@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,669 @@
|
|
|
1
|
+
### 6.1 ARBITRARY CPI (Cross-Program Invocation) ⚠️ CRITICAL
|
|
2
|
+
|
|
3
|
+
**Description**: Using `invoke()` or `invoke_signed()` with user-controlled program IDs allows attackers to call malicious programs instead of the intended program.
|
|
4
|
+
|
|
5
|
+
**Detection Patterns**:
|
|
6
|
+
```rust
|
|
7
|
+
// VULNERABLE: User-provided program ID without validation
|
|
8
|
+
pub fn transfer_tokens(
|
|
9
|
+
ctx: Context<TransferTokens>,
|
|
10
|
+
amount: u64,
|
|
11
|
+
) -> Result<()> {
|
|
12
|
+
// User provides token_program account
|
|
13
|
+
let token_program = &ctx.accounts.token_program;
|
|
14
|
+
|
|
15
|
+
// WRONG: No check that token_program.key() == spl_token::ID!
|
|
16
|
+
invoke(
|
|
17
|
+
&spl_token::instruction::transfer(...),
|
|
18
|
+
&[
|
|
19
|
+
ctx.accounts.from.to_account_info(),
|
|
20
|
+
ctx.accounts.to.to_account_info(),
|
|
21
|
+
token_program.to_account_info(), // ATTACKER CONTROLLED!
|
|
22
|
+
],
|
|
23
|
+
)?;
|
|
24
|
+
Ok(())
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
// VULNERABLE: Native Solana without validation
|
|
28
|
+
pub fn process_instruction(
|
|
29
|
+
program_id: &Pubkey,
|
|
30
|
+
accounts: &[AccountInfo],
|
|
31
|
+
instruction_data: &[u8],
|
|
32
|
+
) -> ProgramResult {
|
|
33
|
+
let accounts_iter = &mut accounts.iter();
|
|
34
|
+
let token_program = next_account_info(accounts_iter)?;
|
|
35
|
+
|
|
36
|
+
// WRONG: No validation of token_program.key
|
|
37
|
+
invoke(
|
|
38
|
+
&transfer_instruction,
|
|
39
|
+
&[from_account, to_account, token_program], // Unvalidated!
|
|
40
|
+
)?;
|
|
41
|
+
Ok(())
|
|
42
|
+
}
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
**What to Check**:
|
|
46
|
+
- [ ] ALL CPI program IDs validated before `invoke()` or `invoke_signed()`
|
|
47
|
+
- [ ] Validation: `program.key() == EXPECTED_PROGRAM_ID`
|
|
48
|
+
- [ ] Cannot pass arbitrary program accounts from user
|
|
49
|
+
- [ ] Anchor: Use `Program<'info, T>` type with constraint
|
|
50
|
+
|
|
51
|
+
**Mitigation**:
|
|
52
|
+
```rust
|
|
53
|
+
// SECURE: Validate program ID (Native)
|
|
54
|
+
use spl_token;
|
|
55
|
+
|
|
56
|
+
pub fn process_instruction(
|
|
57
|
+
program_id: &Pubkey,
|
|
58
|
+
accounts: &[AccountInfo],
|
|
59
|
+
instruction_data: &[u8],
|
|
60
|
+
) -> ProgramResult {
|
|
61
|
+
let accounts_iter = &mut accounts.iter();
|
|
62
|
+
let token_program = next_account_info(accounts_iter)?;
|
|
63
|
+
|
|
64
|
+
// CRITICAL: Validate program ID
|
|
65
|
+
if token_program.key != &spl_token::ID {
|
|
66
|
+
return Err(ProgramError::IncorrectProgramId);
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
// Safe to invoke
|
|
70
|
+
invoke(
|
|
71
|
+
&spl_token::instruction::transfer(...),
|
|
72
|
+
&[from_account, to_account, token_program],
|
|
73
|
+
)?;
|
|
74
|
+
Ok(())
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
// SECURE: Use Anchor Program type with constraint
|
|
78
|
+
use anchor_spl::token::{Token, TokenAccount};
|
|
79
|
+
|
|
80
|
+
#[derive(Accounts)]
|
|
81
|
+
pub struct TransferTokens<'info> {
|
|
82
|
+
#[account(mut)]
|
|
83
|
+
pub from: Account<'info, TokenAccount>,
|
|
84
|
+
#[account(mut)]
|
|
85
|
+
pub to: Account<'info, TokenAccount>,
|
|
86
|
+
pub authority: Signer<'info>,
|
|
87
|
+
// Program<'info, Token> automatically validates program ID
|
|
88
|
+
pub token_program: Program<'info, Token>,
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
pub fn transfer_tokens(ctx: Context<TransferTokens>, amount: u64) -> Result<()> {
|
|
92
|
+
// Anchor ensures token_program.key() == Token::id()
|
|
93
|
+
let cpi_accounts = Transfer {
|
|
94
|
+
from: ctx.accounts.from.to_account_info(),
|
|
95
|
+
to: ctx.accounts.to.to_account_info(),
|
|
96
|
+
authority: ctx.accounts.authority.to_account_info(),
|
|
97
|
+
};
|
|
98
|
+
|
|
99
|
+
let cpi_ctx = CpiContext::new(
|
|
100
|
+
ctx.accounts.token_program.to_account_info(),
|
|
101
|
+
cpi_accounts,
|
|
102
|
+
);
|
|
103
|
+
|
|
104
|
+
anchor_spl::token::transfer(cpi_ctx, amount)?;
|
|
105
|
+
Ok(())
|
|
106
|
+
}
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
**Tool Detection**:
|
|
110
|
+
- Trail of Bits lint: `unchecked-cpi-program-id`
|
|
111
|
+
- Look for: `invoke()` without prior program ID check
|
|
112
|
+
|
|
113
|
+
**References**: building-secure-contracts/not-so-smart-contracts/solana/arbitrary_cpi
|
|
114
|
+
|
|
115
|
+
---
|
|
116
|
+
|
|
117
|
+
### 4.2 IMPROPER PDA VALIDATION ⚠️ CRITICAL
|
|
118
|
+
|
|
119
|
+
**Description**: Program-Derived Addresses (PDAs) can have multiple valid bumps for the same seeds. Using `create_program_address()` without verifying canonical bump allows PDA spoofing attacks.
|
|
120
|
+
|
|
121
|
+
**Detection Patterns**:
|
|
122
|
+
```rust
|
|
123
|
+
// VULNERABLE: Using create_program_address without bump validation
|
|
124
|
+
pub fn withdraw(ctx: Context<Withdraw>, bump: u8) -> Result<()> {
|
|
125
|
+
// User provides bump
|
|
126
|
+
let vault_seeds = &[
|
|
127
|
+
b"vault",
|
|
128
|
+
ctx.accounts.user.key().as_ref(),
|
|
129
|
+
&[bump], // WRONG: Attacker can provide non-canonical bump!
|
|
130
|
+
];
|
|
131
|
+
|
|
132
|
+
let vault = Pubkey::create_program_address(vault_seeds, ctx.program_id)?;
|
|
133
|
+
|
|
134
|
+
// This vault might not be the canonical PDA!
|
|
135
|
+
// Attacker could create multiple PDAs and drain wrong vault
|
|
136
|
+
Ok(())
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
// VULNERABLE: Not comparing with find_program_address result
|
|
140
|
+
pub fn initialize(ctx: Context<Initialize>, bump: u8) -> Result<()> {
|
|
141
|
+
let pda_seeds = &[b"state", &[bump]];
|
|
142
|
+
let pda = Pubkey::create_program_address(pda_seeds, ctx.program_id)?;
|
|
143
|
+
|
|
144
|
+
// WRONG: Not verifying this is the canonical PDA
|
|
145
|
+
// Should check pda == ctx.accounts.pda_account.key()
|
|
146
|
+
}
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
**What to Check**:
|
|
150
|
+
- [ ] PDAs use `find_program_address()` to get canonical bump
|
|
151
|
+
- [ ] OR `create_program_address()` result compared with expected PDA
|
|
152
|
+
- [ ] Bump seed stored and reused (not provided by user)
|
|
153
|
+
- [ ] Anchor: Use `seeds` and `bump` constraints
|
|
154
|
+
|
|
155
|
+
**Mitigation**:
|
|
156
|
+
```rust
|
|
157
|
+
// SECURE: Use find_program_address (Native)
|
|
158
|
+
pub fn withdraw(
|
|
159
|
+
program_id: &Pubkey,
|
|
160
|
+
accounts: &[AccountInfo],
|
|
161
|
+
) -> ProgramResult {
|
|
162
|
+
let accounts_iter = &mut accounts.iter();
|
|
163
|
+
let vault_account = next_account_info(accounts_iter)?;
|
|
164
|
+
let user_account = next_account_info(accounts_iter)?;
|
|
165
|
+
|
|
166
|
+
// Find canonical PDA with bump
|
|
167
|
+
let (vault_pda, bump) = Pubkey::find_program_address(
|
|
168
|
+
&[b"vault", user_account.key.as_ref()],
|
|
169
|
+
program_id,
|
|
170
|
+
);
|
|
171
|
+
|
|
172
|
+
// Verify provided account matches canonical PDA
|
|
173
|
+
if vault_account.key != &vault_pda {
|
|
174
|
+
return Err(ProgramError::InvalidAccountData);
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
// Use bump for signing
|
|
178
|
+
let vault_seeds = &[
|
|
179
|
+
b"vault",
|
|
180
|
+
user_account.key.as_ref(),
|
|
181
|
+
&[bump],
|
|
182
|
+
];
|
|
183
|
+
|
|
184
|
+
invoke_signed(
|
|
185
|
+
&transfer_instruction,
|
|
186
|
+
&[vault_account, destination],
|
|
187
|
+
&[vault_seeds],
|
|
188
|
+
)?;
|
|
189
|
+
|
|
190
|
+
Ok(())
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
// SECURE: Anchor with seeds constraint
|
|
194
|
+
#[derive(Accounts)]
|
|
195
|
+
pub struct Withdraw<'info> {
|
|
196
|
+
#[account(
|
|
197
|
+
mut,
|
|
198
|
+
seeds = [b"vault", user.key().as_ref()],
|
|
199
|
+
bump, // Anchor automatically validates canonical bump
|
|
200
|
+
)]
|
|
201
|
+
pub vault: Account<'info, VaultAccount>,
|
|
202
|
+
|
|
203
|
+
pub user: Signer<'info>,
|
|
204
|
+
}
|
|
205
|
+
|
|
206
|
+
pub fn withdraw(ctx: Context<Withdraw>, amount: u64) -> Result<()> {
|
|
207
|
+
// Anchor has already validated vault is canonical PDA
|
|
208
|
+
let bump = *ctx.bumps.get("vault").unwrap();
|
|
209
|
+
|
|
210
|
+
let vault_seeds = &[
|
|
211
|
+
b"vault",
|
|
212
|
+
ctx.accounts.user.key().as_ref(),
|
|
213
|
+
&[bump],
|
|
214
|
+
];
|
|
215
|
+
|
|
216
|
+
// Safe to use in CPI
|
|
217
|
+
let signer_seeds = &[&vault_seeds[..]];
|
|
218
|
+
|
|
219
|
+
// CPI with PDA signer
|
|
220
|
+
Ok(())
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
// BETTER: Store bump in account
|
|
224
|
+
#[account]
|
|
225
|
+
pub struct VaultAccount {
|
|
226
|
+
pub bump: u8, // Store canonical bump
|
|
227
|
+
pub owner: Pubkey,
|
|
228
|
+
pub balance: u64,
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
#[derive(Accounts)]
|
|
232
|
+
pub struct Initialize<'info> {
|
|
233
|
+
#[account(
|
|
234
|
+
init,
|
|
235
|
+
payer = user,
|
|
236
|
+
space = 8 + 1 + 32 + 8,
|
|
237
|
+
seeds = [b"vault", user.key().as_ref()],
|
|
238
|
+
bump,
|
|
239
|
+
)]
|
|
240
|
+
pub vault: Account<'info, VaultAccount>,
|
|
241
|
+
|
|
242
|
+
#[account(mut)]
|
|
243
|
+
pub user: Signer<'info>,
|
|
244
|
+
pub system_program: Program<'info, System>,
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
pub fn initialize(ctx: Context<Initialize>) -> Result<()> {
|
|
248
|
+
let vault = &mut ctx.accounts.vault;
|
|
249
|
+
vault.bump = *ctx.bumps.get("vault").unwrap(); // Store canonical bump
|
|
250
|
+
vault.owner = ctx.accounts.user.key();
|
|
251
|
+
vault.balance = 0;
|
|
252
|
+
Ok(())
|
|
253
|
+
}
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
**Tool Detection**:
|
|
257
|
+
- Trail of Bits lint: `improper-pda-validation`
|
|
258
|
+
- Look for: `create_program_address` without `find_program_address` comparison
|
|
259
|
+
|
|
260
|
+
**References**: building-secure-contracts/not-so-smart-contracts/solana/pda_validation
|
|
261
|
+
|
|
262
|
+
---
|
|
263
|
+
|
|
264
|
+
### 4.3 MISSING OWNERSHIP CHECK ⚠️ HIGH
|
|
265
|
+
|
|
266
|
+
**Description**: Accounts without owner validation can be spoofed by attackers. User provides account with attacker-controlled data, bypassing program logic.
