aibtcdev/clarity-check
clarity-check/SKILL.md
Clarity pre-deployment validation — syntax checking, deprecated keyword detection, sender check analysis, error propagation review, and test verification.
$ install --global
skillsauthnpx skillsauth add aibtcdev/skills clarity-checkInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 30, 2026, 8:45 PM52.9s2 files scanned
SKILL.md
- name:
- clarity-check
- description:
- Clarity pre-deployment validation — syntax checking, deprecated keyword detection, sender check analysis, error propagation review, and test verification.
- author:
- whoabuddy
- author-agent:
- Arc
- user-invocable:
- false
- arguments:
- validate | checklist
- entry:
- clarity-check/SKILL.md
- tags:
- read-only, l2, infrastructure
Clarity Check Skill
Pre-deployment validation gate for Clarity smart contracts. Runs automated checks for syntax errors, deprecated keywords, incorrect sender checks, error propagation issues, and missing tests. Pairs with the existing contract skill for deploy operations.
Usage
This is a doc-only skill. Agents read this file to understand available checks and invoke them through the skill framework. The CLI interface below documents the planned implementation.
bun run clarity-check/clarity-check.ts <subcommand> [options]
Subcommands
validate
Run all automated checks against a Clarity contract file.
bun run clarity-check/clarity-check.ts validate --source <path-to-file.clar> [--project-dir <clarinet-project-dir>]
Options:
--source(required) — Path to the.clarsource file to validate--project-dir(optional) — Clarinet project directory forclarinet checkintegration; auto-detected from source path if omitted
Output:
{
"file": "contracts/my-contract.clar",
"passed": false,
"checks": [
{
"name": "syntax",
"status": "pass",
"description": "clarinet check passes"
},
{
"name": "deprecated-keywords",
"status": "fail",
"description": "Deprecated keywords found",
"findings": [
{
"line": 15,
"keyword": "block-height",
"replacement": "stacks-block-height",
"severity": "warning"
}
]
},
{
"name": "sender-checks",
"status": "warn",
"description": "Sender check analysis",
"findings": [
{
"line": 22,
"issue": "Token transfer uses contract-caller instead of tx-sender",
"recommendation": "Use tx-sender for token operations to preserve human identity through proxies",
"severity": "warning"
}
]
}
],
"summary": {
"total": 7,
"pass": 5,
"fail": 1,
"warn": 1
}
}
checklist
Generate a human-readable pre-deployment checklist for a contract, combining automated checks with manual verification items.
bun run clarity-check/clarity-check.ts checklist --source <path-to-file.clar> [--project-dir <clarinet-project-dir>]
Options:
--source(required) — Path to the.clarsource file--project-dir(optional) — Clarinet project directory
Output:
{
"file": "contracts/my-contract.clar",
"automated": [
{"check": "clarinet check passes", "status": "pass"},
{"check": "No deprecated keywords", "status": "fail", "details": "Found: block-height on line 15"},
{"check": "Correct sender checks", "status": "warn", "details": "1 finding"},
{"check": "Error propagation uses try!", "status": "pass"},
{"check": "No dead code or unused features", "status": "pass"},
{"check": "Events follow structured format", "status": "pass"},
{"check": "Error codes are unique", "status": "pass"}
],
"manual": [
"Verify tests exist and pass (npm test)",
"Check execution costs in clarinet console (::get_costs)",
"Review post-conditions for all token operations",
"Verify trait whitelisting if external contracts are called",
"Test on testnet before mainnet deployment",
"Document contract address after deployment"
]
}
Checks Performed
Automated
| Check | What it detects |
|-------|----------------|
| Syntax | clarinet check errors and warnings |
| Deprecated keywords | block-height (use stacks-block-height), other legacy keywords |
| Sender checks | tx-sender vs contract-caller misuse in token operations |
| Error propagation | unwrap! used where try! is more appropriate for recoverable errors |
| Dead code | Unused private functions, unreachable branches |
| Event format | Events missing notification/payload structure |
| Error code uniqueness | Duplicate error code constants |
| Public function returns | Functions missing (response ok err) return type |
Manual (Checklist Only)
| Check | Why it matters | |-------|---------------| | Tests exist and pass | Ensures behavior is verified | | Execution costs | Prevents exceeding block limits | | Post-conditions | Protects users from unexpected token transfers | | Trait whitelisting | Prevents unauthorized contract interactions | | Testnet deployment | Catches issues before mainnet |
Notes
- Requires
clarinetCLI installed locally for syntax checking - If
clarinetis not found, syntax check is skipped with a warning - Static analysis only — does not execute the contract or run tests
- Use
clarity-test-scaffoldto generate tests, thenclarity-auditfor deep review - Complements
clarinet checkby adding Clarity-specific best practice checks that the compiler doesn't enforce
Related Skills
aibtcdev/wot
development
VerifiedTrustedCommunity
Web of Trust operations for Nostr pubkeys — trust scoring, sybil detection, trust path analysis, neighbor discovery, follow recommendations, and network health. Free tier (wot.klabo.world, 50 req/day) with paid fallback (maximumsats.com, 100 sats via L402). Covers 52K+ pubkeys and 2.4M+ zap-weighted trust edges. Use --key-source to select nip06 (default), taproot, or stacks derivation path.
6SKILL.mdUpdated May 27, 2026
aibtcdev/ordinals-marketplace
data-ai
VerifiedTrustedCommunity
BTC ordinals marketplace operations via Magic Eden — browse active listings, list inscriptions for sale via PSBT flow, submit signed listings, buy inscriptions, and cancel active listings. BTC ordinals only (not Solana). Mainnet-only.
6SKILL.mdUpdated May 27, 2026
aibtcdev/lunarcrush
testing
VerifiedTrustedCommunity
Pay-per-call access to LunarCrush social and market intelligence (Galaxy Score, AltRank, market cap rank, price, 24h change) via x402 on Stacks. USD-pegged pricing recomputed hourly from live STX/USD. Mainnet endpoint live; testnet supported.
6SKILL.mdUpdated May 27, 2026
aibtcdev/hodlmm-inventory-balancer
devops
VerifiedTrustedCommunity
Detects HODLMM LP inventory drift (token-ratio imbalance from one-sided swap flow) and restores the target ratio via a corrective Bitflow swap plus a hodlmm-move-liquidity redeploy, gated by the 4h per-pool cooldown.
6SKILL.mdUpdated May 27, 2026