@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,279 @@
|
|
|
1
|
+
## Example Output
|
|
2
|
+
|
|
3
|
+
When I complete the workflow, you'll get a comprehensive security report:
|
|
4
|
+
|
|
5
|
+
```
|
|
6
|
+
=== SECURE DEVELOPMENT WORKFLOW REPORT ===
|
|
7
|
+
|
|
8
|
+
Project: DeFi Staking Contract
|
|
9
|
+
Platform: Solidity 0.8.19
|
|
10
|
+
Workflow Date: March 15, 2024
|
|
11
|
+
|
|
12
|
+
---
|
|
13
|
+
|
|
14
|
+
## STEP 1: KNOWN SECURITY ISSUES
|
|
15
|
+
|
|
16
|
+
### Slither Security Scan
|
|
17
|
+
|
|
18
|
+
Command: slither . --exclude-dependencies
|
|
19
|
+
Status: ✓ CLEAN (after fixes)
|
|
20
|
+
|
|
21
|
+
**Issues Found & Resolved:**
|
|
22
|
+
✓ HIGH: Reentrancy in withdraw() - FIXED (added ReentrancyGuard)
|
|
23
|
+
✓ MEDIUM: Unprotected selfdestruct - FIXED (removed function)
|
|
24
|
+
✓ LOW: Missing zero-address checks - FIXED (added require statements)
|
|
25
|
+
✓ INFO: 5 optimization suggestions - DOCUMENTED
|
|
26
|
+
|
|
27
|
+
**Current Status:** All high/medium issues resolved. Ready for next steps.
|
|
28
|
+
|
|
29
|
+
---
|
|
30
|
+
|
|
31
|
+
## STEP 2: SPECIAL FEATURES
|
|
32
|
+
|
|
33
|
+
### Upgradeability Check
|
|
34
|
+
|
|
35
|
+
Pattern Detected: UUPS Proxy (ERC1967)
|
|
36
|
+
|
|
37
|
+
**slither-check-upgradeability Results:**
|
|
38
|
+
✓ Storage layout compatible
|
|
39
|
+
✓ No function collisions
|
|
40
|
+
✓ Initialize function protected
|
|
41
|
+
✓ _authorizeUpgrade restricted to owner
|
|
42
|
+
⚠ No timelock on upgrades
|
|
43
|
+
|
|
44
|
+
**Recommendation:** Add 48-hour timelock before Step 3 (Critical)
|
|
45
|
+
|
|
46
|
+
### ERC20 Conformance
|
|
47
|
+
|
|
48
|
+
**slither-check-erc Results:**
|
|
49
|
+
✓ All required functions present
|
|
50
|
+
✓ transfer/transferFrom return bool
|
|
51
|
+
✓ decimals returns uint8
|
|
52
|
+
✓ approve race condition mitigated (increaseAllowance/decreaseAllowance)
|
|
53
|
+
✓ No external calls in transfer functions
|
|
54
|
+
|
|
55
|
+
**Status:** FULLY COMPLIANT with ERC20 standard
|
|
56
|
+
|
|
57
|
+
---
|
|
58
|
+
|
|
59
|
+
## STEP 3: VISUAL SECURITY INSPECTION
|
|
60
|
+
|
|
61
|
+
### Inheritance Graph
|
|
62
|
+
|
|
63
|
+
File: inheritance-graph.png
|
|
64
|
+
|
|
65
|
+
**Analysis:**
|
|
66
|
+
```
|
|
67
|
+
StakingToken
|
|
68
|
+
├─ ERC20Upgradeable
|
|
69
|
+
│ ├─ IERC20
|
|
70
|
+
│ └─ Context
|
|
71
|
+
├─ OwnableUpgradeable
|
|
72
|
+
└─ UUPSUpgradeable
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
✓ Shallow hierarchy (depth: 3)
|
|
76
|
+
✓ No shadowing detected
|
|
77
|
+
✓ C3 linearization correct
|
|
78
|
+
✓ No diamond inheritance issues
|
|
79
|
+
|
|
80
|
+
### Function Summary
|
|
81
|
+
|
|
82
|
+
| Function | Visibility | Modifiers | Mutability | Risk |
|
|
83
|
+
|--------------------|------------|--------------------|-------------|-------|
|
|
84
|
+
| stake() | external | nonReentrant | non-payable | Low |
|
|
85
|
+
| withdraw() | external | nonReentrant | non-payable | Low |
|
|
86
|
+
