFT contract for ERC721 compliance, approval handling, and mint/burn edge cases.”

Include chain, contract type, deployment stage, and any known special behavior. If you know the token is upgradeable, rebasing, fee-on-transfer, pausable, or proxy-based, say so up front. Those facts change the analysis path more than broad security context does.

Suggested workflow for best results

State whether you are analyzing a token implementation or a token integration.
Provide the relevant source files, deployed address, or repo path.
Ask for a checklist-style review plus a concise risk summary.
Request attention to odd behaviors like taxes, rebases, blacklists, flash minting, or custom approvals.

The skill works best when you ask it to map behavior to concrete risk, not just to “find issues.”

What to read first

Begin with SKILL.md, then use the two resources files above to understand categories and reporting format. If your repo has Solidity, inspect the token contract, integration points, inheritance tree, and any proxy or admin modules before running a full review. For token-integration-analyzer guide workflows, that order reduces false confidence and makes the output easier to verify.

token-integration-analyzer skill FAQ

Is this only for token contracts?

No. The token-integration-analyzer skill covers both token implementations and protocols that integrate with tokens. That distinction matters: a perfectly valid token can still be dangerous for a vault, AMM, or bridge if the protocol assumes standard ERC behavior.

Do I need to be a Solidity expert?

No, but better inputs improve the result. Beginners can use it if they can name the contract, token type, and intended behavior. If you can’t explain the token’s special mechanics in one sentence, the skill may miss the key risk you care about.

Why not just use a normal prompt?

A normal prompt often misses weird-token edge cases, owner privilege implications, and the difference between standard compliance and safe integration. This skill is more useful when you want structured analysis and a repeatable review path instead of a one-off answer.

When should I not use it?

Skip it if your task is unrelated to token behavior, or if you only need a high-level product summary. It is also a weak fit when you cannot provide enough source context or deployment detail to distinguish standard ERC behavior from custom logic.

How to Improve token-integration-analyzer skill

Give the skill the exact token behavior

The biggest quality jump comes from naming nonstandard mechanics explicitly. Say whether the token has fees, rebases, blacklist rules, mint controls, pausability, hooks, wrapper logic, or proxy upgrades. For token-integration-analyzer, those details are more actionable than generic “audit this token” phrasing.

Ask for the output you need

If you need a security review, ask for a checklist plus ranked risks. If you need integration guidance, ask for expected failure modes and unsupported token classes. If you need launch readiness, ask for a yes/no recommendation with the blockers that matter most.

Watch for common failure modes

The most common mistake is underspecifying the environment: token standard, chain, proxy pattern, and integration surface. Another mistake is asking only for “bugs” when the real issue is compatibility. A token can pass basic ERC checks and still break accounting, withdrawals, or pricing logic in downstream systems.

Iterate with concrete follow-up data

If the first pass is incomplete, add the exact function, file, or address that seems risky, then rerun the token-integration-analyzer usage prompt with that evidence. Strong follow-up inputs look like: “Focus on transfer, fee exemptions, and the admin mint path in Token.sol; the protocol assumes transferFrom returns true and never reverts.”

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

solana-vulnerability-scanner

by trailofbits

solana-vulnerability-scanner is a focused Solana security audit skill for native Rust and Anchor programs. It helps review CPI logic, PDA validation, signer and ownership checks, and sysvar spoofing to catch six critical Solana-specific vulnerabilities before deployment.

Security Audit

Favorites 0GitHub 4.9k

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

secure-workflow-guide

by trailofbits

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

Security Audit

Favorites 0GitHub 4.9k

algorand-vulnerability-scanner

by trailofbits

algorand-vulnerability-scanner is a security-audit skill for Algorand TEAL and PyTeal. It helps find 11 common issues, including rekeying attacks, fee validation gaps, field checks, and access control flaws. Use the algorand-vulnerability-scanner skill for a practical first-pass review before a manual audit.

Security Audit

Favorites 0GitHub 4.9k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

cosmos-vulnerability-scanner

by trailofbits

cosmos-vulnerability-scanner finds consensus-critical bugs in Cosmos SDK modules, CosmWasm contracts, IBC integrations, and Cosmos EVM stacks. Use this cosmos-vulnerability-scanner guide for security audit workflows, chain-halt risks, fund-loss paths, and pre-launch reviews.

Security Audit

Favorites 0GitHub 4.9k

audit-website

by squirrelscan

The audit-website skill uses the squirrel CLI to audit websites and webapps across 230+ rules for SEO, technical, content, performance, security, links, and site health, then returns actionable LLM-ready reports.

UX Audit

Favorites 0GitHub 68

skill-comply

by affaan-m

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Compliance Review

Favorites 0GitHub 156.3k

security-scan

by affaan-m

The security-scan skill audits your Claude Code .claude/ configuration for secrets, risky MCP setup, injection-prone instructions, dangerous bypass flags, and weak agent or hook definitions using AgentShield. Use it for repeatable security checks before committing or onboarding.

Security Audit

Favorites 0GitHub 156.3k

perl-security

by affaan-m

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

Security Audit

Favorites 0GitHub 156.2k

laravel-security

by affaan-m

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

Security Audit

Favorites 0GitHub 156.2k

healthcare-eval-harness

by affaan-m

healthcare-eval-harness is a patient safety evaluation harness for healthcare app deployments. It helps teams verify CDSS accuracy, PHI exposure, data integrity, clinical workflow behavior, and integration compliance before release. Critical failures block deployment, making it useful for healthcare-eval-harness for Model Evaluation and CI safety gates.

Model Evaluation

Favorites 0GitHub 156.2k

github-ops

by affaan-m

github-ops is a GitHub operations skill for triaging issues, managing PRs, checking CI failures, preparing releases, and monitoring repository health with the gh CLI. Use the github-ops skill when you need repeatable github-ops usage for a real repository, with auth via gh auth login and clear repo context.

Github

Favorites 0GitHub 156.2k

ecc-tools-cost-audit

by affaan-m

ecc-tools-cost-audit is an evidence-first audit skill for ECC Tools cost spikes, runaway PR creation, quota bypass, premium-model leakage, and duplicate jobs. Use it for Backend Development investigations that trace a request from webhook to worker to billing decision and prove where spend is being created.

Backend Development

Favorites 0GitHub 156.1k

defi-amm-security

by affaan-m

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

Security Audit

Favorites 0GitHub 156.1k