solidity-argus 0.1.0

package/AGENTS.md

@@ -0,0 +1,37 @@
+# Argus Plugin Agents
+
+This file enables OpenCode agent discovery for the `solidity-argus` plugin.
+
+## Architecture
+
+Modular factory-based architecture: `create-tools.ts`, `create-hooks.ts`, `create-managers.ts`, `plugin-interface.ts`.
+Multi-level config (user + project) with deep merge. Hook enable/disable via `disabled_hooks` config.
+CLI: `argus doctor`, `argus init`, `argus install`.
+
+## argus
+
+**Role**: Primary security audit orchestrator
+**Description**: Argus Panoptes, the All-Seeing Guardian. Coordinates full Solidity security audits by dispatching Sentinel (analysis), Pythia (research), and Scribe (reporting). Follows a rigorous 7-step methodology: Reconnaissance, Automated Scanning, Manual Review, Attack Surface Mapping, Vulnerability Research, Testing & Verification, and Reporting.
+**Model**: anthropic/claude-opus-4-6
+**Tools**: All 8 argus_* tools (argus_slither_analyze, argus_analyze_contract, argus_check_patterns, argus_solodit_search, argus_forge_test, argus_forge_fuzz, argus_generate_report, argus_sync_knowledge)
+
+## sentinel
+
+**Role**: Static analysis and testing specialist
+**Description**: Finds vulnerabilities through Slither static analysis, Foundry testing, fuzzing, and pattern matching. The tactical executor — runs tools, writes PoC tests, and verifies findings. Dispatched by Argus during Automated Scanning and Testing & Verification phases.
+**Model**: anthropic/claude-sonnet-4-6
+**Tools**: argus_slither_analyze, argus_forge_test, argus_forge_fuzz, argus_analyze_contract, argus_check_patterns
+
+## pythia
+
+**Role**: Vulnerability researcher
+**Description**: Consults Solodit, SCVD, and the knowledge base to find historical precedents and known attack vectors. Searches 7,769+ real-world audit findings and 55 curated vulnerability pattern files. Dispatched by Argus during Vulnerability Research phase.
+**Model**: anthropic/claude-sonnet-4-6
+**Tools**: argus_solodit_search, argus_check_patterns
+
+## scribe
+
+**Role**: Audit report writer
+**Description**: Transforms raw findings into professional markdown audit reports. Produces structured output with severity classifications (Critical/High/Medium/Low/Informational), impact assessments, proof-of-concept steps, and actionable recommendations. Dispatched by Argus only after all analysis is complete.
+**Model**: anthropic/claude-sonnet-4-6
+**Tools**: argus_generate_report

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Apegurus
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,249 @@
+# solidity-argus
+
+**The All-Seeing Solidity Security Auditor for OpenCode**
+
+[![npm version](https://img.shields.io/npm/v/solidity-argus)](https://www.npmjs.com/package/solidity-argus) [![license](https://img.shields.io/npm/l/solidity-argus)](./LICENSE)
+
+---
+
+## Overview
+
+**solidity-argus** is a security auditing plugin for [OpenCode](https://opencode.ai) that brings professional-grade Solidity smart contract auditing directly into your AI coding workflow.
+
+Argus Panoptes — the mythological all-seeing giant — orchestrates a team of 4 specialized AI agents to conduct comprehensive security audits: static analysis, vulnerability research, dynamic testing, and professional report generation.