| claimRewards() | external | nonReentrant | non-payable | Low |
|
|
87
|
+
| setRewardRate() | external | onlyOwner | non-payable | Med |
|
|
88
|
+
| pause() | external | onlyOwner | non-payable | Med |
|
|
89
|
+
| _authorizeUpgrade()| internal | onlyOwner | view | High |
|
|
90
|
+
|
|
91
|
+
✓ All privileged functions have access controls
|
|
92
|
+
✓ External functions have reentrancy protection
|
|
93
|
+
⚠ setRewardRate() allows owner to set arbitrary rate (no bounds)
|
|
94
|
+
|
|
95
|
+
**Recommendation:** Add min/max bounds to setRewardRate()
|
|
96
|
+
|
|
97
|
+
### Variables and Authorization
|
|
98
|
+
|
|
99
|
+
**State Variable Access:**
|
|
100
|
+
|
|
101
|
+
totalStaked (uint256)
|
|
102
|
+
├─ Written by: stake() [external, nonReentrant]
|
|
103
|
+
├─ Written by: withdraw() [external, nonReentrant]
|
|
104
|
+
└─ Read by: calculateRewards() [internal]
|
|
105
|
+
|
|
106
|
+
rewardRate (uint256)
|
|
107
|
+
├─ Written by: setRewardRate() [external, onlyOwner]
|
|
108
|
+
└─ Read by: calculateRewards() [internal]
|
|
109
|
+
⚠ No bounds checking - can be set to extreme values
|
|
110
|
+
|
|
111
|
+
userStakes (mapping)
|
|
112
|
+
├─ Written by: stake() [external, nonReentrant]
|
|
113
|
+
├─ Written by: withdraw() [external, nonReentrant]
|
|
114
|
+
└─ Protected by access controls ✓
|
|
115
|
+
|
|
116
|
+
**Critical Finding:** rewardRate modification needs validation
|
|
117
|
+
|
|
118
|
+
---
|
|
119
|
+
|
|
120
|
+
## STEP 4: SECURITY PROPERTIES DOCUMENTED
|
|
121
|
+
|
|
122
|
+
### Properties Defined
|
|
123
|
+
|
|
124
|
+
**State Machine Invariants:**
|
|
125
|
+
1. totalStaked == sum of all userStakes[user]
|
|
126
|
+
2. contract balance >= totalStaked + totalRewards
|
|
127
|
+
3. User cannot withdraw more than staked
|
|
128
|
+
|
|
129
|
+
**Access Control Properties:**
|
|
130
|
+
4. Only owner can modify rewardRate
|
|
131
|
+
5. Only owner can pause/unpause
|
|
132
|
+
6. Only owner can authorize upgrades
|
|
133
|
+
|
|
134
|
+
**Arithmetic Properties:**
|
|
135
|
+
7. calculateRewards() cannot overflow
|
|
136
|
+
8. Staking amount must be > 0
|
|
137
|
+
9. Reward calculation precision loss < 0.01%
|
|
138
|
+
|
|
139
|
+
### Testing Setup
|
|
140
|
+
|
|
141
|
+
**Echidna Configuration Created:**
|
|
142
|
+
File: echidna.yaml
|
|
143
|
+
```yaml
|
|
144
|
+
testMode: assertion
|
|
145
|
+
testLimit: 50000
|
|
146
|
+
deployer: "0x10000"
|
|
147
|
+
sender: ["0x10000", "0x20000", "0x30000"]
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
**Invariants Implemented:**
|
|
151
|
+
File: test/echidna/StakingInvariants.sol
|
|
152
|
+
```solidity
|
|
153
|
+
contract StakingInvariants {
|
|
154
|
+
function echidna_total_staked_matches_sum() public returns (bool) {
|
|
155
|
+
return staking.totalStaked() == calculateExpectedTotal();
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
function echidna_balance_sufficient() public returns (bool) {
|
|
159
|
+
return address(staking).balance >= staking.totalStaked();
