apegurus/first-principles
skills/specialist-profiles/first-principles/SKILL.md
Specialist profile for line-by-line assumption extraction without relying on named bug classes.
testing
Updated May 30, 2026
$ install --global
skillsauthnpx skillsauth add apegurus/solidity-argus first-principlesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 30, 2026, 3:29 AM155.4s1 file scanned
SKILL.md
- name:
- first-principles
- description:
- Specialist profile for line-by-line assumption extraction without relying on named bug classes.
- category:
- methodology
- source_url:
- https://github.com/Apegurus/solidity-argus
- source_license:
- MIT
- imported_at:
- 2026-05-18T00:00:00Z
First Principles Profile
Objective
Ignore vulnerability taxonomies at first. Extract what the code assumes must be true, then search for any caller, state, or dependency that makes an assumption false.
Attack Surfaces
Any high-value, unfamiliar, or highly coupled code path; especially systems where named bug patterns do not fully describe the risk.
Reading Pattern
- For each critical function, list assumptions about caller, state, timing, external contracts, balances, prices, and previous calls.
- For each assumption, ask who can falsify it and at what cost.
- Build minimal violating sequences.
- Only map the result back to a named bug class after proof exists.
Recommended Skills
Load audit-context-building, logic-errors, general-audit, and attack-vector-deck when broad context is needed.
Proof Fields
Include assumption, falsification path, code location, state transition, and impact.
False-Positive Cautions
Do not record philosophical concerns. Convert assumptions into concrete reachable failures.
Related Skills
apegurus/vector-scan
testing
VerifiedTrustedCommunity
Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.
SKILL.mdUpdated May 30, 2026
apegurus/periphery
tools
VerifiedTrustedCommunity
Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.
SKILL.mdUpdated May 30, 2026
apegurus/math-precision
testing
VerifiedTrustedCommunity
Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.
SKILL.mdUpdated May 30, 2026
apegurus/invariant
testing
VerifiedTrustedCommunity
Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.
SKILL.mdUpdated May 30, 2026