+
+**What it does:**
+- Runs Slither static analysis and Foundry tests automatically
+- Searches 7,769+ real-world audit findings via SCVD and Solodit
+- Matches code against 55 curated vulnerability pattern files
+- Generates professional markdown audit reports with severity classifications
+- Follows a rigorous 7-step audit methodology (Reconnaissance → Report)
+
+**Why it's useful:**
+- Catches reentrancy, oracle manipulation, access control flaws, flash loan vectors, and 35+ other vulnerability classes
+- Integrates seamlessly into OpenCode's agent system — no separate tooling setup required
+- Knowledge base sourced from Trail of Bits, Cyfrin, DeFiFoFum, and the broader security community
+
+---
+
+## Installation
+
+Add `solidity-argus` to your OpenCode configuration:
+
+```json
+{
+  "plugin": ["solidity-argus"]
+}
+```
+
+Or install via npm/bun:
+
+```bash
+bun add solidity-argus
+```
+
+---
+
+## Quick Start
+
+1. Open a Solidity project in OpenCode
+2. Switch to the `@argus` agent
+3. Say: `"Audit the VaultContract.sol for security vulnerabilities"`
+
+Argus will automatically:
+- Analyze the contract structure
+- Run Slither (if available)
+- Search for known vulnerability patterns
+- Research historical exploits in similar protocols
+- Generate a full audit report
+
+---
+
+## Agents
+
+| Agent | Role | Model |
+|-------|------|-------|
+| `@argus` | Orchestrator — coordinates the full audit | claude-opus-4-6 |
+| `@sentinel` | Static analysis & testing specialist | claude-sonnet-4-6 |
+| `@pythia` | Vulnerability researcher | claude-sonnet-4-6 |
+| `@scribe` | Audit report writer | claude-sonnet-4-6 |
+
+### @argus — The Orchestrator
+Argus Panoptes is the lead auditor. It follows a 7-step methodology (Reconnaissance, Automated Scanning, Manual Review, Attack Surface Mapping, Vulnerability Research, Testing & Verification, Reporting) and delegates to Sentinel, Pythia, and Scribe as needed.
+
+### @sentinel — The Executor
+Runs Slither, writes and executes Foundry tests, performs fuzz testing. Your tactical executor for all dynamic and static analysis tasks.
+
+### @pythia — The Researcher
+Searches Solodit and SCVD for historical exploits, checks vulnerability pattern databases, and provides research context for similar protocols and known attack vectors.
+
+### @scribe — The Reporter
+Transforms raw findings into professional, structured markdown audit reports with severity classifications, impact assessments, and actionable recommendations.
+
+---
+
+## Tools
+
+| Tool | Agent | Description |
+|------|-------|-------------|
+| `argus_slither_analyze` | Sentinel | Runs Slither static analysis on Solidity contracts; detects reentrancy, uninitialized variables, unchecked returns, and more |
+| `argus_analyze_contract` | Sentinel | Generates a deep structural profile of a contract: functions, state variables, modifiers, inheritance tree |
+| `argus_check_patterns` | Sentinel, Pythia | Scans code against a library of complex vulnerability patterns (regex/AST-based) covering 35+ vulnerability classes |
+| `argus_solodit_search` | Pythia | Searches Solodit's database of real-world audit reports for similar protocols and historical findings |
+| `argus_forge_test` | Sentinel | Runs existing or newly written Foundry/Forge tests; essential for PoC verification |
+| `argus_forge_fuzz` | Sentinel | Fuzzes specific functions with random inputs to find edge cases and invariant violations |
+| `argus_generate_report` | Scribe | Generates the final structured audit report in professional markdown format |
+| `argus_sync_knowledge` | Argus | Syncs the local vulnerability database from SCVD (api.scvd.dev) |
+
+---
+
+## Knowledge Base
+
+The plugin ships with **55 curated SKILL.md files** organized into 5 categories:
+
+| Category | Files | Description |
+|----------|-------|-------------|
+| Vulnerability Patterns | 38 | Reentrancy, oracle manipulation, flash loans, access control, overflow/underflow, and 33 more |
+| Methodology | 3 | Audit workflow, report templates, severity classification |
+| Protocol Patterns | 5 | AMM/DEX, bridges, governance, lending, staking security guides |
+| Checklists | 6 | Cyfrin audit checklists (DeFi core, integrations, upgrades, gas, best practices) |
+| References | 2 | DeFi exploit reference index, SmartBugs vulnerable contract examples |
+
+**Sources:** Trail of Bits, Cyfrin, DeFiFoFum, kadenzipfel, SunWeb3Sec, smartbugs
+
+**SCVD Integration:** The plugin connects to [api.scvd.dev](https://api.scvd.dev) for 7,769+ real-world audit findings. Sync with `argus_sync_knowledge` or configure `knowledge.autoSync: true`.
