0x-shashi
29 verified skills1,305 total stars
skills/advanced/skill-chains
Ordered sequences of individual audit skills to execute for different audit depth levels ensuring comprehensive, systematic coverage. Use when selecting between quick scan, standard audit, deep audit, or full engagement workflows to match coverage to time and scope constraints.
testing45
skills/aptos-scanner
Use when the user wants to audit Aptos Move smart contracts, scan Aptos-specific patterns including global storage model, resource accounts, or coin modules, review Aptos DeFi protocols for framework module interaction vulnerabilities, or analyze Aptos-specific upgrade and governance patterns.
development45
skills/audit-context-building
Systematically build comprehensive understanding of a protocol before code-level analysis. Use when starting a new audit engagement, mapping trust boundaries and external dependencies, or when needing to identify all privileged roles and protocol invariants before manual review.
development45
skills/cairo-scanner
Use when the user wants to audit Cairo smart contracts for security vulnerabilities, scan Starknet contracts for felt overflow, storage collision, or account abstraction issues, review Cairo 2.x contracts for component architecture flaws, or analyze STARK-based protocols for cryptographic and computational errors.
testing45
skills/commands
Structured command patterns for invoking audit capabilities through slash commands. Use when triggering /audit, /scan, /checklist, /report, /severity, /patterns, or other slash commands that map to underlying skills and load the correct context for each workflow.
testing45
skills/cosmos-scanner
Use when the user wants to audit Cosmos SDK modules or CosmWasm smart contracts, scan IBC protocol interactions for relay, channel, or packet vulnerabilities, review Cosmos Go modules for state machine exploits, or analyze cross-chain message handling in the Cosmos ecosystem.
development45
skills/cyfrin-findings
Query the Cyfrin/Solodit findings database (50,530+ findings from 30+ audit firms) for vulnerability research, pattern extraction, and audit enhancement. Use when searching for historical findings by vulnerability type, protocol category, or severity, or when looking for similar bugs found in comparable protocols.
development45
skills/methodology
Comprehensive audit methodology guides covering the full security auditor workflow -- from preparation and AI-assisted analysis through formal verification, economic modeling, report writing, and skill quality scoring. Use when learning audit workflows, selecting testing strategies, or authoring new skills with TDD methodology.
testing45
skills/report-writer
Generate professional audit reports with structured findings, severity classifications, proof-of-concept code, and actionable recommendations. Use when writing individual findings, composing full audit reports, or formatting results for Code4rena, Sherlock, or client engagements.
tools45
skills/severity
Data-driven severity classification for smart contract audit findings with statistical breakdowns and 30 representative examples per level from top audit firms. Use when assigning severity to findings, justifying classifications with historical data, or calibrating severity judgment against Code4rena, Sherlock, and Cyfrin benchmarks.
development45
skills/solana-scanner
Use when auditing Solana programs for security vulnerabilities, reviewing Anchor or Pinocchio/native Rust smart contracts, checking CPI safety, PDA validation, account ownership, signer verification, or Token-2022 security.
development45
skills/starknet-scanner
Use when the user wants to audit Starknet contracts for security vulnerabilities, scan Cairo contracts for Starknet-specific patterns including account abstraction, class replacement, or L1-L2 messaging, review Starknet DeFi protocols for component architecture flaws, or analyze cross-layer bridge security.
testing45
skills/static-analysis
Integrate automated static analysis tools (Slither, Mythril, Aderyn, Semgrep) into the audit workflow to catch known vulnerability patterns before manual review. Use when starting an audit to establish a coverage baseline, or when configuring static analysis tooling for a project.
tools45
skills/aztec-scanner
Use when the user wants to audit Aztec Network smart contracts written in Noir, scan for privacy-specific vulnerabilities including state leakage, note handling, or nullifier collisions, review private DeFi protocols for information disclosure, or analyze encrypted computation and zero-knowledge proof circuits.
development45
skills/differential-review
Compare two versions of a codebase to identify security implications of changes. Use when reviewing protocol upgrades, verifying bug fixes, auditing dependency updates, or when only a subset of code has changed since the last audit.
development45
skills/fuel-scanner
Use when the user wants to audit Fuel Network smart contracts written in Sway, scan FuelVM contracts for UTXO-model, predicate, or script vulnerabilities, review Fuel DeFi protocols for multi-asset handling issues, or analyze Sway-specific patterns including storage access and message passing.
testing45
skills/scoring
Quantitative scoring framework for measuring audit quality with objective metrics to evaluate performance, track improvement over time, and identify areas needing attention. Use when benchmarking audit thoroughness, comparing engagement quality, or building quality gates into CI pipelines.
development45
skills/spec-compliance
Verify smart contract implementations comply with EIP/ERC standards and protocol specifications. Use when checking ERC-20, ERC-721, ERC-1155, ERC-4626, or EIP-712 compliance, or when identifying non-standard token behavior that causes integration failures.
testing45
skills/sui-scanner
Use when the user wants to audit Sui Move smart contracts, scan Sui-specific patterns including object ownership, shared objects, or dynamic fields, review Sui DeFi protocols for object model security issues, or analyze Sui-specific transaction and consensus patterns.
testing45
skills/ton-scanner
Use when the user wants to audit TON smart contracts for security vulnerabilities, scan FunC or Tact contracts for message chain replay, bounce handling, or gas issues, review TON DeFi protocols for actor-model concurrency flaws, or analyze asynchronous message passing security.
testing45
skills
Root skill definition for the Web3 Audit Plugin providing AI-powered smart contract security auditing across EVM, Solana, Move, Cairo, CosmWasm, and TON platforms. Use as the top-level entry point for understanding plugin capabilities, supported chains, and skill routing.
tools45
skills/advanced/attack-chains
Detect multi-step exploit sequences where individual steps may appear benign but combine into critical vulnerabilities. Use when analyzing protocols for flash-loan-to-governance chains, oracle manipulation sequences, or cross-contract re-entrancy paths inspired by real-world exploits like Ronin, Wormhole, and Beanstalk.
development45
skills/token-analyzer
Analyze ERC20/ERC721/ERC1155 token implementations for non-standard behavior, fee-on-transfer mechanics, rebasing logic, blacklists, pausability, and integration risks. Use when reviewing protocols that interact with external tokens or implementing token-related features.
tools45
skills/advanced/protocol-templates
Structured, protocol-type-specific audit templates enumerating the exact checks, invariants, and attack vectors relevant to each protocol category. Use when auditing AMM/DEX, lending, bridge, governance, or vault protocols to load targeted checklists based on context detection results.
development45
skills/solidity-scanner
Use when the user wants to audit Solidity smart contracts for security vulnerabilities, scan EVM-compatible contracts for reentrancy, oracle manipulation, access-control, or flash-loan issues, review DeFi protocols on Ethereum, Arbitrum, Optimism, Base, Polygon, or BSC, or generate security audit reports for smart contract deployments.
development45
skills/variant-analysis
Systematically hunt for every variant of a discovered vulnerability across the entire codebase. Use when a bug is found and all instances of the same root cause pattern must be identified, or when performing variant analysis during competitive audits on Code4rena or Sherlock.
development45
skills/fix-review
Verify that bug fixes correctly address reported vulnerabilities without introducing new issues. Use when reviewing protocol team fix submissions, during re-audit engagements, or in contest mitigation review phases on Sherlock and Code4rena.
development45
skills/advanced/context-detection
Automatically identify the type of protocol being audited to load appropriate checklists, templates, and vulnerability patterns without manual configuration. Use when starting any new audit to classify the protocol (DeFi lending, AMM, bridge, governance, etc.) and surface the most relevant checks.
development45
skills/move-scanner
Use when the user wants to audit Move smart contracts for security vulnerabilities, scan Aptos or Sui contracts for resource safety, capability leaks, or module upgrade issues, review Move-based DeFi protocols for object model and linear type violations, or analyze cross-module trust boundaries.
development45