|
|
267
|
+
|
|
268
|
+
**Detection Patterns**:
|
|
269
|
+
```rust
|
|
270
|
+
// VULNERABLE: Deserializing account without owner check
|
|
271
|
+
pub fn process_instruction(
|
|
272
|
+
program_id: &Pubkey,
|
|
273
|
+
accounts: &[AccountInfo],
|
|
274
|
+
instruction_data: &[u8],
|
|
275
|
+
) -> ProgramResult {
|
|
276
|
+
let accounts_iter = &mut accounts.iter();
|
|
277
|
+
let vault_account = next_account_info(accounts_iter)?;
|
|
278
|
+
|
|
279
|
+
// WRONG: No owner check before deserializing!
|
|
280
|
+
let vault: Vault = Vault::try_from_slice(&vault_account.data.borrow())?;
|
|
281
|
+
|
|
282
|
+
// vault could be fake account owned by attacker with fake balance!
|
|
283
|
+
if vault.balance >= amount {
|
|
284
|
+
// Process withdrawal using fake balance
|
|
285
|
+
}
|
|
286
|
+
|
|
287
|
+
Ok(())
|
|
288
|
+
}
|
|
289
|
+
|
|
290
|
+
// VULNERABLE: Anchor without owner constraint
|
|
291
|
+
#[derive(Accounts)]
|
|
292
|
+
pub struct Withdraw<'info> {
|
|
293
|
+
/// CHECK: This is unsafe - no owner validation!
|
|
294
|
+
pub vault: AccountInfo<'info>,
|
|
295
|
+
}
|
|
296
|
+
```
|
|
297
|
+
|
|
298
|
+
**What to Check**:
|
|
299
|
+
- [ ] ALL accounts validated for correct owner before deserialization
|
|
300
|
+
- [ ] Native: Check `account.owner == expected_program_id`
|
|
301
|
+
- [ ] Anchor: Use `Account<'info, T>` type (automatic owner check)
|
|
302
|
+
- [ ] System accounts: Check `account.owner == system_program::ID`
|
|
303
|
+
- [ ] Token accounts: Check `account.owner == spl_token::ID`
|
|
304
|
+
|
|
305
|
+
**Mitigation**:
|
|
306
|
+
```rust
|
|
307
|
+
// SECURE: Validate owner before deserializing (Native)
|
|
308
|
+
pub fn process_instruction(
|
|
309
|
+
program_id: &Pubkey,
|
|
310
|
+
accounts: &[AccountInfo],
|
|
311
|
+
instruction_data: &[u8],
|
|
312
|
+
) -> ProgramResult {
|
|
313
|
+
let accounts_iter = &mut accounts.iter();
|
|
314
|
+
let vault_account = next_account_info(accounts_iter)?;
|
|
315
|
+
|
|
316
|
+
// CRITICAL: Validate owner
|
|
317
|
+
if vault_account.owner != program_id {
|
|
318
|
+
return Err(ProgramError::IncorrectProgramId);
|
|
319
|
+
}
|
|
320
|
+
|
|
321
|
+
// Safe to deserialize - we own this account
|
|
322
|
+
let vault: Vault = Vault::try_from_slice(&vault_account.data.borrow())?;
|
|
323
|
+
|
|
324
|
+
Ok(())
|
|
325
|
+
}
|
|
326
|
+
|
|
327
|
+
// SECURE: Use Anchor Account type (automatic validation)
|
|
328
|
+
#[derive(Accounts)]
|
|
329
|
+
pub struct Withdraw<'info> {
|
|
330
|
+
#[account(mut)]
|
|
331
|
+
pub vault: Account<'info, VaultAccount>, // Anchor checks owner automatically
|
|
332
|
+
pub user: Signer<'info>,
|
|
333
|
+
}
|
|
334
|
+
|
|
335
|
+
// For third-party program accounts
|
|
336
|
+
#[derive(Accounts)]
|
|
337
|
+
pub struct ProcessToken<'info> {
|
|
338
|
+
#[account(mut)]
|
|
339
|
+
pub token_account: Account<'info, TokenAccount>, // Validates owner == Token program
|
|
340
|
+
pub token_program: Program<'info, Token>,
|
|
341
|
+
}
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
**Tool Detection**:
|
|
345
|
+
- Trail of Bits lint: `missing-ownership-check`
|
|
346
|
+
- Look for: Deserialization without owner validation
|
|
347
|
+
|
|
348
|
+
**References**: building-secure-contracts/not-so-smart-contracts/solana/ownership_check
|
|
349
|
+
|
|
350
|
+
---
|
|
351
|
+
|
|
352
|
+
### 4.4 MISSING SIGNER CHECK ⚠️ CRITICAL
|
|
353
|
+
|
|
354
|
+
**Description**: Sensitive operations without `is_signer` validation allow unauthorized users to call functions intended for specific authorities.
|
|
355
|
+
|
|
356
|
+
**Detection Patterns**:
|
|
357
|
+
```rust
|
|
358
|
+
// VULNERABLE: No signer check on authority account
|
|
359
|
+
pub fn withdraw(
|
|
360
|
+
program_id: &Pubkey,
|
|
361
|
+
accounts: &[AccountInfo],
|
|
362
|
+
amount: u64,
|
|
363
|
+
) -> ProgramResult {
|
|
364
|
+
let accounts_iter = &mut accounts.iter();
|
|
365
|
+
let vault = next_account_info(accounts_iter)?;
|
|
366
|
+
let authority = next_account_info(accounts_iter)?;
|
|
367
|
+
|
|
368
|
+
// WRONG: No check that authority.is_signer == true!
|
|
369
|
+
// Attacker can provide any authority account and withdraw
|
|
370
|
+
|
|
371
|
+
let vault_data: Vault = Vault::try_from_slice(&vault.data.borrow())?;
|
|
372
|
+
|
|
373
|
+
// Check authority matches (but attacker provided this!)
|
|
374
|
+
if vault_data.authority != *authority.key {
|
|
375
|
+
return Err(ProgramError::InvalidAccountData);
|
|
376
|
+
}
|
|
377
|
+
|
|
378
|
+
// Process withdrawal - ATTACKER CAN CALL THIS!
|
|
379
|
+
Ok(())
|
|
380
|
+
}
|
|
381
|
+
|
|
382
|
+
// VULNERABLE: Anchor without Signer type
|
|
383
|
+
#[derive(Accounts)]
|
|
384
|
+
pub struct Withdraw<'info> {
|
|
385
|
+
#[account(mut)]
|
|
386
|
+
pub vault: Account<'info, VaultAccount>,
|
|
387
|
+
/// CHECK: Missing signer constraint!
|
|
388
|
+
pub authority: AccountInfo<'info>,
|
|
389
|
+
}
|
|
390
|
+
```
|
|
391
|
+
|
|
392
|
+
**What to Check**:
|
|
393
|
+
- [ ] ALL authority accounts validated with `is_signer`
|
|
394
|
+
- [ ] Native: Check `account.is_signer == true`
|
|
395
|
+
- [ ] Anchor: Use `Signer<'info>` type (automatic validation)
|
|
396
|
+
- [ ] Access-controlled functions require signer check
|
|
397
|
+
|
|
398
|
+
**Mitigation**:
|
|
399
|
+
```rust
|
|
400
|
+
// SECURE: Check is_signer (Native)
|
|
401
|
+
pub fn withdraw(
|
|
402
|
+
program_id: &Pubkey,
|
|
403
|
+
accounts: &[AccountInfo],
|
|
404
|
+
amount: u64,
|
|
405
|
+
) -> ProgramResult {
|
|
406
|
+
let accounts_iter = &mut accounts.iter();
|
|
407
|
+
let vault = next_account_info(accounts_iter)?;
|
|
408
|
+
let authority = next_account_info(accounts_iter)?;
|
|
409
|
+
|
|
410
|
+
// CRITICAL: Verify authority signed the transaction
|
|
411
|
+
if !authority.is_signer {
|
|
412
|
+
return Err(ProgramError::MissingRequiredSignature);
|
|
413
|
+
}
|
|
414
|
+
|
|
415
|
+
let vault_data: Vault = Vault::try_from_slice(&vault.data.borrow())?;
|
|
416
|
+
|
|
417
|
+
// Now safe to check authority matches
|
|
418
|
+
if vault_data.authority != *authority.key {
|
|
419
|
+
return Err(ProgramError::InvalidAccountData);
|
|
420
|
+
}
|
|
421
|
+
|
|
422
|
+
// Process withdrawal - only if authority signed
|
|
423
|
+
Ok(())
|
|
424
|
+
}
|
|
425
|
+
|
|
426
|
+
// SECURE: Use Anchor Signer type (automatic validation)
|
|
427
|
+
#[derive(Accounts)]
|
|
428
|
+
pub struct Withdraw<'info> {
|
|
429
|
+
#[account(
|
|
430
|
+
mut,
|
|
431
|
+
has_one = authority, // Also validate vault.authority == authority.key()
|
|
432
|
+
)]
|
|
433
|
+
pub vault: Account<'info, VaultAccount>,
|
|
434
|
+
pub authority: Signer<'info>, // Anchor checks is_signer automatically
|
|
435
|
+
}
|
|
436
|
+
|
|
437
|
+
pub fn withdraw(ctx: Context<Withdraw>, amount: u64) -> Result<()> {
|
|
438
|
+
// Anchor has already validated:
|
|
439
|
+
// 1. authority.is_signer == true
|
|
440
|
+
// 2. vault.authority == authority.key()
|
|
441
|
+
|
|
442
|
+
// Safe to proceed with withdrawal
|
|
443
|
+
Ok(())
|
|
444
|
+
}
|
|
445
|
+
|
|
446
|
+
// For admin functions
|
|
447
|
+
#[derive(Accounts)]
|
|
448
|
+
pub struct UpdateConfig<'info> {
|
|
449
|
+
#[account(
|
|
450
|
+
mut,
|
|
451
|
+
has_one = admin,
|
|
452
|
+
)]
|
|
453
|
+
pub config: Account<'info, Config>,
|
|
454
|
+
pub admin: Signer<'info>, // Must be signer
|
|
455
|
+
}
|
|
456
|
+
```
|
|
457
|
+
|
|
458
|
+
**Tool Detection**:
|
|
459
|
+
- Trail of Bits lint: `missing-signer-check`
|
|
460
|
+
- Look for: Authority checks without `is_signer` validation
|
|
461
|
+
|
|
462
|
+
**References**: building-secure-contracts/not-so-smart-contracts/solana/signer_check
|
|
463
|
+
|
|
464
|
+
---
|
|
465
|
+
|
|
466
|
+
### 4.5 SYSVAR ACCOUNT CHECK ⚠️ HIGH (Pre-Solana 1.8.1)
|
|
467
|
+
|
|
468
|
+
**Description**: In Solana versions before 1.8.1, users can pass spoofed sysvar accounts (Instructions, Clock, etc.) to bypass authentication. This affects `load_instruction_at()` and similar functions.
|
|
469
|
+
|
|
470
|
+
**Detection Patterns**:
|
|
471
|
+
```rust
|
|
472
|
+
// VULNERABLE: Using unchecked load functions (Solana < 1.8.1)
|
|
473
|
+
use solana_program::sysvar::instructions;
|
|
474
|
+
|
|
475
|
+
pub fn process_instruction(
|
|
476
|
+
program_id: &Pubkey,
|
|
477
|
+
accounts: &[AccountInfo],
|
|
478
|
+
instruction_data: &[u8],
|
|
479
|
+
) -> ProgramResult {
|
|
480
|
+
let accounts_iter = &mut accounts.iter();
|
|
481
|
+
let instructions_sysvar = next_account_info(accounts_iter)?;
|
|
482
|
+
|
|
483
|
+
// WRONG: load_instruction_at() doesn't validate sysvar account!
|
|
484
|
+
let current_ix = instructions::load_instruction_at(0, instructions_sysvar)?;
|
|
485
|
+
|
|
486
|
+
// Attacker can provide fake Instructions sysvar with spoofed instruction data!
|
|
487
|
+
// Bypass authentication by faking previous instruction
|
|
488
|
+
}
|
|
489
|
+
|
|
490
|
+
// VULNERABLE: load_current_index() without validation
|
|
491
|
+
let current_index = instructions::load_current_index(instructions_sysvar)?;
|
|
492
|
+
```
|
|
493
|
+
|
|
494
|
+
**What to Check**:
|
|
495
|
+
- [ ] Using Solana 1.8.1 or higher
|
|
496
|
+
- [ ] Using checked functions: `load_instruction_at_checked()`, `load_current_index_checked()`
|
|
497
|
+
- [ ] NOT using: `load_instruction_at()`, `load_current_index()` (unchecked versions)
|
|
498
|
+
- [ ] Sysvar accounts validated against known addresses
|
|
499
|
+
|
|
500
|
+
**Mitigation**:
|
|
501
|
+
```rust
|
|
502
|
+
// OPTION 1: Upgrade to Solana 1.8.1+ and use checked functions
|
|
503
|
+
use solana_program::sysvar::instructions;
|
|
504
|
+
|
|
505
|
+
pub fn process_instruction(
|
|
506
|
+
program_id: &Pubkey,
|
|
507
|
+
accounts: &[AccountInfo],
|
|
508
|
+
instruction_data: &[u8],
|
|