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
**Fuzzing Results:**
|
|
165
|
+
✓ All 3 invariants hold after 50,000 runs
|
|
166
|
+
✓ No violations found
|
|
167
|
+
✓ Coverage: 94% of contract code
|
|
168
|
+
|
|
169
|
+
**Next Step:** Run Manticore for formal verification (optional, 2-3 days)
|
|
170
|
+
|
|
171
|
+
---
|
|
172
|
+
|
|
173
|
+
## STEP 5: MANUAL REVIEW AREAS
|
|
174
|
+
|
|
175
|
+
### Privacy Analysis
|
|
176
|
+
|
|
177
|
+
✓ No secrets stored on-chain
|
|
178
|
+
✓ All state variables appropriately public/internal
|
|
179
|
+
✓ No commit-reveal needed for current design
|
|
180
|
+
⚠ User staking amounts are publicly visible
|
|
181
|
+
|
|
182
|
+
**Note:** Public visibility of stakes is acceptable for this use case.
|
|
183
|
+
|
|
184
|
+
### Front-Running Risks
|
|
185
|
+
|
|
186
|
+
**Identified Risks:**
|
|
187
|
+
⚠ setRewardRate() can be front-run by users to claim before rate decrease
|
|
188
|
+
|
|
189
|
+
**Scenario:**
|
|
190
|
+
1. Owner submits tx to decrease rewardRate from 10% to 5%
|
|
191
|
+
2. Users see pending tx in mempool
|
|
192
|
+
3. Users front-run with claimRewards() at old 10% rate
|
|
193
|
+
|
|
194
|
+
**Mitigation:**
|
|
195
|
+
- Add timelock to rewardRate changes (48-hour delay)
|
|
196
|
+
- Implement gradual rate transitions
|
|
197
|
+
|
|
198
|
+
### Cryptography Review
|
|
199
|
+
|
|
200
|
+
✓ No custom cryptography used
|
|
201
|
+
✓ No randomness requirements
|
|
202
|
+
✓ No signature verification
|
|
203
|
+
N/A - Contract doesn't use cryptographic operations
|
|
204
|
+
|
|
205
|
+
### DeFi Interaction Risks
|
|
206
|
+
|
|
207
|
+
**External Dependencies:**
|
|
208
|
+
- None (self-contained staking contract)
|
|
209
|
+
|
|
210
|
+
✓ No oracle dependencies
|
|
211
|
+
✓ No flash loan risks (uses snapshots)
|
|
212
|
+
✓ No external protocol calls
|
|
213
|
+
|
|
214
|
+
**Assessment:** Low DeFi interaction risk
|
|
215
|
+
|
|
216
|
+
---
|
|
217
|
+
|
|
218
|
+
## ACTION PLAN
|
|
219
|
+
|
|
220
|
+
### Critical (Fix Before Deployment - Week 1)
|
|
221
|
+
|
|
222
|
+
1. ✅ **Add timelock to upgrades** [COMPLETED]
|
|
223
|
+
- Deployed TimelockController
|
|
224
|
+
- 48-hour delay configured
|
|
225
|
+
- Owner transferred to timelock
|
|
226
|
+
|
|
227
|
+
2. ⚠ **Add bounds to setRewardRate()** [IN PROGRESS]
|
|
228
|
+
- Add MIN_REWARD_RATE = 1%
|
|
229
|
+
- Add MAX_REWARD_RATE = 50%
|
|
230
|
+
- Estimated completion: 1 day
|
|
231
|
+
|
|
232
|
+
3. ⚠ **Add timelock to rewardRate changes** [PENDING]
|
|
233
|
+
- Use same timelock as upgrades
|
|
234
|
+
- Estimated effort: 2 days
|
|
235
|
+
|
|
236
|
+
### High Priority (Before Audit - Week 2)
|
|
237
|
+
|
|
238
|
+
4. **Document all security properties** [80% COMPLETE]
|
|
239
|
+
- 9/12 properties documented
|
|
240
|
+
- Need to document upgrade invariants
|
|
241
|
+
- Estimated completion: 2 days
|
|
242
|
+
|
|
243
|
+
5. **Increase test coverage to 95%** [CURRENT: 89%]
|
|
244
|
+
- Add pause state tests
|
|
245
|
+
- Add edge case tests (zero amounts, etc.)
