plamentsv/write-error-divergence
agents/skills/injectable/l1/write-error-divergence/SKILL.md
L1 trigger - audits file/database write paths for metadata commits, cache updates, and success returns that diverge when writes fail.
$ install --global
skillsauthnpx skillsauth add plamentsv/plamen write-error-divergenceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 5:38 AM207.3s1 file scanned
SKILL.md
- name:
- write-error-divergence
- description:
- L1 trigger - audits file/database write paths for metadata commits, cache updates, and success returns that diverge when writes fail.
Injectable Skill: Write Error Divergence
L1 trigger:
STORAGEorDATABASE_TXflag OR file/DB write APIs detected (write_all,fs::write,rename,flush,commit,put,insert,batch,transaction) Inject Into:depth-state-trace,depth-edge-caseLanguage: Go and Rust Finding prefix:[WED-N]
Purpose
Node clients often pair durable writes with in-memory metadata, indexes, caches, or database transactions. If metadata advances before the durable write succeeds, restart or reorg behavior can diverge from the actual persisted state.
1. Write Unit Enumeration
For each storage path, enumerate the logical write unit:
| Write Unit | Data Write | Metadata/Index Update | Error Check | Rollback/Cleanup | Verdict | |------------|------------|-----------------------|-------------|------------------|---------|
Include:
- block/header/transaction persistence;
- cache metadata, expiry timestamps, indices, checkpoints, migration markers;
- database transactions and batches;
- file writes that use temp files, rename, flush, fsync, or parent-directory fsync.
2. Required Checks
For each write unit:
- Metadata-before-data: metadata, cache state, or checkpoint markers must not advance before the durable write succeeds.
- Success-after-side-effect:
Ok(()), HTTP success, or actor success messages must be returned only after the write and required flush/commit complete. - Commit-before-check: database transactions must not commit when the closure or inner operation returned an error.
- Partial write: short writes, interrupted writes, rename failures, flush/fsync failures, and parent-directory fsync failures must be handled consistently.
- Rollback/cleanup: failed writes must either roll back metadata or leave an explicit repair/retry marker.
- Restart trace: trace what a node observes after restart if the write fails at each boundary.
Tag evidence as [WED-METADATA-BEFORE-DATA:{file}:{line}], [WED-COMMIT-BEFORE-CHECK:{file}:{line}], [WED-SUCCESS-BEFORE-WRITE:{file}:{line}], or [WED-RESTART-DIVERGE:{file}:{line}].
3. Non-Finding Rules
Do not report internal best-practice issues unless a failed write can produce stale reads, corrupted state, replay, permanent data loss, fork-choice divergence, or a liveness failure after restart.
4. Output
Use normal finding format. If no finding exists, still emit the write-unit table with file:line evidence for each safe rollback or commit path.
Related Skills
plamentsv/audit-prep
development
VerifiedTrustedCommunity
Prepare Solidity projects for a security audit — test coverage, test quality, NatSpec docs, code hygiene, dependency health, best-practice enforcement, deployment readiness, and project documentation checks. Generates a scored Audit Readiness Report and optionally runs static analysis. Trigger on: "prepare for audit", "audit readiness", "pre-audit check", "audit prep", "NatSpec check", or any request to review a Solidity codebase before a security review.
225SKILL.mdUpdated May 14, 2026
plamentsv/plamen
development
VerifiedTrustedCommunity
Launch the Plamen deterministic Web3 security audit pipeline
225SKILL.mdUpdated May 14, 2026
plamentsv/plamen-wizard
development
VerifiedTrustedCommunity
Run the Plamen smart-contract audit wizard in Codex
225SKILL.mdUpdated May 14, 2026
plamentsv/plamen-l1
testing
VerifiedTrustedCommunity
Launch the Plamen deterministic L1 infrastructure audit pipeline
225SKILL.mdUpdated May 14, 2026