@elizaos/skills 2.0.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (371) hide show
  1. package/README.md +126 -0
  2. package/package.json +53 -0
  3. package/skills/1password/SKILL.md +70 -0
  4. package/skills/1password/references/cli-examples.md +29 -0
  5. package/skills/1password/references/get-started.md +17 -0
  6. package/skills/apple-notes/SKILL.md +77 -0
  7. package/skills/apple-reminders/SKILL.md +96 -0
  8. package/skills/bear-notes/SKILL.md +107 -0
  9. package/skills/bird/SKILL.md +224 -0
  10. package/skills/blogwatcher/SKILL.md +69 -0
  11. package/skills/blucli/SKILL.md +47 -0
  12. package/skills/bluebubbles/SKILL.md +131 -0
  13. package/skills/camsnap/SKILL.md +45 -0
  14. package/skills/canvas/SKILL.md +203 -0
  15. package/skills/clawhub/SKILL.md +77 -0
  16. package/skills/coding-agent/SKILL.md +284 -0
  17. package/skills/discord/SKILL.md +578 -0
  18. package/skills/eightctl/SKILL.md +50 -0
  19. package/skills/food-order/SKILL.md +48 -0
  20. package/skills/gemini/SKILL.md +43 -0
  21. package/skills/gifgrep/SKILL.md +79 -0
  22. package/skills/github/SKILL.md +77 -0
  23. package/skills/gog/SKILL.md +116 -0
  24. package/skills/goplaces/SKILL.md +52 -0
  25. package/skills/healthcheck/SKILL.md +245 -0
  26. package/skills/himalaya/SKILL.md +257 -0
  27. package/skills/himalaya/references/configuration.md +184 -0
  28. package/skills/himalaya/references/message-composition.md +199 -0
  29. package/skills/imsg/SKILL.md +74 -0
  30. package/skills/local-places/SERVER_README.md +101 -0
  31. package/skills/local-places/SKILL.md +102 -0
  32. package/skills/local-places/pyproject.toml +21 -0
  33. package/skills/local-places/src/local_places/__init__.py +2 -0
  34. package/skills/local-places/src/local_places/google_places.py +314 -0
  35. package/skills/local-places/src/local_places/main.py +65 -0
  36. package/skills/local-places/src/local_places/schemas.py +107 -0
  37. package/skills/mcporter/SKILL.md +61 -0
  38. package/skills/model-usage/SKILL.md +69 -0
  39. package/skills/model-usage/references/codexbar-cli.md +33 -0
  40. package/skills/model-usage/scripts/model_usage.py +310 -0
  41. package/skills/nano-banana-pro/SKILL.md +58 -0
  42. package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
  43. package/skills/nano-pdf/SKILL.md +38 -0
  44. package/skills/notion/SKILL.md +172 -0
  45. package/skills/obsidian/SKILL.md +81 -0
  46. package/skills/openai-image-gen/SKILL.md +89 -0
  47. package/skills/openai-image-gen/scripts/gen.py +240 -0
  48. package/skills/openai-whisper/SKILL.md +38 -0
  49. package/skills/openai-whisper-api/SKILL.md +52 -0
  50. package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
  51. package/skills/openhue/SKILL.md +51 -0
  52. package/skills/oracle/SKILL.md +125 -0
  53. package/skills/ordercli/SKILL.md +78 -0
  54. package/skills/peekaboo/SKILL.md +190 -0
  55. package/skills/sag/SKILL.md +87 -0
  56. package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
  57. package/skills/security-ask-questions-if-underspecified/README.md +24 -0
  58. package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
  59. package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
  60. package/skills/security-audit-context-building/README.md +58 -0
  61. package/skills/security-audit-context-building/commands/audit-context.md +21 -0
  62. package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
  63. package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
  64. package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
  65. package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
  66. package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
  67. package/skills/security-building-secure-contracts/README.md +241 -0
  68. package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
  69. package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
  70. package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
  71. package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
  72. package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
  73. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
  74. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
  75. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
  76. package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
  77. package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
  78. package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
  79. package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
  80. package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
  81. package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
  82. package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
  83. package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
  84. package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
  85. package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
  86. package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
  87. package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
  88. package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
  89. package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
  90. package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
  91. package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
  92. package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
  93. package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
  94. package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
  95. package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
  96. package/skills/security-burpsuite-project-parser/README.md +103 -0
  97. package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
  98. package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
  99. package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
  100. package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
  101. package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
  102. package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
  103. package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
  104. package/skills/security-constant-time-analysis/README.md +381 -0
  105. package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
  106. package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
  107. package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
  108. package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
  109. package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
  110. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
  111. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
  112. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
  113. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
  114. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
  115. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
  116. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
  117. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
  118. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
  119. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
  120. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
  121. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
  122. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
  123. package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
  124. package/skills/security-constant-time-analysis/pyproject.toml +52 -0
  125. package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
  126. package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
  127. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
  128. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
  129. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
  130. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
  131. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
  132. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
  133. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
  134. package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
  135. package/skills/security-constant-time-analysis/uv.lock +8 -0
  136. package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
  137. package/skills/security-culture-index/README.md +79 -0
  138. package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
  139. package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
  140. package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
