Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

plamentsv/external-precondition-audit

Name: external-precondition-audit
Author: plamentsv

agents/skills/evm/external-precondition-audit/SKILL.md

npx skillsauth add plamentsv/plamen external-precondition-audit

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

EXTERNAL_PRECONDITION_AUDIT Skill

Trigger Pattern: Any external contract interaction detected in attack_surface.md Inject Into: Breadth agents (merged via M7 hierarchy) Constraint: Interface-level inference only -- no production fetch required

For every external contract the protocol interacts with:

1. Interface-Level Requirement Inference

From the interface/import used by the protocol, infer what the external contract requires:

| External Function Called | Parameters Passed | Likely Preconditions (from interface) | Our Protocol Validates? | |-------------------------|-------------------|---------------------------------------|------------------------|

Inference method: Read the function signature, parameter names, NatSpec comments (if any), and common patterns for that function type. Example: IVault.swap(FundManagement memory funds) -> infer that funds.sender must be authorized, funds.recipient determines where output goes.

2. Return Value Consumption

| External Call | Return Type | How Protocol Uses Return | Failure Mode if Return Unexpected | |--------------|-------------|-------------------------|----------------------------------|

For each return value: what happens if it returns 0? What happens if it returns MAX? What happens if the external call reverts?

For each external data structure received (Vec, array, Map, list): (a) What ordering/uniqueness does the consuming code assume? (b) Does the external contract's spec guarantee that ordering? (c) What happens if the assumption is violated (unsorted, duplicates, gaps)?

3. State Dependency Mapping

| Protocol State | Depends on External State | External State Can Change Without Our Knowledge? | |---------------|--------------------------|--------------------------------------------------|

For each dependency: model what happens when the external state changes between our protocol's read and use.

Step Execution Checklist

| Section | Required | Completed? | |---------|----------|------------| | 1. Interface-Level Requirement Inference | YES | Y/N/? | | 2. Return Value Consumption | YES | Y/N/? | | 3. State Dependency Mapping | YES | Y/N/? |

plamentsv/external-precondition-audit

agents/skills/evm/external-precondition-audit/SKILL.md

Trigger Pattern Any external contract interaction detected in attack_surface.md - Inject Into Breadth agents (merged via M7 hierarchy)

225 stars

testing

Updated May 14, 2026

$ install --global

skillsauth

npx skillsauth add plamentsv/plamen external-precondition-audit

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 14, 2026, 5:31 AM181.3s1 file scanned

SKILL.md

name:: external-precondition-audit
description:: Trigger Pattern Any external contract interaction detected in attack_surface.md - Inject Into Breadth agents (merged via M7 hierarchy)

EXTERNAL_PRECONDITION_AUDIT Skill

Trigger Pattern: Any external contract interaction detected in attack_surface.md Inject Into: Breadth agents (merged via M7 hierarchy) Constraint: Interface-level inference only -- no production fetch required

For every external contract the protocol interacts with:

1. Interface-Level Requirement Inference

From the interface/import used by the protocol, infer what the external contract requires:

2. Return Value Consumption

| External Call | Return Type | How Protocol Uses Return | Failure Mode if Return Unexpected | |--------------|-------------|-------------------------|----------------------------------|

For each return value: what happens if it returns 0? What happens if it returns MAX? What happens if the external call reverts?

For each external data structure received (Vec, array, Map, list): (a) What ordering/uniqueness does the consuming code assume? (b) Does the external contract's spec guarantee that ordering? (c) What happens if the assumption is violated (unsorted, duplicates, gaps)?

3. State Dependency Mapping

| Protocol State | Depends on External State | External State Can Change Without Our Knowledge? | |---------------|--------------------------|--------------------------------------------------|

For each dependency: model what happens when the external state changes between our protocol's read and use.

Step Execution Checklist

Related Skills

plamentsv/audit-prep

development

VerifiedTrustedCommunity

Prepare Solidity projects for a security audit — test coverage, test quality, NatSpec docs, code hygiene, dependency health, best-practice enforcement, deployment readiness, and project documentation checks. Generates a scored Audit Readiness Report and optionally runs static analysis. Trigger on: "prepare for audit", "audit readiness", "pre-audit check", "audit prep", "NatSpec check", or any request to review a Solidity codebase before a security review.

225SKILL.mdUpdated May 14, 2026

plamentsv/plamen

development

VerifiedTrustedCommunity

Launch the Plamen deterministic Web3 security audit pipeline

225SKILL.mdUpdated May 14, 2026

plamentsv/plamen-wizard

development

VerifiedTrustedCommunity

Run the Plamen smart-contract audit wizard in Codex

225SKILL.mdUpdated May 14, 2026

plamentsv/plamen-wizard

plamentsv/plamen-l1

testing

VerifiedTrustedCommunity

Launch the Plamen deterministic L1 infrastructure audit pipeline

225SKILL.mdUpdated May 14, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/plamentsv/plamen.git

# Copy into Claude Code skills folder (global)
cp -r plamen/agents/skills/evm/external-precondition-audit ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

plamentsv/plamen

225 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT