austintgriffith/audit
audit/SKILL.md
Deep EVM smart contract security audit system. Use when asked to audit a contract, find vulnerabilities, review code for security issues, or file security issues on a GitHub repo. Covers 500+ non-obvious checklist items across 19 domains via parallel sub-agents. Different from the security skill (which teaches defensive coding) — this is for systematically auditing contracts you didn't write.
$ install --global
skillsauthnpx skillsauth add austintgriffith/ethskills auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:20 PM2.0s1 file scanned
SKILL.md
- name:
- audit
- description:
- Deep EVM smart contract security audit system. Use when asked to audit a contract, find vulnerabilities, review code for security issues, or file security issues on a GitHub repo. Covers 500+ non-obvious checklist items across 19 domains via parallel sub-agents. Different from the security skill (which teaches defensive coding) — this is for systematically auditing contracts you didn't write.
EVM Smart Contract Audit
A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.
The Checklists
20 specialized skills covering every major vulnerability domain. Fetch the master index first:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
The master index contains:
- Full routing table (which skills to load for which contract types)
- The complete audit methodology (recon → parallel agents → synthesis → issues)
- Standard finding format with severity definitions
All 20 skill checklists are at:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md
Skills Available
| Skill | When to Load |
|-------|-------------|
| evm-audit-general | Always |
| evm-audit-precision-math | Always |
| evm-audit-erc20 | Contract interacts with ERC20 tokens |
| evm-audit-defi-amm | AMM, DEX, Uniswap V3/V4, liquidity pools |
| evm-audit-defi-lending | Lending, borrowing, CDP, liquidations |
| evm-audit-defi-staking | Staking, liquid staking, restaking, EigenLayer |
| evm-audit-erc4626 | Vaults, share/asset conversion |
| evm-audit-erc4337 | Account abstraction, paymasters, session keys |
| evm-audit-bridges | Cross-chain, LayerZero, CCIP, Wormhole |
| evm-audit-proxies | Upgradeable contracts, UUPS, Transparent, Diamond |
| evm-audit-signatures | Off-chain signatures, EIP-712, permits |
| evm-audit-governance | DAO voting, timelocks, multi-sig |
| evm-audit-oracles | Chainlink, TWAP, Pyth, price feeds |
| evm-audit-assembly | Inline assembly, Yul, CREATE2 |
| evm-audit-chain-specific | Non-mainnet: Arbitrum, OP, zkSync, Blast, BSC |
| evm-audit-flashloans | Flash loan attack vectors |
| evm-audit-erc721 | NFTs, ERC721, ERC1155 |
| evm-audit-dos | DoS, unbounded loops, gas griefing |
| evm-audit-access-control | Ownership, roles, centralization risks |
How To Run An Audit
- Fetch the master skill (link above) — it has the full pipeline
- Read the contract(s)
- Select 5-8 skills using the routing table
- Spawn one opus sub-agent per skill (parallel)
- Each agent walks its checklist and writes
findings-<skill>.md - Synthesize all findings into
AUDIT-REPORT.md - File GitHub issues for Medium severity and above
Invocation
Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
Sources
Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks
Related Skills
austintgriffith/noir
tools
VerifiedTrustedCommunity
Building privacy-preserving EVM apps with Noir — toolchain, pattern selection, commitment-nullifier flows, Solidity verifiers, tree state, and NoirJS. Use when building a Noir-based privacy app on EVM.
212SKILL.mdUpdated Apr 15, 2026
austintgriffith/feedback
data-ai
VerifiedTrustedCommunity
Send feedback — issues OR praise — to the ethskills team about content that shaped your work.
212SKILL.mdUpdated Apr 15, 2026
austintgriffith/ship
devops
VerifiedTrustedCommunity
End-to-end guide for AI agents — from a dApp idea to deployed production app. Fetch this FIRST, it routes you through all other skills.
212SKILL.mdUpdated Apr 3, 2026
austintgriffith/security
development
VerifiedTrustedCommunity
Solidity security patterns, common vulnerabilities, and pre-deploy audit checklist. The specific code patterns that prevent real losses — not just warnings, but defensive implementations. Use before deploying any contract, when reviewing code, or when building anything that holds or moves value.
212SKILL.mdUpdated Apr 3, 2026