+
+---
+
+## Configuration
+
+Create `.opencode/solidity-argus.jsonc` in your project root:
+
+```jsonc
+{
+  "agents": {
+    "argus": { "model": "anthropic/claude-opus-4-6" },
+    "sentinel": { "model": "anthropic/claude-sonnet-4-6" },
+    "pythia": { "model": "anthropic/claude-sonnet-4-6" },
+    "scribe": { "model": "anthropic/claude-sonnet-4-6" }
+  },
+
+  "tools": {
+    "slitherPath": "/usr/local/bin/slither",
+    "forgePath": "/usr/local/bin/forge"
+  },
+
+  "knowledge": {
+    "scvd": { "enabled": true, "apiUrl": "https://api.scvd.dev" },
+    "autoSync": true,
+    "customSkillsDir": "./my-custom-skills"
+  },
+
+  "reporting": {
+    "format": "markdown",
+    "severityThreshold": "low",
+    "gasAnalysis": false
+  },
+
+  "solodit": {
+    "enabled": true,
+    "port": 3000
+  },
+
+  "disabled_hooks": [],
+
+  "background": {
+    "max_concurrent": 3
+  }
+}
+```
+
+---
+
+## New in v2: Modular Architecture
+
+This release restructures solidity-argus into a modular factory-based architecture with several new infrastructure features:
+
+### CLI Tools
+
+Run diagnostics and setup from the command line:
+
+```bash
+# Check that Slither, Foundry, and SCVD are available
+argus doctor
+
+# Generate a starter .opencode/solidity-argus.jsonc config
+argus init
+
+# Install optional dependencies (Slither, Foundry)
+argus install
+```
+
+### Hook Enable/Disable
+
+Selectively disable any hook via config:
+
+```jsonc
+{
+  "disabled_hooks": ["context-monitor", "audit-enforcer"]
+}
+```
+
+### Multi-Level Configuration
+
+Config is resolved by merging three layers (last wins):
+
+1. **Defaults** — Built-in sensible defaults
+2. **User-level** — `~/.config/solidity-argus/config.jsonc`
+3. **Project-level** — `.opencode/solidity-argus.jsonc`
+
+### Background Agent Management
+
+Background tasks (knowledge sync, long-running analysis) are tracked with configurable concurrency limits and lifecycle callbacks:
+
+```jsonc
+{
+  "background": {
+    "max_concurrent": 3,
+    "cleanup_interval_ms": 60000
+  }
+}
+```
+
+### Persistent Audit State
+
+Audit progress survives session restarts. State is saved to `.opencode/argus-state.json` and automatically restored on next session.
+
+### Error Recovery
+
+Failed tool executions are captured with full context and automatically retried with exponential backoff when appropriate.
+
+### Context Window Monitoring
+
+Monitors token usage and adaptively reduces injection sizes when context pressure is high, preventing context window overflow during long audits.
+
+---
+
+## Companion Plugins
+
+- **Trail of Bits Skills** — Additional security research skills from Trail of Bits auditors
+- **Solodit MCP** — Direct MCP integration with Solodit's audit report database for richer vulnerability research
+
+---
+
+## Requirements
+
+| Dependency | Required | Notes |
+|------------|----------|-------|
+| OpenCode | ✅ Required | The AI coding environment this plugin runs in |
+| Bun | ✅ Required | `>=1.0.0` — runtime for the plugin |
+| Slither | ⚠️ Optional | Enables `argus_slither_analyze`. Install: `pip install slither-analyzer` |
+| Foundry/Forge | ⚠️ Optional | Enables `argus_forge_test` and `argus_forge_fuzz`. Install: `curl -L https://foundry.paradigm.xyz \| bash` |
+
+If Slither or Foundry are unavailable, Argus gracefully falls back to manual review mode and notes the limitation in the audit report.
+
+---
+
+## License
+
+MIT — see [LICENSE](./LICENSE) for details.