|
|
246
|
+
- Estimated effort: 3 days
|
|
247
|
+
|
|
248
|
+
### Medium Priority (Nice to Have)
|
|
249
|
+
|
|
250
|
+
6. **Add Manticore formal verification**
|
|
251
|
+
- Verify critical properties formally
|
|
252
|
+
- Estimated effort: 1 week
|
|
253
|
+
- Impact: High confidence
|
|
254
|
+
|
|
255
|
+
---
|
|
256
|
+
|
|
257
|
+
## WORKFLOW CHECKLIST
|
|
258
|
+
|
|
259
|
+
✅ Step 1: Slither scan clean
|
|
260
|
+
✅ Step 2: Special features validated (upgradeability, ERC20)
|
|
261
|
+
✅ Step 3: Visual inspection complete (diagrams generated)
|
|
262
|
+
✅ Step 4: Properties documented, Echidna configured
|
|
263
|
+
✅ Step 5: Manual review complete
|
|
264
|
+
|
|
265
|
+
🎯 **WORKFLOW STATUS: 95% COMPLETE**
|
|
266
|
+
|
|
267
|
+
**Remaining Tasks:**
|
|
268
|
+
- Add setRewardRate() bounds validation
|
|
269
|
+
- Complete timelock integration
|
|
270
|
+
- Document 3 remaining properties
|
|
271
|
+
|
|
272
|
+
**Estimated Time to Full Completion:** 3-4 days
|
|
273
|
+
|
|
274
|
+
---
|
|
275
|
+
|
|
276
|
+
Ready for external audit after critical tasks completed.
|
|
277
|
+
|
|
278
|
+
Trail of Bits Secure Development Workflow - v0.1.0
|
|
279
|
+
```
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
## The 5-Step Workflow
|
|
2
|
+
|
|
3
|
+
### Step 1: Check for Known Security Issues
|
|
4
|
+
|
|
5
|
+
I'll run Slither with 70+ built-in detectors:
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
slither . --exclude-dependencies
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
Then I'll:
|
|
12
|
+
- Parse findings by severity
|
|
13
|
+
- Explain each issue with file references
|
|
14
|
+
- Recommend fixes
|
|
15
|
+
- Help you triage false positives
|
|
16
|
+
|
|
17
|
+
**Goal**: Clean Slither report or documented triages
|
|
18
|
+
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
### Step 2: Check Special Features
|
|
22
|
+
|
|
23
|
+
I'll detect what's applicable and run the right tools:
|
|
24
|
+
|
|
25
|
+
**If upgradeable contracts**:
|
|
26
|
+
```bash
|
|
27
|
+
slither-check-upgradeability . ContractName --proxy-name ProxyName
|
|
28
|
+
```
|
|
29
|
+
Checks 17 ways upgrades can go wrong
|
|
30
|
+
|
|
31
|
+
**If ERC tokens (ERC20, ERC721, etc.)**:
|
|
32
|
+
```bash
|
|
33
|
+
slither-check-erc . ContractName --erc erc20
|
|
34
|
+
```
|
|
35
|
+
Validates conformance to 6 common specs
|
|
36
|
+
|
|
37
|
+
**If Truffle tests exist**:
|
|
38
|
+
```bash
|
|
39
|
+
slither-prop . --contract ContractName
|
|
40
|
+
```
|
|
41
|
+
Generates security properties for ERC20
|
|
42
|
+
|
|
43
|
+
**If integrating third-party tokens**:
|
|
44
|
+
I'll recommend using the `token-integration-analyzer` skill
|
|
45
|
+
|
|
46
|
+
**Note**: I'll only run checks that apply to your codebase
|
|
47
|
+
|
|
48
|
+
---
|
|
49
|
+
|
|
50
|
+
### Step 3: Visual Security Inspection
|
|
51
|
+
|
|
52
|
+