509
|
+
) -> ProgramResult {
|
|
510
|
+
let accounts_iter = &mut accounts.iter();
|
|
511
|
+
let instructions_sysvar = next_account_info(accounts_iter)?;
|
|
512
|
+
|
|
513
|
+
// SECURE: load_instruction_at_checked validates sysvar account
|
|
514
|
+
let current_ix = instructions::load_instruction_at_checked(
|
|
515
|
+
0,
|
|
516
|
+
instructions_sysvar
|
|
517
|
+
)?;
|
|
518
|
+
|
|
519
|
+
// Safe - sysvar is validated
|
|
520
|
+
Ok(())
|
|
521
|
+
}
|
|
522
|
+
|
|
523
|
+
// OPTION 2: Manual validation (if on old Solana version)
|
|
524
|
+
pub fn process_instruction(
|
|
525
|
+
program_id: &Pubkey,
|
|
526
|
+
accounts: &[AccountInfo],
|
|
527
|
+
instruction_data: &[u8],
|
|
528
|
+
) -> ProgramResult {
|
|
529
|
+
let accounts_iter = &mut accounts.iter();
|
|
530
|
+
let instructions_sysvar = next_account_info(accounts_iter)?;
|
|
531
|
+
|
|
532
|
+
// Validate sysvar account address
|
|
533
|
+
if instructions_sysvar.key != &solana_program::sysvar::instructions::ID {
|
|
534
|
+
return Err(ProgramError::InvalidAccountData);
|
|
535
|
+
}
|
|
536
|
+
|
|
537
|
+
// Now safe to use unchecked function
|
|
538
|
+
let current_ix = instructions::load_instruction_at(0, instructions_sysvar)?;
|
|
539
|
+
|
|
540
|
+
Ok(())
|
|
541
|
+
}
|
|
542
|
+
|
|
543
|
+
// SECURE: Anchor with address constraint
|
|
544
|
+
#[derive(Accounts)]
|
|
545
|
+
pub struct CheckInstructions<'info> {
|
|
546
|
+
/// CHECK: Validated against known sysvar address
|
|
547
|
+
#[account(address = solana_program::sysvar::instructions::ID)]
|
|
548
|
+
pub instructions_sysvar: AccountInfo<'info>,
|
|
549
|
+
}
|
|
550
|
+
```
|
|
551
|
+
|
|
552
|
+
**Tool Detection**:
|
|
553
|
+
- Trail of Bits lint: `unchecked-sysvar-account`
|
|
554
|
+
- Look for: `load_instruction_at()` instead of `load_instruction_at_checked()`
|
|
555
|
+
|
|
556
|
+
**References**: building-secure-contracts/not-so-smart-contracts/solana/sysvar_get
|
|
557
|
+
|
|
558
|
+
---
|
|
559
|
+
|
|
560
|
+
### 4.6 IMPROPER INSTRUCTION INTROSPECTION ⚠️ MEDIUM
|
|
561
|
+
|
|
562
|
+
**Description**: Using absolute indexes in instruction introspection allows reusing the same instruction context across multiple program calls. Should use relative indexes to ensure proper correlation.
|
|
563
|
+
|
|
564
|
+
**Detection Patterns**:
|
|
565
|
+
```rust
|
|
566
|
+
// VULNERABLE: Absolute index in load_instruction_at
|
|
567
|
+
use solana_program::sysvar::instructions;
|
|
568
|
+
|
|
569
|
+
pub fn process_instruction(
|
|
570
|
+
program_id: &Pubkey,
|
|
571
|
+
accounts: &[AccountInfo],
|
|
572
|
+
instruction_data: &[u8],
|
|
573
|
+
) -> ProgramResult {
|
|
574
|
+
let instructions_sysvar = &accounts[0];
|
|
575
|
+
|
|
576
|
+
// WRONG: Using absolute index 0
|
|
577
|
+
let prev_ix = instructions::load_instruction_at_checked(0, instructions_sysvar)?;
|
|
578
|
+
|
|
579
|
+
// Attacker can craft transaction where instruction 0 is benign,
|
|
580
|
+
// but instruction 1 (malicious) also loads instruction 0 for validation
|
|
581
|
+
// Same instruction 0 used to validate both instruction 0 and 1!