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "solidity-argus",
+  "version": "0.1.0",
+  "description": "Solidity smart contract security auditing plugin for OpenCode — 4 specialized agents, 8 tools, and a curated vulnerability knowledge base",
+  "keywords": ["solidity", "security", "audit", "opencode", "plugin", "smart-contract", "ethereum", "defi", "slither", "foundry"],
+  "author": "Apegurus",
+  "license": "MIT",
+  "type": "module",
+  "main": "./src/index.ts",
+  "module": "./src/index.ts",
+  "types": "./src/index.ts",
+  "exports": {
+    ".": "./src/index.ts",
+    "./package.json": "./package.json"
+  },
+  "bin": {
+    "argus": "./src/cli/index.ts"
+  },
+  "files": ["src/", "!src/**/*.test.ts", "skills/", "README.md", "AGENTS.md", "LICENSE"],
+  "scripts": {
+    "test": "bun test",
+    "typecheck": "tsc --noEmit",
+    "cli": "bun src/cli/index.ts",
+    "doctor": "bun src/cli/index.ts doctor",
+    "init": "bun src/cli/index.ts init"
+  },
+  "dependencies": {
+    "zod": "^4.3.6"
+  },
+  "peerDependencies": {
+    "@opencode-ai/plugin": "^1.2.6"
+  },
+  "devDependencies": {
+    "@opencode-ai/plugin": "^1.2.6",
+    "@types/bun": "^1.2.0",
+    "typescript": "^5"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Apegurus/solidity-argus"
+  },
+  "engines": { "bun": ">=1.0.0" }
+}

package/skills/INVENTORY.md

@@ -0,0 +1,79 @@
+# Argus Knowledge Base Inventory
+
+Generated: 2026-02-18
+Total SKILL.md files: 55
+
+## Vulnerability Patterns
+| File | Source(s) | Topic | Word Count |
+|------|-----------|-------|------------|
+| vulnerability-patterns/access-control/SKILL.md | DeFiFoFum, kadenzipfel | Access Control Exploits | 1018 |
+| vulnerability-patterns/arbitrary-storage-location/SKILL.md | kadenzipfel | Write to Arbitrary Storage Location | 309 |
+| vulnerability-patterns/assert-violation/SKILL.md | kadenzipfel | Assert Violation | 356 |
+| vulnerability-patterns/asserting-contract-from-code-size/SKILL.md | kadenzipfel | Asserting Contract from Code Size | 336 |
+| vulnerability-patterns/authorization-txorigin/SKILL.md | kadenzipfel | Authorization Through tx.origin | 266 |
+| vulnerability-patterns/default-visibility/SKILL.md | kadenzipfel | Default Visibility | 298 |
+| vulnerability-patterns/delegatecall-untrusted-callee/SKILL.md | kadenzipfel | Delegatecall to Untrusted Callee | 309 |
+| vulnerability-patterns/dos-gas-limit/SKILL.md | kadenzipfel | DoS with Block Gas Limit | 333 |
+| vulnerability-patterns/dos-revert/SKILL.md | kadenzipfel | DoS with (Unexpected) Revert | 408 |
+| vulnerability-patterns/flash-loan-attacks/SKILL.md | DeFiFoFum, kadenzipfel | Flash Loan Attack Exploits | 1000 |
+| vulnerability-patterns/floating-pragma/SKILL.md | kadenzipfel | Floating Pragma | 279 |
+| vulnerability-patterns/hash-collision/SKILL.md | kadenzipfel | Hash Collision with abi.encodePacked() | 318 |
+| vulnerability-patterns/inadherence-to-standards/SKILL.md | kadenzipfel | Inadherence to Standards | 361 |
+| vulnerability-patterns/incorrect-constructor/SKILL.md | kadenzipfel | Incorrect Constructor Name | 285 |
+| vulnerability-patterns/incorrect-inheritance-order/SKILL.md | kadenzipfel | Incorrect Inheritance Order | 289 |
+| vulnerability-patterns/insufficient-gas-griefing/SKILL.md | kadenzipfel | Insufficient Gas Griefing | 368 |
+| vulnerability-patterns/lack-of-precision/SKILL.md | kadenzipfel | Lack of Precision | 334 |
+| vulnerability-patterns/logic-errors/SKILL.md | DeFiFoFum, kadenzipfel | Logic Bug Exploits | 1192 |
