@elizaos/skills 2.0.0-alpha.10

package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md

@@ -0,0 +1,155 @@
+# Solana Entry Point Detection
+
+## Entry Point Identification (State-Changing Only)
+
+In Solana, most program instructions modify state. **Exclude** view-only patterns:
+- Instructions that only read account data without `mut` references
+- Pure computation functions that don't write to accounts
+
+### Native Solana Programs
+```rust
+// Single entrypoint macro
+entrypoint!(process_instruction);
+
+pub fn process_instruction(
+    program_id: &Pubkey,
+    accounts: &[AccountInfo],
+    instruction_data: &[u8],
+) -> ProgramResult {
+    // Dispatch to handlers based on instruction_data
+}
+```
+
+### Anchor Framework
+```rust
+#[program]
+mod my_program {
+    use super::*;
+    
+    // Each pub fn is an entry point
+    pub fn initialize(ctx: Context<Initialize>) -> Result<()> { }
+    pub fn transfer(ctx: Context<Transfer>, amount: u64) -> Result<()> { }
+}
+```
+
+### Entry Point Detection Rules
+| Pattern | Include? | Notes |
+|---------|----------|-------|
+| `entrypoint!(fn_name)` | **Yes** | Native program entry |
+| `pub fn` inside `#[program]` mod with `mut` accounts | **Yes** | Anchor state-changing |
+| `pub fn` inside `#[program]` mod (view-only) | No | Exclude if no `mut` accounts |
+| Functions in `processor.rs` matching instruction enum | **Yes** | Native pattern |
+| Internal helper functions | No | Not externally callable |
+
+## Access Control Patterns
+
+### Anchor Constraints
+```rust
+#[derive(Accounts)]
+pub struct AdminOnly<'info> {
+    #[account(mut)]
+    pub admin: Signer<'info>,
+    
+    #[account(
+        constraint = config.admin == admin.key() @ ErrorCode::Unauthorized
+    )]
+    pub config: Account<'info, Config>,
+}
+```
+
+### Common Access Control Patterns
+| Pattern | Classification |
+|---------|----------------|
+| `constraint = X.admin == signer.key()` | Admin |
+| `constraint = X.owner == signer.key()` | Owner |
+| `constraint = X.authority == signer.key()` | Authority (Admin-level) |
+| `constraint = X.governance == signer.key()` | Governance |
+| `constraint = X.guardian == signer.key()` | Guardian |
+| `has_one = admin` | Admin |
+| `has_one = owner` | Owner |
+| `has_one = authority` | Authority |
+| `Signer` account with no constraints | Review Required |
+
+### Native Access Control
+```rust
+// Check signer
+if !accounts[0].is_signer {
+    return Err(ProgramError::MissingRequiredSignature);
+}
+
+// Check specific authority
+if accounts[0].key != &expected_authority {
+    return Err(ProgramError::InvalidAccountData);
+}
+```
+
+### Access Control Macros (Anchor)
+```rust
+#[access_control(is_admin(&ctx))]
+pub fn admin_function(ctx: Context<AdminAction>) -> Result<()> { }
+
+fn is_admin(ctx: &Context<AdminAction>) -> Result<()> {
+    require!(ctx.accounts.admin.key() == ADMIN_PUBKEY, Unauthorized);
+    Ok(())
+}
+```
+
+## Contract-Only Detection (CPI Patterns)
+
+### Cross-Program Invocation Sources
+```rust
+// Functions expected to be called via CPI
+pub fn on_token_transfer(ctx: Context<TokenCallback>, amount: u64) -> Result<()> {
+    // Should verify calling program
+    require!(
+        ctx.accounts.calling_program.key() == expected_program::ID,
+        ErrorCode::InvalidCaller
+    );
+}
+```
+
+### CPI Verification Patterns
+```rust
+// Verify CPI caller
+let calling_program = ctx.accounts.calling_program.key();
+require!(calling_program == &spl_token::ID, InvalidCaller);
+
+// Check instruction sysvar for CPI
+let ix = load_current_index_checked(&ctx.accounts.instruction_sysvar)?;
+```
+
+## Extraction Strategy
+
+1. **Detect Framework**:
+   - Check `Cargo.toml` for `anchor-lang` → Anchor
+   - Check for `entrypoint!` macro → Native
+   
+2. **For Anchor**:
+   - Find `#[program]` module
+   - Extract all `pub fn` within it
+   - Parse `#[derive(Accounts)]` structs for constraints
+   
+3. **For Native**:
+   - Find instruction enum (usually in `instruction.rs`)
+   - Map variants to handler functions in `processor.rs`
+   - Check each handler for signer/authority checks
+
+4. **Classify**:
+   - No authority constraints → Public (Unrestricted)
+   - `has_one`, `constraint` with authority → Role-based
+   - CPI-only patterns → Contract-Only
+
+## Solana-Specific Considerations
+
+1. **Account Validation**: Access control often via account constraints, not function-level
+2. **PDA Authority**: Program Derived Addresses can act as authorities
+3. **Signer vs Authority**: `Signer` alone doesn't mean admin—check what the signer controls
+4. **Instruction Data**: Native programs dispatch based on instruction discriminator
+
+## Common Gotchas
+
+1. **Initialize Patterns**: `is_initialized` checks—first caller may set authority
+2. **Upgrade Authority**: Programs can be upgraded—check upgrade authority
+3. **Multisig**: Some operations require multiple signers
+4. **CPI Safety**: Functions callable via CPI should verify calling program
+5. **Freeze Authority**: Token accounts may have freeze authority