I'll generate 3 security diagrams:
|
|
53
|
+
|
|
54
|
+
**Inheritance Graph**:
|
|
55
|
+
```bash
|
|
56
|
+
slither . --print inheritance-graph
|
|
57
|
+
```
|
|
58
|
+
Identifies shadowing and C3 linearization issues
|
|
59
|
+
|
|
60
|
+
**Function Summary**:
|
|
61
|
+
```bash
|
|
62
|
+
slither . --print function-summary
|
|
63
|
+
```
|
|
64
|
+
Shows function visibility and access controls
|
|
65
|
+
|
|
66
|
+
**Variables and Authorization**:
|
|
67
|
+
```bash
|
|
68
|
+
slither . --print vars-and-auth
|
|
69
|
+
```
|
|
70
|
+
Maps who can write to state variables
|
|
71
|
+
|
|
72
|
+
I'll review each diagram with you and highlight security concerns
|
|
73
|
+
|
|
74
|
+
---
|
|
75
|
+
|
|
76
|
+
### Step 4: Document Security Properties
|
|
77
|
+
|
|
78
|
+
I'll help you document critical security properties:
|
|
79
|
+
|
|
80
|
+
**Properties to Define**:
|
|
81
|
+
- **State machine**: Valid transitions, invariants
|
|
82
|
+
- **Access controls**: Who can call what
|
|
83
|
+
- **Arithmetic**: Overflow protection, precision
|
|
84
|
+
- **External interactions**: Reentrancy, failed calls
|
|
85
|
+
- **Standards conformance**: ERC requirements
|
|
86
|
+
|
|
87
|
+
**Then Set Up Testing**:
|
|
88
|
+
|
|
89
|
+
**Echidna (fuzzing)**:
|
|
90
|
+
- Create property test contract
|
|
91
|
+
- Define invariants in Solidity
|
|
92
|
+
- Configure echidna.yaml
|
|
93
|
+
- Run fuzzing campaign
|
|
94
|
+
|
|
95
|
+
**Manticore (formal verification)**:
|
|
96
|
+
- Define properties in Solidity or Python
|
|
97
|
+
- Set up symbolic execution
|
|
98
|
+
- Validate critical paths
|
|
99
|
+
|
|
100
|
+
**Custom Slither Checks**:
|
|
101
|
+
- Use Slither Python API for project-specific patterns
|
|
102
|
+
- Focus on business logic
|
|
103
|
+
|
|
104
|
+
**Note**: This is the most important activity for security but requires learning
|
|
105
|
+
|
|
106
|
+
---
|
|
107
|
+
|
|
108
|
+
### Step 5: Manual Review Areas
|
|
109
|
+
|
|
110
|
+
I'll analyze areas automated tools miss:
|
|
111
|
+
|
|
112
|
+
**Privacy Considerations**:
|
|
113
|
+
- Are secrets stored on-chain?
|
|
114
|
+
- Is commit-reveal needed?
|
|
115
|
+
- Are assumptions about privacy documented?
|
|
116
|
+
|
|
117
|
+
**Front-Running Risks**:
|
|
118
|
+
- Price-sensitive transactions without slippage protection?
|
|
119
|
+
- Ordering-dependent logic?
|
|
120
|
+
- MEV opportunities?
|
|
121
|
+
|
|
122
|
+
**Cryptographic Operations**:
|
|
123
|
+
- Weak randomness (block.timestamp, blockhash)?
|
|
124
|
+
- Signature verification issues (ecrecover misuse)?
|
|
125
|
+
- Hash collision vulnerabilities?
|
|
126
|
+
|
|
127
|
+
**DeFi Interactions**:
|
|
128
|
+
- Oracle manipulation risks?
|
|
129
|
+
- Flash loan attack vectors?
|
|
130
|
+
- Protocol assumption violations?
|
|
131
|
+
|
|
132
|
+
I'll search your codebase for these patterns and flag risks
|