+| vulnerability-patterns/missing-protection-signature-replay/SKILL.md | kadenzipfel | Missing Protection Against Signature Replay | 350 |
+| vulnerability-patterns/msgvalue-loop/SKILL.md | kadenzipfel | msg.value Reuse in Loops | 378 |
+| vulnerability-patterns/off-by-one/SKILL.md | kadenzipfel | Off-By-One Errors | 336 |
+| vulnerability-patterns/oracle-manipulation/SKILL.md | DeFiFoFum, kadenzipfel | Oracle Manipulation Exploits | 985 |
+| vulnerability-patterns/outdated-compiler-version/SKILL.md | kadenzipfel | Outdated Compiler Version | 327 |
+| vulnerability-patterns/overflow-underflow/SKILL.md | kadenzipfel | Integer Overflow and Underflow | 332 |
+| vulnerability-patterns/reentrancy/SKILL.md | DeFiFoFum, kadenzipfel | Reentrancy Exploits | 1034 |
+| vulnerability-patterns/shadowing-state-variables/SKILL.md | kadenzipfel | Shadowing State Variables | 363 |
+| vulnerability-patterns/signature-malleability/SKILL.md | kadenzipfel | Signature Malleability | 320 |
+| vulnerability-patterns/unbounded-return-data/SKILL.md | kadenzipfel | Unbounded Return Data | 359 |
+| vulnerability-patterns/unchecked-return-values/SKILL.md | kadenzipfel | Unchecked Return Values | 281 |
+| vulnerability-patterns/unencrypted-private-data-on-chain/SKILL.md | kadenzipfel | Unencrypted Private Data On-Chain | 330 |
+| vulnerability-patterns/unexpected-ecrecover-null-address/SKILL.md | kadenzipfel | Unexpected ecrecover Null Address | 324 |
+| vulnerability-patterns/uninitialized-storage-pointer/SKILL.md | kadenzipfel | Uninitialized Storage Pointer | 315 |
+| vulnerability-patterns/unsafe-low-level-call/SKILL.md | kadenzipfel | Unsafe Low-Level Call | 328 |
+| vulnerability-patterns/unsecure-signatures/SKILL.md | kadenzipfel | Unsecure Signatures | 441 |
+| vulnerability-patterns/unsupported-opcodes/SKILL.md | kadenzipfel | Unsupported Opcodes on EVM-Compatible Chains | 391 |
+| vulnerability-patterns/unused-variables/SKILL.md | kadenzipfel | Presence of Unused Variables | 333 |
+| vulnerability-patterns/use-of-deprecated-functions/SKILL.md | kadenzipfel | Use of Deprecated Functions | 323 |
+| vulnerability-patterns/weak-sources-randomness/SKILL.md | kadenzipfel | Weak Sources of Randomness from Chain Attributes | 377 |
+| vulnerability-patterns/weird-tokens/SKILL.md | DeFiFoFum | Weird ERC20 Tokens Reference | 852 |
+
+## Methodology
+| File | Source(s) | Topic | Word Count |
+|------|-----------|-------|------------|
+| methodology/audit-workflow/SKILL.md | DeFiFoFum | audit-workflow | 382 |
+| methodology/report-template/SKILL.md | DeFiFoFum | Audit Report Template | 481 |
+| methodology/severity-classification/SKILL.md | DeFiFoFum | Severity Classification Guide | 465 |
+
+## Protocol Patterns
+| File | Source(s) | Topic | Word Count |
+|------|-----------|-------|------------|
+| protocol-patterns/amm-dex/SKILL.md | DeFiFoFum | AMM (Automated Market Maker) Security Guide | 597 |
+| protocol-patterns/bridges-cross-chain/SKILL.md | DeFiFoFum | Cross-Chain Bridge Security Guide | 851 |
+| protocol-patterns/dao-governance/SKILL.md | DeFiFoFum | Governance Protocol Security Guide | 827 |
+| protocol-patterns/lending-borrowing/SKILL.md | DeFiFoFum | Lending Protocol Security Guide | 663 |
+| protocol-patterns/staking-vesting/SKILL.md | DeFiFoFum | Staking Protocol Security Guide | 698 |
+
+## Checklists
+| File | Source(s) | Topic | Word Count |
+|------|-----------|-------|------------|
+| checklists/cyfrin-best-practices-runtime/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Best Practices (Runtime & Cross-chain) | 4766 |