package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md

@@ -0,0 +1,135 @@
+# Solidity Entry Point Detection
+
+## Entry Point Identification (State-Changing Only)
+
+### Include: State-Changing Functions
+```solidity
+function name() external { }           // State-changing entry point
+function name() external payable { }   // State-changing, receives ETH
+function name() public { }             // State-changing entry point
+```
+
+### Exclude: Read-Only Functions
+```solidity
+function name() external view { }      // EXCLUDE - cannot modify state
+function name() external pure { }      // EXCLUDE - no state access
+function name() public view { }        // EXCLUDE - cannot modify state
+```
+
+### Visibility and Mutability Matrix
+| Visibility | Mutability | Include? | Notes |
+|------------|------------|----------|-------|
+| `external` | (none) | **Yes** | State-changing entry point |
+| `external` | `payable` | **Yes** | State-changing, receives ETH |
+| `external` | `view` | No | Read-only, exclude |
+| `external` | `pure` | No | No state access, exclude |
+| `public` | (none) | **Yes** | State-changing entry point |
+| `public` | `payable` | **Yes** | State-changing, receives ETH |
+| `public` | `view` | No | Read-only, exclude |
+| `public` | `pure` | No | No state access, exclude |
+| `internal` | any | No | Not externally callable |
+| `private` | any | No | Not externally callable |
+
+### Special Entry Points
+- `receive() external payable` — Receives plain ETH transfers
+- `fallback() external` — Catches unmatched function calls
+- `constructor()` — One-time initialization (not recurring entry point)
+
+## Access Control Patterns
+
+### OpenZeppelin Patterns
+```solidity
+// Ownable
+modifier onlyOwner() { require(msg.sender == owner); }
+
+// AccessControl
+modifier onlyRole(bytes32 role) { require(hasRole(role, msg.sender)); }
+
+// Common role constants
+bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");
+bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
+bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
+```
+
+### Common Modifier Names → Role Classification
+| Modifier Pattern | Classification |
+|------------------|----------------|
+| `onlyOwner` | Admin/Owner |
+| `onlyAdmin` | Admin |
+| `onlyRole(ADMIN_ROLE)` | Admin |
+| `onlyRole(GOVERNANCE_ROLE)` | Governance |
+| `onlyGovernance` | Governance |
+| `onlyGuardian` | Guardian |
+| `onlyPauser`, `whenNotPaused` | Guardian/Pauser |
+| `onlyMinter` | Minter |
+| `onlyOperator` | Operator |
+| `onlyKeeper` | Keeper |
+| `onlyRelayer` | Relayer |
+| `onlyStrategy`, `onlyStrategist` | Strategist |
+| `onlyVault` | Contract-Only |
+
+### Inline Access Control (Flag for Review)
+```solidity
+require(msg.sender == someAddress, "...");      // Check who someAddress is
+require(authorized[msg.sender], "...");         // Dynamic authorization
+require(whitelist[msg.sender], "...");          // Whitelist pattern
+if (msg.sender != admin) revert();              // Inline admin check
+```
+
+## Contract-Only Detection
+
+### Callback Functions
+```solidity
+// ERC token callbacks
+function onERC721Received(...) external returns (bytes4)
+function onERC1155Received(...) external returns (bytes4)
+function onERC1155BatchReceived(...) external returns (bytes4)
+
+// DeFi callbacks
+function uniswapV3SwapCallback(...) external
+function uniswapV3MintCallback(...) external
+function pancakeV3SwapCallback(...) external
+function algebraSwapCallback(...) external
+
+// Flash loan callbacks
+function onFlashLoan(...) external returns (bytes32)
+function executeOperation(...) external returns (bool)  // Aave
+function receiveFlashLoan(...) external                 // Balancer
+```
+
+### Contract-Caller Checks
+```solidity
+require(msg.sender == address(pool), "...");    // Specific contract
+require(msg.sender != tx.origin, "...");        // Must be contract
+require(tx.origin != msg.sender);               // No EOA calls
+```
+
+## Extraction Strategy
+
+1. Parse all `.sol` files
+2. For each contract/interface/abstract:
+   - Extract `external` and `public` functions
+   - **Skip** functions with `view` or `pure` modifiers
+   - Record function signature: `name(paramTypes)`
+   - Record line number
+   - Extract all modifiers applied
+3. Classify by modifiers:
+   - No access modifiers → Public (Unrestricted)
+   - Known role modifier → Appropriate role category
+   - Inline `require(msg.sender...)` → Review Required
+   - Callback pattern → Contract-Only
+
+## Inheritance Considerations
+
+- Check parent contracts for modifier definitions
+- A function may inherit access control from overridden function
+- Abstract contracts may define modifiers used by children
+- Interfaces define signatures but not access control
+
+## Common Gotchas
+
+1. **Initializers**: `initialize()` often has `initializer` modifier but may be unrestricted on first call
+2. **Proxies**: Implementation contracts may have different access patterns than proxies
+3. **Upgrades**: `upgradeTo()`, `upgradeToAndCall()` are high-privilege
+4. **Multicall**: `multicall(bytes[])` allows batching—check what it can call
+5. **Permit**: `permit()` functions enable gasless approvals—check EIP-2612 compliance