  141. package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
  142. package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
  143. package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
  144. package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
  145. package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
  146. package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
  147. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
  148. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
  149. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
  150. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
  151. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
  152. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
  153. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
  154. package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
  155. package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
  156. package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
  157. package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
  158. package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
  159. package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
  160. package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
  161. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
  162. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
  163. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
  164. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
  165. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
  166. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
  167. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
  168. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
  169. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
  170. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
  171. package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
  172. package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
  173. package/skills/security-differential-review/README.md +109 -0
  174. package/skills/security-differential-review/commands/diff-review.md +21 -0
  175. package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
  176. package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
  177. package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
  178. package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
  179. package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
  180. package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
  181. package/skills/security-dwarf-expert/README.md +38 -0
  182. package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
  183. package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
  184. package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
  185. package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
  186. package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
  187. package/skills/security-entry-point-analyzer/README.md +74 -0
  188. package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
  189. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
  190. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
  191. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
  192. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
  193. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
  194. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
  195. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
  196. package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
  197. package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
  198. package/skills/security-firebase-apk-scanner/README.md +85 -0
  199. package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
  200. package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
  201. package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
  202. package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
  203. package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
  204. package/skills/security-fix-review/README.md +118 -0
  205. package/skills/security-fix-review/commands/fix-review.md +24 -0
  206. package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
  207. package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
  208. package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
  209. package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
  210. package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
  211. package/skills/security-insecure-defaults/README.md +45 -0
  212. package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
  213. package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
  214. package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
  215. package/skills/security-modern-python/README.md +58 -0
  216. package/skills/security-modern-python/hooks/hooks.json +16 -0
  217. package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
  218. package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
  219. package/skills/security-modern-python/hooks/test_helper.bash +75 -0
  220. package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
  221. package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
  222. package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
  223. package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
  224. package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
  225. package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
  226. package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
  227. package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
  228. package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
  229. package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
  230. package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
  231. package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
  232. package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
  233. package/skills/security-property-based-testing/README.md +47 -0
  234. package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
  235. package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
  236. package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
  237. package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
  238. package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
  239. package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
  240. package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
  241. package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
  242. package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
  243. package/skills/semgrep-rule-creator/README.md +43 -0
  244. package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
  245. package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
  246. package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
  247. package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
  248. package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
  249. package/skills/semgrep-rule-variant-creator/README.md +86 -0
  250. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
  251. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
  252. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
  253. package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
  254. package/skills/session-logs/SKILL.md +115 -0
  255. package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
  256. package/skills/sharp-edges/README.md +48 -0
  257. package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
  258. package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
  259. package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
  260. package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
  261. package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
  262. package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
  263. package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
  264. package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
  265. package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
  266. package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
  267. package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
  268. package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
  269. package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
