0x-shashi/skills/advanced/protocol-templates
skills/advanced/protocol-templates/SKILL.md
Structured, protocol-type-specific audit templates enumerating the exact checks, invariants, and attack vectors relevant to each protocol category. Use when auditing AMM/DEX, lending, bridge, governance, or vault protocols to load targeted checklists based on context detection results.
$ install --global
skillsauthnpx skillsauth add 0x-shashi/web3-audit-skills skills/advanced/protocol-templatesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 23, 2026, 10:34 PM111.5s7 files scanned
SKILL.md
- id:
- protocol-templates
- title:
- Protocol Templates Skill
- category:
- advanced
- difficulty:
- intermediate
- last_updated:
- 2026-02-26
- description:
- >-
Protocol Templates Skill
Purpose
Provide structured, protocol-type-specific audit templates that enumerate the exact checks, invariants, and attack vectors relevant to each protocol category. These templates are loaded based on context detection.
Available Templates
| Template | Protocol Type | Key Focus Areas | |----------|--------------|-----------------| | AMM/DEX | Uniswap, Curve, Balancer-style | Price manipulation, LP attacks, MEV | | Bridge | Cross-chain bridges | Message verification, replay, accounting | | Lending | Aave, Compound-style | Oracle, liquidation, interest rates | | NFT Marketplace | OpenSea, Blur-style | Order validation, royalties, signatures | | Staking | Lido, RocketPool-style | Reward distribution, withdrawal, delegation |
Template Structure
Each template follows a consistent format:
- Protocol Overview: What the protocol does
- Architecture Checklist: Structural checks
- Invariants: Mathematical properties that must hold
- Attack Vectors: Known exploits for this protocol type
- Critical Functions: Functions requiring deepest review
- Integration Risks: External dependency risks
- Economic Considerations: Game theory and incentive analysis
Usage
- Context detection identifies protocol type
- Appropriate template is loaded
- Auditor follows template checklist systematically
- Findings tagged with template category for standardized reporting
Prerequisites
Protocol templates require Context Detection for automatic loading. Manual template selection is also supported.
Validation
To verify template coverage, validate against known protocol types:
# Validate template completeness
required_sections = ["Overview", "Architecture Checklist", "Invariants", "Attack Vectors", "Critical Functions"]
for template in templates:
for section in required_sections:
assert section in template.sections, f"{template.name} missing {section}"
# Example template loading configuration
detected_type: amm-dex
confidence: 0.92
loaded_templates:
- amm-dex-template.md
- defi-patterns.md
checklist: dex-amm-checklist
# Test template file integrity
for f in *-template.md; do echo "Validating $f"; head -5 "$f"; done
Behavior Guidelines
- Template loading is required when context detection confidence exceeds 0.8
- Auditors MUST verify that all invariants in the template are tested
- Custom template sections may optionally be added for novel protocol designs
References
- Protocol Templates References - Template customization guides and architecture patterns
Related Skills
0x-shashi/skills/variant-analysis
development
VerifiedTrustedCommunity
Systematically hunt for every variant of a discovered vulnerability across the entire codebase. Use when a bug is found and all instances of the same root cause pattern must be identified, or when performing variant analysis during competitive audits on Code4rena or Sherlock.
45SKILL.mdUpdated Mar 23, 2026
0x-shashi/skills/ton-scanner
testing
VerifiedTrustedCommunity
Use when the user wants to audit TON smart contracts for security vulnerabilities, scan FunC or Tact contracts for message chain replay, bounce handling, or gas issues, review TON DeFi protocols for actor-model concurrency flaws, or analyze asynchronous message passing security.
45SKILL.mdUpdated Mar 23, 2026
0x-shashi/skills/token-analyzer
tools
VerifiedTrustedCommunity
Analyze ERC20/ERC721/ERC1155 token implementations for non-standard behavior, fee-on-transfer mechanics, rebasing logic, blacklists, pausability, and integration risks. Use when reviewing protocols that interact with external tokens or implementing token-related features.
45SKILL.mdUpdated Mar 23, 2026
0x-shashi/skills/sui-scanner
testing
VerifiedTrustedCommunity
Use when the user wants to audit Sui Move smart contracts, scan Sui-specific patterns including object ownership, shared objects, or dynamic fields, review Sui DeFi protocols for object model security issues, or analyze Sui-specific transaction and consensus patterns.
45SKILL.mdUpdated Mar 23, 2026