package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md

@@ -0,0 +1,185 @@
+# TON Entry Point Detection (FunC/Tact)
+
+## Entry Point Identification (State-Changing Only)
+
+Focus on message handlers that modify state. **Exclude** read-only patterns:
+- `get` methods in FunC (pure getters)
+- Receivers that only return data without state changes
+
+### FunC Entry Points
+```func
+;; Main entry point - receives all external messages
+() recv_internal(int my_balance, int msg_value, cell in_msg_full, slice in_msg_body) impure {
+    ;; Dispatch based on op code
+    int op = in_msg_body~load_uint(32);
+    if (op == op::transfer) { handle_transfer(); }
+}
+
+;; External messages (from outside blockchain)
+() recv_external(slice in_msg) impure {
+    ;; Usually for wallet operations
+}
+
+;; Tick-tock for special contracts
+() run_ticktock(cell full_state, int is_tock) impure {
+}
+```
+
+### Tact Entry Points
+```tact
+contract MyContract {
+    // Receivers are entry points
+    receive(msg: Transfer) {
+        // Handle Transfer message
+    }
+    
+    receive("increment") {
+        // Handle text message
+    }
+    
+    // External receiver
+    external(msg: Deploy) {
+        // Handle external message
+    }
+    
+    // Bounce handler
+    bounced(src: bounced<Transfer>) {
+        // Handle bounced message
+    }
+}
+```
+
+### Entry Point Types
+| Pattern | Include? | Notes |
+|---------|----------|-------|
+| `recv_internal` | **Yes** | All internal messages (state-changing) |
+| `recv_external` | **Yes** | External (off-chain) messages |
+| `receive(MsgType)` | **Yes** | Tact message handler |
+| `external(MsgType)` | **Yes** | Tact external handler |
+| `bounced(...)` | **Yes** | Bounce handler |
+| `get` methods (FunC) | No | EXCLUDE - read-only getters |
+| `get fun` (Tact) | No | EXCLUDE - read-only getters |
+| Helper functions | No | Internal only |
+
+## Access Control Patterns
+
+### FunC Access Control
+```func
+;; Owner check
+() check_owner() impure inline {
+    throw_unless(401, equal_slices(sender_address, owner_address));
+}
+
+;; Admin check via stored address
+() require_admin() impure inline {
+    var ds = get_data().begin_parse();
+    slice admin = ds~load_msg_addr();
+    throw_unless(403, equal_slices(sender_address, admin));
+}
+```
+
+### Tact Access Control
+```tact
+contract Owned {
+    owner: Address;
+    
+    receive(msg: AdminAction) {
+        require(sender() == self.owner, "Not owner");
+        // ...
+    }
+    
+    // Using traits
+    receive(msg: Transfer) {
+        self.requireOwner();  // From Ownable trait
+        // ...
+    }
+}
+```
+