  270. package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
  271. package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
  272. package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
  273. package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
  274. package/skills/sherpa-onnx-tts/SKILL.md +103 -0
  275. package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
  276. package/skills/skill-creator/SKILL.md +370 -0
  277. package/skills/skill-creator/license.txt +202 -0
  278. package/skills/skill-creator/scripts/init_skill.py +378 -0
  279. package/skills/skill-creator/scripts/package_skill.py +111 -0
  280. package/skills/skill-creator/scripts/quick_validate.py +101 -0
  281. package/skills/slack/SKILL.md +144 -0
  282. package/skills/songsee/SKILL.md +49 -0
  283. package/skills/sonoscli/SKILL.md +46 -0
  284. package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
  285. package/skills/spec-to-code-compliance/README.md +67 -0
  286. package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
  287. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
  288. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
  289. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
  290. package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
  291. package/skills/spotify-player/SKILL.md +64 -0
  292. package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
  293. package/skills/static-analysis/README.md +59 -0
  294. package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
  295. package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
  296. package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
  297. package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
  298. package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
  299. package/skills/summarize/SKILL.md +87 -0
  300. package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
  301. package/skills/testing-handbook-skills/README.md +241 -0
  302. package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
  303. package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
  304. package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
  305. package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
  306. package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
  307. package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
  308. package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
  309. package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
  310. package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
  311. package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
  312. package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
  313. package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
  314. package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
  315. package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
  316. package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
  317. package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
  318. package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
  319. package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
  320. package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
  321. package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
  322. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
  323. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
  324. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
  325. package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
  326. package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
  327. package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
  328. package/skills/things-mac/SKILL.md +86 -0
  329. package/skills/tmux/SKILL.md +135 -0
  330. package/skills/tmux/scripts/find-sessions.sh +112 -0
  331. package/skills/tmux/scripts/wait-for-text.sh +83 -0
  332. package/skills/trello/SKILL.md +95 -0
  333. package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
  334. package/skills/variant-analysis/README.md +41 -0
  335. package/skills/variant-analysis/commands/variants.md +23 -0
  336. package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
  337. package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
  338. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
  339. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
  340. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
  341. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
  342. package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
  343. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
  344. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
  345. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
  346. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
  347. package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
  348. package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
  349. package/skills/video-frames/SKILL.md +46 -0
  350. package/skills/video-frames/scripts/frame.sh +81 -0
  351. package/skills/voice-call/SKILL.md +45 -0
  352. package/skills/wacli/SKILL.md +72 -0
  353. package/skills/weather/SKILL.md +54 -0
  354. package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
  355. package/skills/yara-authoring/README.md +131 -0
  356. package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
  357. package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
  358. package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
  359. package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
  360. package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
  361. package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
  362. package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
  363. package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
  364. package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
  365. package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
  366. package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
  367. package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
  368. package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
  369. package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
  370. package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
  371. package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md ADDED
@@ -0,0 +1,218 @@
1
+ ---
2
+ name: code-maturity-assessor
3
+ description: Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.
4
+ ---
5
+
6
+ # Code Maturity Assessor
7
+
8
+ ## Purpose
9
+
10
+ Systematically assesses codebase maturity using Trail of Bits' 9-category framework. Provides evidence-based ratings and actionable recommendations.
11
+
12
+ **Framework**: Building Secure Contracts - Code Maturity Evaluation v0.1.0
13
+
14
+ ---
15
+
16
+ ## How This Works
17
+
18
+ ### Phase 1: Discovery
19
+ Explores the codebase to understand:
20
+ - Project structure and platform
21
+ - Contract/module files
22
+ - Test coverage
23
+ - Documentation availability
24
+
25
+ ### Phase 2: Analysis
26
+ For each of 9 categories, I'll:
27
+ - **Search the code** for relevant patterns
28
+ - **Read key files** to assess implementation
29
+ - **Present findings** with file references
30
+ - **Ask clarifying questions** about processes I can't see in code
31
+ - **Determine rating** based on criteria
32
+
33
+ ### Phase 3: Report
34
+ Generates:
35
+ - Executive summary
36
+ - Maturity scorecard (ratings for all 9 categories)
37
+ - Detailed analysis with evidence
38
+ - Priority-ordered improvement roadmap
39
+
40
+ ---
41
+
42
+ ## Rating System
43
+
44
+ - **Missing (0)**: Not present/not implemented
45
+ - **Weak (1)**: Several significant improvements needed
46
+ - **Moderate (2)**: Adequate, can be improved
47
+ - **Satisfactory (3)**: Above average, minor improvements
48
+ - **Strong (4)**: Exceptional, only small improvements possible
49
+
50
+ **Rating Logic**:
51
+ - ANY "Weak" criteria → **Weak**
52
+ - NO "Weak" + SOME "Moderate" unmet → **Moderate**
53
+ - ALL "Moderate" + SOME "Satisfactory" met → **Satisfactory**
54
+ - ALL "Satisfactory" + exceptional practices → **Strong**
55
+
56
+ ---
57
+
58
+ ## The 9 Categories
59
+
60
+ I assess 9 comprehensive categories covering all aspects of code maturity. For detailed criteria, analysis approaches, and rating thresholds, see [ASSESSMENT_CRITERIA.md](resources/ASSESSMENT_CRITERIA.md).