|
|
582
|
+
}
|
|
583
|
+
|
|
584
|
+
// VULNERABLE: No correlation between instructions
|
|
585
|
+
pub fn withdraw(ctx: Context<Withdraw>) -> Result<()> {
|
|
586
|
+
let instructions_sysvar = &ctx.accounts.instructions_sysvar;
|
|
587
|
+
|
|
588
|
+
// Check that previous instruction was deposit
|
|
589
|
+
let prev_ix = instructions::load_instruction_at_checked(0, instructions_sysvar)?;
|
|
590
|
+
|
|
591
|
+
// WRONG: Not checking that prev_ix is actually related to current instruction
|
|
592
|
+
// Could be completely unrelated instruction from earlier in transaction
|
|
593
|
+
}
|
|
594
|
+
```
|
|
595
|
+
|
|
596
|
+
**What to Check**:
|
|
597
|
+
- [ ] Use relative indexes: `get_instruction_relative(-1, ...)` for previous instruction
|
|
598
|
+
- [ ] Absolute indexes only when specifically intended
|
|
599
|
+
- [ ] Validate correlation between current and referenced instructions
|
|
600
|
+
- [ ] Cannot reuse same instruction validation across multiple calls
|
|
601
|
+
|
|
602
|
+
**Mitigation**:
|
|
603
|
+
```rust
|
|
604
|
+
// SECURE: Use relative indexing
|
|
605
|
+
use solana_program::sysvar::instructions;
|
|
606
|
+
|
|
607
|
+
pub fn process_instruction(
|
|
608
|
+
program_id: &Pubkey,
|
|
609
|
+
accounts: &[AccountInfo],
|
|
610
|
+
instruction_data: &[u8],
|
|
611
|
+
) -> ProgramResult {
|
|
612
|
+
let instructions_sysvar = &accounts[0];
|
|
613
|
+
|
|
614
|
+
// Get current instruction index
|
|
615
|
+
let current_index = instructions::load_current_index_checked(instructions_sysvar)?;
|
|
616
|
+
|
|
617
|
+
// SECURE: Get immediately preceding instruction with relative index
|
|
618
|
+
if current_index > 0 {
|
|
619
|
+
let prev_ix = instructions::load_instruction_at_checked(
|
|
620
|
+
(current_index - 1) as usize,
|
|
621
|
+
instructions_sysvar
|
|
622
|
+
)?;
|
|
623
|
+
|
|
624
|
+
// This is guaranteed to be the instruction immediately before current
|
|
625
|
+
// Validate prev_ix is the expected setup instruction
|
|
626
|
+
}
|
|
627
|
+
|
|
628
|
+
Ok(())
|
|
629
|
+
}
|
|
630
|
+
|
|
631
|
+
// BETTER: Use get_instruction_relative (if available)
|
|
632
|
+
let prev_ix = instructions::get_instruction_relative(-1, instructions_sysvar)?;
|
|
633
|
+
// Explicitly relative to current instruction
|
|
634
|
+
|
|
635
|
+
// SECURE: Additional correlation validation
|
|
636
|
+
pub fn withdraw(ctx: Context<Withdraw>) -> Result<()> {
|
|
637
|
+
let instructions_sysvar = &ctx.accounts.instructions_sysvar;
|
|
638
|
+
let current_ix_index = instructions::load_current_index_checked(instructions_sysvar)?;
|
|
639
|
+
|
|
640
|
+
// Must have previous instruction
|
|
641
|
+
require!(current_ix_index > 0, ErrorCode::NoPreviousInstruction);
|
|
642
|
+
|
|
643
|
+
// Get previous instruction
|
|
644
|
+
let prev_ix_index = current_ix_index - 1;
|
|
645
|
+
let prev_ix = instructions::load_instruction_at_checked(
|
|
646
|
+
prev_ix_index as usize,
|
|
647
|
+
instructions_sysvar
|
|
648
|
+
)?;
|
|
649
|
+
|
|
650
|
+
// Validate previous instruction is deposit to same program
|
|
651
|
+
require!(
|
|
652
|
+
prev_ix.program_id == ctx.program_id,
|
|
653
|
+
ErrorCode::InvalidPreviousProgram
|
|
654
|
+
);
|
|
655
|
+
|
|
656
|
+
// Validate accounts in previous instruction match expectations
|
|
657
|
+
// This ensures proper correlation between deposit and withdraw
|
|
658
|
+
require!(
|
|
659
|
+
prev_ix.accounts[0].pubkey == ctx.accounts.vault.key(),
|
|
660
|
+
ErrorCode::VaultMismatch
|
|
661
|
+
);
|
|
662
|
+
|
|
663
|
+
Ok(())
|
|
664
|
+
}
|
|
665
|
+
```
|
|
666
|
+
|
|
667
|
+
**References**: building-secure-contracts/not-so-smart-contracts/solana/insecure_instruction_introspection
|
|
668
|
+
|
|
669
|
+
---
|