+### Op Code Dispatch Pattern (FunC)
+```func
+() recv_internal(...) impure {
+    int op = in_msg_body~load_uint(32);
+    
+    ;; Public operations
+    if (op == op::transfer) { return handle_transfer(); }
+    if (op == op::swap) { return handle_swap(); }
+    
+    ;; Admin operations
+    if (op == op::set_fee) {
+        check_owner();
+        return handle_set_fee();
+    }
+}
+```
+
+### Access Control Classification
+| Pattern | Classification |
+|---------|----------------|
+| `equal_slices(sender, owner)` | Owner |
+| `equal_slices(sender, admin)` | Admin |
+| `require(sender() == self.owner)` | Owner |
+| `self.requireOwner()` | Owner |
+| `throw_unless(X, equal_slices(...))` | Check error code context |
+| No sender check for op code | Public (Unrestricted) |
+
+## Contract-Only Detection
+
+### Callback Patterns
+```func
+;; Jetton transfer notification
+() on_jetton_transfer(...) impure {
+    ;; Should verify sender is jetton wallet
+}
+
+;; NFT callbacks
+() on_nft_transfer(...) impure {
+}
+```
+
+### Contract Verification
+```func
+;; Verify caller is expected contract
+() verify_caller(slice expected) impure inline {
+    throw_unless(402, equal_slices(sender_address, expected));
+}
+```
+
+## Extraction Strategy
+
+### FunC
+1. Parse `.fc` / `.func` files
+2. Find `recv_internal` and `recv_external` functions
+3. Extract op code dispatch table:
+   - Map op codes to handler functions
+   - Check each handler for owner/admin checks
+4. Classify:
+   - Op codes with no access check → Public
+   - Op codes with `check_owner`/similar → Role-based
+   - Callbacks → Contract-Only
+
+### Tact
+1. Parse `.tact` files
+2. Find `contract` declarations
+3. Extract all `receive`, `external`, `bounced` handlers
+   - **Skip** `get fun` declarations (read-only getters)
+4. Check handler body for:
+   - `require(sender() == self.X)` → Role-based
+   - `self.requireOwner()` → Owner
+   - No sender validation → Public (Unrestricted)
+
+## TON-Specific Considerations
+
+1. **Message-Based**: All interactions are via messages with op codes
+2. **Workchains**: Check if contract operates on specific workchain
+3. **Bounced Messages**: Handle bounced messages appropriately
+4. **Gas Management**: `accept_message()` in FunC accepts gas payment
+5. **State Init**: Initial deployment may set owner/admin
+
+## Common Gotchas
+
+1. **Op Code Collisions**: Different contracts may use same op codes
+2. **Proxy Patterns**: Some contracts forward messages
+3. **Wallet Contracts**: Special access control for wallet operations
+4. **Masterchain**: Some operations require masterchain deployment
+5. **Query ID**: Track request/response with query_id