61
+
62
+ ### Quick Reference:
63
+
64
+ **1. ARITHMETIC**
65
+ - Overflow protection mechanisms
66
+ - Precision handling and rounding
67
+ - Formula specifications
68
+ - Edge case testing
69
+
70
+ **2. AUDITING**
71
+ - Event definitions and coverage
72
+ - Monitoring infrastructure
73
+ - Incident response planning
74
+
75
+ **3. AUTHENTICATION / ACCESS CONTROLS**
76
+ - Privilege management
77
+ - Role separation
78
+ - Access control testing
79
+ - Key compromise scenarios
80
+
81
+ **4. COMPLEXITY MANAGEMENT**
82
+ - Function scope and clarity
83
+ - Cyclomatic complexity
84
+ - Inheritance hierarchies
85
+ - Code duplication
86
+
87
+ **5. DECENTRALIZATION**
88
+ - Centralization risks
89
+ - Upgrade control mechanisms
90
+ - User opt-out paths
91
+ - Timelock/multisig patterns
92
+
93
+ **6. DOCUMENTATION**
94
+ - Specifications and architecture
95
+ - Inline code documentation
96
+ - User stories
97
+ - Domain glossaries
98
+
99
+ **7. TRANSACTION ORDERING RISKS**
100
+ - MEV vulnerabilities
101
+ - Front-running protections
102
+ - Slippage controls
103
+ - Oracle security
104
+
105
+ **8. LOW-LEVEL MANIPULATION**
106
+ - Assembly usage
107
+ - Unsafe code sections
108
+ - Low-level calls
109
+ - Justification and testing
110
+
111
+ **9. TESTING & VERIFICATION**
112
+ - Test coverage
113
+ - Fuzzing and formal verification
114
+ - CI/CD integration
115
+ - Test quality
116
+
117
+ For complete assessment criteria including what I'll analyze, what I'll ask you, and detailed rating thresholds (WEAK/MODERATE/SATISFACTORY/STRONG), see [ASSESSMENT_CRITERIA.md](resources/ASSESSMENT_CRITERIA.md).
118
+
119
+ ---
120
+
121
+ ## Example Output
122
+
123
+ When the assessment is complete, you'll receive a comprehensive maturity report including:
124
+
125
+ - **Executive Summary**: Overall score, top 3 strengths, top 3 gaps, priority recommendations
126
+ - **Maturity Scorecard**: Table with all 9 categories rated with scores and notes
127
+ - **Detailed Analysis**: Category-by-category breakdown with evidence (file:line references)
128
+ - **Improvement Roadmap**: Priority-ordered recommendations (CRITICAL/HIGH/MEDIUM) with effort estimates
129
+
130
+ For a complete example assessment report, see [EXAMPLE_REPORT.md](resources/EXAMPLE_REPORT.md).
