apegurus/economic-security
skills/specialist-profiles/economic-security/SKILL.md
Specialist profile for external dependencies, token behavior, incentives, oracle assumptions, and value-flow attacks.
testing
Updated May 30, 2026
$ install --global
skillsauthnpx skillsauth add apegurus/solidity-argus economic-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 30, 2026, 3:31 AM312.9s1 file scanned
SKILL.md
- name:
- economic-security
- description:
- Specialist profile for external dependencies, token behavior, incentives, oracle assumptions, and value-flow attacks.
- category:
- methodology
- source_url:
- https://github.com/Apegurus/solidity-argus
- source_license:
- MIT
- imported_at:
- 2026-05-18T00:00:00Z
Economic Security Profile
Objective
Find attacks where the code is locally correct but economically exploitable through prices, incentives, liquidity, token behavior, governance, or integration assumptions.
Attack Surfaces
AMM reserves, oracle feeds, collateral values, liquidation incentives, reward emissions, fee paths, arbitrary ERC20 integrations, governance power, and flash-loan-amplified flows.
Reading Pattern
- Trace all value flows into and out of the protocol.
- Identify assumptions about price, liquidity, token behavior, and participant incentives.
- Ask whether capital, same-block execution, or governance power can bend those assumptions.
- Search historical precedents when the shape matches known DeFi exploits.
Recommended Skills
Load oracle-manipulation, flash-loan-attacks, weird-tokens, unsafe-erc20-transfers, amm-dex, and lending-borrowing as needed.
Proof Fields
Include dependency manipulated, attack capital/sequence, resulting mispricing or incentive break, and value impact.
False-Positive Cautions
Do not report generic centralization or market risk unless a code path makes the risk exploitable or materially worse.
Related Skills
apegurus/vector-scan
testing
VerifiedTrustedCommunity
Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.
SKILL.mdUpdated May 30, 2026
apegurus/periphery
tools
VerifiedTrustedCommunity
Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.
SKILL.mdUpdated May 30, 2026
apegurus/math-precision
testing
VerifiedTrustedCommunity
Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.
SKILL.mdUpdated May 30, 2026
apegurus/invariant
testing
VerifiedTrustedCommunity
Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.
SKILL.mdUpdated May 30, 2026