package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md

@@ -0,0 +1,141 @@
+# Vyper Entry Point Detection
+
+## Entry Point Identification (State-Changing Only)
+
+### Include: State-Changing Functions
+```vyper
+@external                    # State-changing entry point
+def function_name():
+    pass
+
+@external
+@payable                     # State-changing, receives ETH
+def payable_function():
+    pass
+
+@external
+@nonreentrant("lock")        # State-changing with reentrancy protection
+def protected():
+    pass
+```
+
+### Exclude: Read-Only Functions
+```vyper
+@external
+@view                        # EXCLUDE - cannot modify state
+def read_only():
+    pass
+
+@external
+@pure                        # EXCLUDE - no state access
+def pure_function():
+    pass
+```
+
+### Decorator Matrix
+| Decorators | Include? | Notes |
+|------------|----------|-------|
+| `@external` | **Yes** | State-changing entry point |
+| `@external @payable` | **Yes** | State-changing, receives ETH |
+| `@external @nonreentrant` | **Yes** | State-changing with protection |
+| `@external @view` | No | Read-only, exclude |
+| `@external @pure` | No | No state access, exclude |
+| `@internal` | No | Not externally callable |
+| `@deploy` | No | Constructor (Vyper 0.4+) |
+
+### Special Entry Points
+```vyper
+@external
+@payable
+def __default__():           # Fallback function (receives ETH + unmatched calls)
+    pass
+```
+
+## Access Control Patterns
+
+### Owner Pattern
+```vyper
+owner: public(address)
+
+@external
+def restricted_function():
+    assert msg.sender == self.owner, "Not owner"
+    # ...
+```
+
+### Role-Based Patterns
+```vyper
+# Common patterns
+admin: public(address)
+governance: public(address)
+guardian: public(address)
+operator: public(address)
+
+# Mapping-based roles
+authorized: public(HashMap[address, bool])
+minters: public(HashMap[address, bool])
+
+@external
+def mint(to: address, amount: uint256):
+    assert self.minters[msg.sender], "Not minter"
+    # ...
+```
+
+### Access Control Classification
+| Pattern | Classification |
+|---------|----------------|
+| `assert msg.sender == self.owner` | Admin/Owner |
+| `assert msg.sender == self.admin` | Admin |
+| `assert msg.sender == self.governance` | Governance |
+| `assert msg.sender == self.guardian` | Guardian |
+| `assert self.authorized[msg.sender]` | Review Required |
+| `assert self.whitelist[msg.sender]` | Review Required |
+
+## Contract-Only Detection
+
+### Callback Functions
+```vyper
+@external
+def onERC721Received(...) -> bytes4:
+    return method_id("onERC721Received(address,address,uint256,bytes)")
+
+@external
+def uniswapV3SwapCallback(amount0: int256, amount1: int256, data: Bytes[...]):
+    # Must verify caller is the pool
+    pass
+```
+
+### Contract-Caller Checks
+```vyper
+assert msg.sender == self.pool, "Only pool"
+assert msg.sender != tx.origin, "No EOA"  # Vyper 0.3.7+
+```
+
+## Extraction Strategy
+
+1. Parse all `.vy` files
+2. For each function:
+   - Check for `@external` decorator
+   - **Skip** functions with `@view` or `@pure` decorators
+   - Record function name and parameters
+   - Record line number
+   - Check for access control assertions in function body
+3. Classify:
+   - No access assertions → Public (Unrestricted)
+   - `msg.sender == self.X` → Check what X is
+   - `self.mapping[msg.sender]` → Review Required
+   - Known callback name → Contract-Only
+
+## Vyper-Specific Considerations
+
+1. **No Modifiers**: Vyper doesn't have modifiers—access control is inline `assert` statements
+2. **No Inheritance**: Each contract is standalone (interfaces only)
+3. **Explicit is Better**: All visibility must be declared explicitly
+4. **Default Internal**: Functions without decorators are internal
+
+## Common Gotchas
+
+1. **Initializer Pattern**: Look for `initialized: bool` flag with one-time setup
+2. **Raw Calls**: `raw_call()` can delegate to other contracts
+3. **Create Functions**: `create_minimal_proxy_to()`, `create_copy_of()` are factory patterns
+4. **Reentrancy**: `@nonreentrant` protects against reentrancy but function is still entry point

package/skills/security-fix-review/.claude-plugin/plugin.json

@@ -0,0 +1,13 @@
+{
+  "name": "fix-review",
+  "version": "0.1.0",
+  "description": "Verifies that code changes address security audit findings without introducing bugs",
+  "author": {
+    "name": "Trail of Bits",
+    "email": "opensource@trailofbits.com",
+    "url": "https://www.trailofbits.com"
+  },
+  "repository": "https://github.com/trailofbits/skills",
+  "license": "CC-BY-SA-4.0",
+  "keywords": ["security", "audit", "remediation", "fix-review"]
+}