131
+
132
+ ---
133
+
134
+ ## Assessment Process
135
+
136
+ When invoked, I will:
137
+
138
+ 1. **Explore codebase**
139
+ - Find contract/module files
140
+ - Identify test files
141
+ - Locate documentation
142
+
143
+ 2. **Analyze each category**
144
+ - Search for relevant code patterns
145
+ - Read key implementations
146
+ - Assess against criteria
147
+ - Collect evidence
148
+
149
+ 3. **Interactive assessment**
150
+ - Present my findings with file references
151
+ - Ask about processes I can't see in code
152
+ - Discuss borderline cases
153
+ - Determine ratings together
154
+
155
+ 4. **Generate report**
156
+ - Executive summary
157
+ - Maturity scorecard table
158
+ - Detailed category analysis with evidence
159
+ - Priority-ordered improvement roadmap
160
+
161
+ ---
162
+
163
+ ## Rationalizations (Do Not Skip)
164
+
165
+ | Rationalization | Why It's Wrong | Required Action |
166
+ |-----------------|----------------|-----------------|
167
+ | "Found some findings, assessment complete" | Assessment requires evaluating ALL 9 categories | Complete assessment of all 9 categories with evidence for each |
168
+ | "I see events, auditing category looks good" | Events alone don't equal auditing maturity | Check logging comprehensiveness, testing, incident response processes |
169
+ | "Code looks simple, complexity is low" | Visual simplicity masks composition complexity | Analyze cyclomatic complexity, dependency depth, state machine transitions |
170
+ | "Not a DeFi protocol, MEV category doesn't apply" | MEV extends beyond DeFi (governance, NFTs, games) | Verify with transaction ordering analysis before declaring N/A |
171
+ | "No assembly found, low-level category is N/A" | Low-level risks include external calls, delegatecall, inline assembly | Search for all low-level patterns before skipping category |
172
+ | "This is taking too long" | Thorough assessment requires time per category | Complete all 9 categories, ask clarifying questions about off-chain processes |
173
+ | "I can rate this without evidence" | Ratings without file:line references = unsubstantiated claims | Collect concrete code evidence for every category assessment |
174
+ | "User will know what to improve" | Vague guidance = no action | Provide priority-ordered roadmap with specific improvements and effort estimates |
175
+
176
+ ---
177
+
178
+ ## Report Format
179
+
180
+ For detailed report structure and templates, see [REPORT_FORMAT.md](resources/REPORT_FORMAT.md).
181
+
182
+ ### Structure:
183
+
184
+ 1. **Executive Summary**
185
+ - Project name and platform
186
+ - Overall maturity (average rating)
187
+ - Top 3 strengths
188
+ - Top 3 critical gaps
189
+ - Priority recommendations
190
+
191
+ 2. **Maturity Scorecard**
192
+ - Table with all 9 categories
193
+ - Ratings and scores
194
+ - Key findings notes
195
+
196
+ 3. **Detailed Analysis**
197
+ - Per-category breakdown
198
+ - Evidence with file:line references
199
+ - Gaps and improvement actions
200
+
201
+ 4. **Improvement Roadmap**
202
+ - CRITICAL (immediate)
203
+ - HIGH (1-2 months)
204
+ - MEDIUM (2-4 months)
205
+ - Effort estimates and impact
206
+
207
+ ---
208
+
209
+ ## Ready to Begin
210
+
211
+ **Estimated Time**: 30-40 minutes
212
+
213
+ **I'll need**:
214
+ - Access to full codebase
215
+ - Your knowledge of processes (monitoring, incident response, team practices)
216
+ - Context about the project (DeFi, NFT, infrastructure, etc.)
217
+
218
+ Let's assess this codebase!
