0x-shashi/skills/advanced/skill-chains
skills/advanced/skill-chains/SKILL.md
Ordered sequences of individual audit skills to execute for different audit depth levels ensuring comprehensive, systematic coverage. Use when selecting between quick scan, standard audit, deep audit, or full engagement workflows to match coverage to time and scope constraints.
$ install --global
skillsauthnpx skillsauth add 0x-shashi/web3-audit-skills skills/advanced/skill-chainsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
70%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 23, 2026, 10:37 PM181.5s5 files scanned
SKILL.md
- id:
- skill-chains
- title:
- Skill Chains Skill
- category:
- advanced
- difficulty:
- intermediate
- last_updated:
- 2026-02-26
- description:
- >-
Skill Chains Skill
Purpose
Skill chains define ordered sequences of individual audit skills to execute for different audit depth levels. They ensure comprehensive, systematic coverage appropriate to the engagement scope.
Available Chains
| Chain | Duration | Depth | Use Case | |-------|----------|-------|----------| | Quick Scan | 1-2 hours | Surface | Initial assessment, triage | | Deep Dive | 1-2 days | Focused | Specific contract/module analysis | | Full Audit | 1-2 weeks | Comprehensive | Complete protocol audit |
Chain Selection Guide
Time < 2 hours? → Quick Scan
Focused on specific area? → Deep Dive
Full engagement? → Full Audit
Design Principles
- Progressive Depth: Each chain level includes all previous levels plus more
- Exit Early: If critical issue found, can escalate from Quick Scan to Deep Dive
- Composable: Deep Dive can be run on specific modules identified by Quick Scan
- Reproducible: Same chain on same code produces same coverage
Prerequisites
Skill chains require all individual skills referenced in the chain to be available. The Commands skill MUST be loaded for chain invocation.
Validation
To verify chain completeness, validate skill availability:
# Validate all skills in a chain are loadable
def validate_chain(chain_config):
for step in chain_config['steps']:
skill_path = f"skills/{step['skill']}/SKILL.md"
assert os.path.exists(skill_path), f"Missing skill: {skill_path}"
print(f"Verified: {step['skill']} (order: {step['order']})")
# Example chain configuration
chain: quick-scan
duration: 1-2 hours
steps:
- skill: solidity-scanner
order: 1
required: true
- skill: checklists
order: 2
required: true
- skill: severity
order: 3
optional: true
# Test chain execution order
python -m pytest tests/skill_chains/ -v --chain quick-scan
Behavior Guidelines
- Chain selection MUST match engagement scope and time constraints
- Quick Scan steps are required as a minimum for any engagement
- Deep Dive modules may optionally be added based on Quick Scan findings
- Full Audit chains ALWAYS include all Quick Scan and Deep Dive steps
References
- Skill Chains References - Chain composition diagrams and coverage matrices
Related Skills
0x-shashi/skills/variant-analysis
development
VerifiedTrustedCommunity
Systematically hunt for every variant of a discovered vulnerability across the entire codebase. Use when a bug is found and all instances of the same root cause pattern must be identified, or when performing variant analysis during competitive audits on Code4rena or Sherlock.
45SKILL.mdUpdated Mar 23, 2026
0x-shashi/skills/ton-scanner
testing
VerifiedTrustedCommunity
Use when the user wants to audit TON smart contracts for security vulnerabilities, scan FunC or Tact contracts for message chain replay, bounce handling, or gas issues, review TON DeFi protocols for actor-model concurrency flaws, or analyze asynchronous message passing security.
45SKILL.mdUpdated Mar 23, 2026
0x-shashi/skills/token-analyzer
tools
VerifiedTrustedCommunity
Analyze ERC20/ERC721/ERC1155 token implementations for non-standard behavior, fee-on-transfer mechanics, rebasing logic, blacklists, pausability, and integration risks. Use when reviewing protocols that interact with external tokens or implementing token-related features.
45SKILL.mdUpdated Mar 23, 2026
0x-shashi/skills/sui-scanner
testing
VerifiedTrustedCommunity
Use when the user wants to audit Sui Move smart contracts, scan Sui-specific patterns including object ownership, shared objects, or dynamic fields, review Sui DeFi protocols for object model security issues, or analyze Sui-specific transaction and consensus patterns.
45SKILL.mdUpdated Mar 23, 2026