+| checklists/cyfrin-best-practices-upgrades/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Best Practices (Upgrades & Versioning) | 2269 |
+| checklists/cyfrin-defi-core/SKILL.md | Cyfrin | Cyfrin Audit Checklist — DeFi Security (Core) | 4555 |
+| checklists/cyfrin-defi-integrations/SKILL.md | Cyfrin | Cyfrin Audit Checklist — DeFi Security (Integrations & Tokens) | 4632 |
+| checklists/cyfrin-gas/SKILL.md | Cyfrin | Cyfrin Audit Checklist — Gas Optimization | 443 |
+| checklists/general-audit/SKILL.md | DeFiFoFum, Cyfrin | Solidity Audit Checklist | 2341 |
+
+## References
+| File | Source(s) | Topic | Word Count |
+|------|-----------|-------|------------|
+| references/exploit-reference/SKILL.md | SunWeb3Sec | DeFi Exploit Reference Index | 1133 |
+| references/smartbugs-examples/SKILL.md | smartbugs | SmartBugs Curated Dataset — Vulnerable Contract Examples | 3386 |

package/skills/README.md

@@ -0,0 +1,56 @@
+# Argus Knowledge Base
+
+The Argus knowledge base provides a structured collection of Solidity security patterns, audit methodologies, and protocol-specific security guides. OpenCode's skills system uses these files to provide context-aware security analysis and auditing assistance.
+
+## Architecture
+
+```
+OpenCode Skills System
+├── skills/ (bundled with plugin)
+│   ├── vulnerability-patterns/ (37 patterns from kadenzipfel + DeFiFoFum)
+│   ├── methodology/ (3 files from DeFiFoFum)
+│   ├── protocol-patterns/ (5 files from DeFiFoFum)
+│   ├── checklists/ (6 files from DeFiFoFum + Cyfrin)
+│   └── references/ (2 files: SmartBugs + DeFiHackLabs)
+├── SCVD Local Index (~/.cache/opencode-argus/scvd-index.json)
+│   └── 7,769+ findings, auto-synced from api.scvd.dev
+└── Companion Plugins (installed separately)
+    ├── Trail of Bits Skills (trailofbits/skills)
+    └── Solodit MCP (auto-registered by Argus)
+```
+
+## Source Attribution
+
+| Source | License | URL | What Was Imported |
+|--------|---------|-----|-------------------|
+| DeFiFoFum/fofum-solidity-skills | MIT | https://github.com/DeFiFoFum/fofum-solidity-skills | 15 SKILL.md files: methodology, vulnerability patterns, protocol patterns |
+| kadenzipfel/smart-contract-vulnerabilities | MIT | https://github.com/kadenzipfel/smart-contract-vulnerabilities | 37 vulnerability reference files with Detection Heuristics |
+| Cyfrin/audit-checklist | Unspecified (attributed) | https://github.com/Cyfrin/audit-checklist | 221 structured checklist items organized by category |
+| smartbugs/smartbugs-curated | Apache-2.0 | https://github.com/smartbugs/smartbugs-curated | 143 annotated vulnerable contract references |
+| SunWeb3Sec/DeFiHackLabs | Reference only | https://github.com/SunWeb3Sec/DeFiHackLabs | 15 exploit PoC GitHub URL references |
+| SCVD (api.scvd.dev) | CC0 | https://api.scvd.dev | 7,769+ findings via local index (auto-synced) |
+
+## SKILL.md Format Specification
+
+Contributors can add custom skills using this format:
+
+```yaml
+---
+name: topic-name          # Must match parent directory name
+description: One sentence description (1-1024 chars)
+---
+<!-- Source: Author/repo (License) -->
+
+# Topic Title
+
+## Overview
+...
+```
+
+## Custom Skills
+
+To add your own skills, use the `knowledge.customSkillsDir` configuration option in your `opencode-argus.jsonc` file. Point this to a directory containing your custom `SKILL.md` files organized into subdirectories.
+
+## Inventory
+
+See [INVENTORY.md](./INVENTORY.md) for a complete listing of all 55 SKILL.md files currently bundled with Argus.