package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md ADDED
@@ -0,0 +1,355 @@
1
+ ## The 9 Categories
2
+
3
+ ### 1. ARITHMETIC
4
+ **Focus**: Overflow protection, precision handling, formula specification, edge case testing
5
+
6
+ **I'll analyze**:
7
+ - Overflow protection mechanisms (Solidity 0.8, SafeMath, checked_*, saturating_*)
8
+ - Unchecked arithmetic blocks and documentation
9
+ - Division/rounding operations
10
+ - Arithmetic in critical functions (balances, rewards, fees)
11
+ - Test coverage for arithmetic edge cases
12
+ - Arithmetic specification documents
13
+
14
+ **WEAK if**:
15
+ - No overflow protection without justification
16
+ - Unchecked arithmetic not documented
17
+ - No arithmetic specification OR spec doesn't match code
18
+ - No testing strategy for arithmetic
19
+ - Critical edge cases not tested
20
+
21
+ **MODERATE requires**:
22
+ - All weak criteria resolved
23
+ - Unchecked arithmetic minimal, justified, documented
24
+ - Overflow/underflow risks documented and tested
25
+ - Explicit rounding for precision loss
26
+ - Automated testing (fuzzing/formal methods)
27
+ - Stateless arithmetic functions
28
+ - Bounded parameters with explained ranges
29
+
30
+ **SATISFACTORY requires**:
31
+ - All moderate criteria met
32
+ - Precision loss analyzed vs ground-truth
33
+ - All trapping operations identified
34
+ - Arithmetic spec matches code one-to-one
35
+ - Automated testing covers all operations in CI
36
+
37
+ ---
38
+
39
+ ### 2. AUDITING
40
+ **Focus**: Events, monitoring systems, incident response
41
+
42
+ **I'll analyze**:
43
+ - Event definitions and emission patterns
44
+ - Events for critical operations (transfers, access changes, parameter updates)
45
+ - Event naming consistency
46
+ - Critical functions without events
47
+
48
+ **I'll ask you**:
49
+ - Off-chain monitoring infrastructure?
50
+ - Monitoring plan documented?
51
+ - Incident response plan exists and tested?
52
+
53
+ **WEAK if**:
54
+ - No event strategy
55
+ - Events missing for critical updates
56
+ - No consistent event guidelines
57
+ - Same events reused for different purposes
58
+
59
+ **MODERATE requires**:
60
+ - All weak criteria resolved
61
+ - Events for all critical functions
62
+ - Off-chain monitoring logs events
63
+ - Monitoring plan documented
64
+ - Event documentation (purpose, usage, assumptions)
65
+ - Log review process documented
66
+ - Incident response plan exists
67
+
68
+ **SATISFACTORY requires**:
69
+ - All moderate criteria met
70
+ - Monitoring triggers alerts on unexpected behavior
71
+ - Defined roles for incident detection
72
+ - Incident response plan regularly tested
73
+
74
+ ---
75
+
76
+ ### 3. AUTHENTICATION / ACCESS CONTROLS
77
+ **Focus**: Privilege management, role separation, access patterns
78
+
79
+ **I'll analyze**:
80
+ - Access control modifiers/functions
81
+ - Role definitions and separation
82
+ - Admin/owner patterns
83
+ - Privileged function implementations
84
+ - Test coverage for access controls
85
+
86
+ **I'll ask you**:
87
+ - Who are privileged actors? (EOA, multisig, DAO?)
88
+ - Documentation of roles and privileges?
89
+ - Key compromise scenarios?
90
+
91
+ **WEAK if**:
92
+ - Access controls unclear or inconsistent
93
+ - Single address controls system without safeguards
94
+ - Missing access controls on privileged functions
95
+ - No role differentiation
96
+ - All privileges on one address
97
+
98
+ **MODERATE requires**:
99
+ - All weak criteria resolved
100
+ - All privileged functions have access control
101
+ - Least privilege principle followed
102
+ - Non-overlapping role privileges
103
+ - Clear actor/privilege documentation
104
+ - Tests cover all privileges
105
+ - Roles can be revoked
106
+ - Two-step processes for EOA operations
107
+
108
+ **SATISFACTORY requires**:
109
+ - All moderate criteria met
110
+ - All actors well documented
111
+ - Implementation matches specification
112
+ - Privileged actors not EOAs
113
+ - Key leakage doesn't compromise system
114
+ - Tested against known attack vectors
115
+
116
+ ---
117
+
118
+ ### 4. COMPLEXITY MANAGEMENT
119
+ **Focus**: Code clarity, function scope, avoiding unnecessary complexity
120
+
121
+ **I'll analyze**:
122
+ - Function length and nesting depth
123
+ - Cyclomatic complexity
124
+ - Code duplication
125
+ - Inheritance hierarchies
126
+ - Naming conventions
127
+ - Function clarity
128
+
129
+ **I'll ask you**:
130
+ - Complex parts documented?
