near/near-contract-audit
skills/near-contract-audit/SKILL.md
Comprehensive security audit skill for NEAR Protocol smart contracts written in Rust. Use when auditing NEAR contracts, reviewing security vulnerabilities, or analyzing contract code for issues like reentrancy, unhandled promises, unsafe math, access control flaws, and callback security.
$ install --global
skillsauthnpx skillsauth add near/agent-skills near-contract-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 10, 2026, 2:18 AM5.5s4 files scanned
SKILL.md
- name:
- near-contract-audit
- description:
- Comprehensive security audit skill for NEAR Protocol smart contracts written in Rust. Use when auditing NEAR contracts, reviewing security vulnerabilities, or analyzing contract code for issues like reentrancy, unhandled promises, unsafe math, access control flaws, and callback security.
NEAR Contract Audit
Security audit skill for NEAR smart contracts in Rust.
Audit Workflow
Phase 1: Automated Analysis
Run your preferred Rust static analysis and NEAR-focused security tools on the contract to:
- Scan for common vulnerability patterns (reentrancy, unsafe math, unhandled promises, access control issues, etc.)
- Highlight potentially risky patterns for deeper manual review
Phase 2: Manual Review
After automated analysis, perform manual review for:
- Business logic vulnerabilities
- Access control patterns
- Economic attack vectors
- Cross-contract interaction safety
Phase 3: Code-Specific Analysis
For each finding, verify:
- Is it a true positive?
- What is the exploitability?
- What is the recommended fix?
Phase 4: Report Generation
Document findings with severity, location, description, and remediation.
Vulnerability Quick Reference
| Severity | Detector ID | Description |
| ---------- | -------------------------------- | ----------------------------------------------- |
| High | non-private-callback | Callback missing #[private] macro |
| High | reentrancy | State change after cross-contract call |
| High | incorrect-argument-or-return-types | Using native integer types in JSON interfaces |
| High | unsaved-changes | Collection modifications not persisted |
| High | owner-check | Missing caller/owner verification |
| High | yocto-attach | Missing assert_one_yocto on sensitive functions |
| High | storage-collision | Same storage prefix for different collections |
| High | required-initialization-macro | Missing #[init] on initialization method |
| Medium | gas-griefing | Unbounded loops causing DoS |
| Medium | insecure-random | Predictable randomness from block data |
| Medium | prepaid-gas | Insufficient gas reserved for callbacks |
| Low | cover-storage-cost | Missing storage deposit verification |
| Low | unsafe-math | Arithmetic without overflow checks |
| Low | float-math | Using floating point types for financial math |
Reference Files
For detailed vulnerability documentation with code examples:
- high-severity.md - Critical vulnerabilities (8 detectors)
- medium-severity.md - Medium vulnerabilities (4 detectors)
- low-severity.md - Low severity findings (3 detectors)
Related Skills
near/near-smart-contracts
development
VerifiedTrustedCommunity
NEAR Protocol smart contract development in Rust. Use when writing, reviewing, or deploying NEAR smart contracts. Covers contract structure, state management, cross-contract calls, testing, security, and optimization patterns. Based on near-sdk v5.x with modern macro syntax.
10SKILL.mdUpdated Apr 10, 2026
near/near-kit
development
VerifiedTrustedCommunity
TypeScript library for NEAR Protocol blockchain interaction. Use this skill when writing code that interacts with NEAR Protocol, including viewing contract data, calling contract methods, sending NEAR tokens, building transactions, creating type-safe contract wrappers, integrating wallets (Wallet Selector, HOT Connect), React hooks and providers (@near-kit/react), managing keys, testing with sandbox, meta-transactions (NEP-366), and message signing (NEP-413).
10SKILL.mdUpdated Apr 10, 2026
near/near-intents
tools
VerifiedTrustedCommunity
Cross-chain token swap integration using NEAR Intents 1Click API. Use when building swap widgets, bridge interfaces, or multi-chain transfers across EVM, Solana, NEAR, TON, Stellar, and Tron.
10SKILL.mdUpdated Apr 10, 2026
near/near-dapp
development
VerifiedTrustedCommunity
Build NEAR Protocol dApps. Use for: (1) creating new NEAR dApps with `create-near-app` (Vite+React, Next.js), (2) adding NEAR wallet connection to existing apps with `@hot-labs/near-connect` and `near-connect-hooks`, (3) building frontend UI for NEAR smart contracts, (4) integrating wallet sign-in/sign-out, contract calls, and transaction signing into web applications.
10SKILL.mdUpdated Apr 10, 2026