Smart Contracts

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

defi-protocol-templates is a GitHub skill that helps scaffold DeFi contract patterns for staking, AMMs, governance, lending, and flash loans. Best used as a starting point for Solidity design and prompting, not as an audited production framework.

Use the nft-standards skill to design NFT contracts around ERC-721 and ERC-1155, with guidance on metadata, minting, royalties, soulbound patterns, dynamic NFTs, and marketplace-aware behavior for Web3 projects.

solidity-security is a focused Solidity audit and secure-coding skill for reviewing reentrancy, access control, unsafe external calls, and remediation patterns. Use it to prepare contracts for Security Audit, improve prompts, and get more structured review output than a generic audit request.

The web3-testing skill helps you design and scaffold smart contract test workflows with Hardhat and Foundry, including unit tests, integration coverage, mainnet forking, fuzzing, gas checks, and setup guidance for Solidity and DeFi teams.

spec-to-code-compliance verifies that code matches written specifications exactly for blockchain audits and Compliance Review. Use the spec-to-code-compliance skill to compare whitepapers, design docs, and implementations, identify missing behavior, and flag undocumented or divergent logic.

ton-vulnerability-scanner is a focused audit skill for TON smart contracts written in FunC. It helps identify integer-as-boolean misuse, fake Jetton contract handling, and missing gas checks when forwarding TON. Use it for a fast first-pass Security Audit before deeper manual review.

token-integration-analyzer is a security-review skill for token implementations and token integrations. It checks ERC20/ERC721 conformity, weird token patterns, owner privileges, scarcity, and non-standard token handling for Security Audit workflows. Use the token-integration-analyzer guide to reduce guesswork and assess compatibility risk.

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

guidelines-advisor is a smart contract development advisor based on Trail of Bits best practices. It analyzes a codebase to generate documentation, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Use the guidelines-advisor guide for clear, evidence-based recommendations.

code-maturity-assessor provides an evidence-based maturity review using Trail of Bits’ 9-category framework. It assesses arithmetic safety, auditing, access control, complexity, decentralization, documentation, MEV risk, low-level code, and testing, with actionable recommendations for security audit readiness.

cairo-vulnerability-scanner scans Cairo/StarkNet smart contracts for six critical issues, including felt252 arithmetic errors, L1-L2 messaging flaws, address conversion bugs, and signature replay. Use this cairo-vulnerability-scanner skill for Security Audit reviews of StarkNet contracts.

algorand-vulnerability-scanner is a security-audit skill for Algorand TEAL and PyTeal. It helps find 11 common issues, including rekeying attacks, fee validation gaps, field checks, and access control flaws. Use the algorand-vulnerability-scanner skill for a practical first-pass review before a manual audit.