131
+ - Naming convention documented?
132
+ - Complexity measurements?
133
+
134
+ **WEAK if**:
135
+ - Unnecessary complexity hinders review
136
+ - Functions overuse nested operations
137
+ - Functions have unclear scope
138
+ - Unnecessary code duplication
139
+ - Complex inheritance tree
140
+
141
+ **MODERATE requires**:
142
+ - All weak criteria resolved
143
+ - Complex parts identified, minimized
144
+ - High complexity (≥11) justified
145
+ - Critical functions well-scoped
146
+ - Minimal, justified redundancy
147
+ - Clear inputs with validation
148
+ - Documented naming convention
149
+ - Types not misused
150
+
151
+ **SATISFACTORY requires**:
152
+ - All moderate criteria met
153
+ - Minimal unnecessary complexity
154
+ - Necessary complexity documented
155
+ - Clear function purposes
156
+ - Straightforward to test
157
+ - No redundant behavior
158
+
159
+ ---
160
+
161
+ ### 5. DECENTRALIZATION
162
+ **Focus**: Centralization risks, upgrade control, user opt-out
163
+
164
+ **I'll analyze**:
165
+ - Upgrade mechanisms (proxies, governance)
166
+ - Owner/admin control scope
167
+ - Timelock/multisig patterns
168
+ - User opt-out mechanisms
169
+
170
+ **I'll ask you**:
171
+ - Upgrade mechanism and control?
172
+ - User opt-out/exit paths?
173
+ - Centralization risk documentation?
174
+
175
+ **WEAK if**:
176
+ - Centralization points not visible to users
177
+ - Critical functions upgradable by single entity without opt-out
178
+ - Single entity controls user funds
179
+ - All decisions by single entity
180
+ - Parameters changeable anytime by single entity
181
+ - Centralized permission required
182
+
183
+ **MODERATE requires**:
184
+ - All weak criteria resolved
185
+ - Centralization risks identified, justified, documented
186
+ - User opt-out/exit path documented
187
+ - Upgradeability only for non-critical features
188
+ - Privileged actors can't unilaterally move/trap funds
189
+ - All privileges documented
190
+
191
+ **SATISFACTORY requires**:
192
+ - All moderate criteria met
193
+ - Clear decentralization path justified
194
+ - On-chain voting risks addressed OR no centralization
195
+ - Deployment risks documented
196
+ - External interaction risks documented
197
+ - Critical parameters immutable OR users can exit
198
+
199
+ ---
200
+
201
+ ### 6. DOCUMENTATION
202
+ **Focus**: Specifications, architecture, user stories, inline comments
203
+
204
+ **I'll analyze**:
205
+ - README, specification, architecture docs
206
+ - Inline code comments (NatSpec, rustdoc, etc.)
207
+ - User stories
208
+ - Glossaries
209
+ - Documentation completeness and accuracy
210
+
211
+ **I'll ask you**:
212
+ - User stories documented?
213
+ - Architecture diagrams exist?
214
+ - Glossary for domain terms?
215
+
216
+ **WEAK if**:
217
+ - Minimal or incomplete/outdated documentation
218
+ - Only high-level description
219
+ - Code comments don't match docs
220
+ - Not publicly available (for public codebases)
221
+ - Unexplained artificial terms
222
+
223
+ **MODERATE requires**:
224
+ - All weak criteria resolved
225
+ - Clear, unambiguous writing
226
+ - Glossary for business terms
227
+ - Architecture diagrams
228
+ - User stories included
229
+ - Core/critical components identified
230
+ - Docs sufficient to understand behavior
231
+ - All critical functions/blocks documented
232
+ - Known risks/limitations documented
233
+
234
+ **SATISFACTORY requires**:
235
+ - All moderate criteria met
236
+ - User stories cover all operations
237
+ - Detailed behavior descriptions
238
+ - Implementation matches spec (deviations justified)
239
+ - Invariants clearly defined
240
+ - Consistent naming conventions
241
+ - Documentation for end-users AND developers
242
+
243
+ ---
244
+
245
+ ### 7. TRANSACTION ORDERING RISKS
246
+ **Focus**: MEV, front-running, sandwich attacks
247
+
248
+ **I'll analyze**:
249
+ - MEV-vulnerable patterns (AMM swaps, arbitrage, large trades)
250
+ - Front-running protections
251
+ - Slippage/deadline checks
252
+ - Oracle implementations
253
+
254
+ **I'll ask you**:
255
+ - Transaction ordering risks identified/documented?
256
+ - Known MEV opportunities?
257
+ - Mitigation strategies?
258
+ - Testing for ordering attacks?
259
+
260
+ **WEAK if**:
261
+ - Ordering risks not identified/documented
262
+ - Protocols/assets at risk from unexpected ordering
263
+ - Relies on unjustified MEV prevention constraints
264
+ - Unproven assumptions about MEV extractors
265
+
266
+ **MODERATE requires**:
267
+ - All weak criteria resolved
268
+ - User operation ordering risks limited, justified, documented
269
+ - MEV mitigations in place (delays, slippage checks)
270
+ - Testing emphasizes ordering risks
271
+ - Tamper-resistant oracles used
272
+
273
+ **SATISFACTORY requires**:
274
+ - All moderate criteria met
275
+ - All ordering risks documented and justified
276
+ - Known risks highlighted in docs/tests, visible to users
277
+ - Documentation centralizes MEV opportunities
278
+ - Privileged operation ordering risks limited, justified
279
+ - Tests highlight ordering risks
280
+
281
+ ---
282
+
283
+ ### 8. LOW-LEVEL MANIPULATION
284
+ **Focus**: Assembly, unsafe code, low-level operations
285
+
286
+ **I'll analyze**:
287
+ - Assembly blocks
288
+ - Unsafe code sections
289
+ - Low-level calls
290
+ - Bitwise operations
291
+ - Justification and documentation
292
+
293
+ **I'll ask you**:
294
+ - Why use assembly/unsafe here?
295
+ - High-level reference implementation?
296
+ - How is this tested?
297
+
298
+ **WEAK if**:
299
+ - Unjustified low-level manipulations
300
+ - Assembly/low-level not justified, could be high-level
301
+
302
+ **MODERATE requires**:
303
+ - All weak criteria resolved
304
+ - Assembly use limited and justified
305
+ - Inline comments for each operation
306
+ - No re-implementation of established libraries without justification
307
+ - High-level reference for complex assembly
308
+
309
+ **SATISFACTORY requires**:
310
+ - All moderate criteria met
311
+ - Thorough documentation/justification/testing
312
+ - Validated with automated testing vs reference
313
+ - Differential fuzzing compares implementations
314
+ - Compiler optimization risks identified
315
+
316
+ ---
317
+
318
+ ### 9. TESTING AND VERIFICATION
319
+ **Focus**: Coverage, testing techniques, CI/CD
320
+
321
+ **I'll analyze**:
322
+ - Test file count and organization
323
+ - Test coverage reports
324
+ - CI/CD configuration
325
+ - Advanced testing (fuzzing, formal verification)
326
+ - Test quality and isolation
327
+
328
+ **I'll ask you**:
329
+ - Test coverage percentage?
330
+ - Do all tests pass?
331
+ - Testing techniques used?
332
+ - Easy to run tests?
333
+
334
+ **WEAK if**:
335
+ - Limited testing, only happy paths
336
+ - Common use cases not tested
337
+ - Tests fail
338
+ - Can't run tests "out of the box"
339
+
340
+ **MODERATE requires**:
341
+ - All weak criteria resolved
342
+ - Most functions/use cases tested
343
+ - All tests pass
344
+ - Coverage reports available
345
+ - Automated testing for critical components
346
+ - Tests in CI/CD
347
+ - Integration tests (if applicable)
348
+ - Test code follows best practices
349
+
350
+ **SATISFACTORY requires**:
351
+ - All moderate criteria met
352
+ - 100% reachable branch/statement coverage
353
+ - End-to-end testing covers all entry points
354
+ - Isolated test cases (no dependencies)
355
+ - Mutation testing used