By daothinh
Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework.
Smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations.
Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.
Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Claude Code and Codex Skills for Software Correctness
Formal verification, model checking, security auditing, proof repair, and benchmarking — as slash commands.
Install every plugin for Claude Code in one command:
npx skills add workersio/spec
Individual plugins can be selected during installation. Once installed, invoke any skill by name inside Claude Code:
/fuzzer Coverage-guided fuzzing with audit-driven harness design
/kani-proof Write bounded model checker proofs for Rust and Solana
/solana-audit Run a structured smart contract security audit
/axiom Verify and repair Lean 4 proofs
/skill-benchmark Benchmark a skill with controlled eval sessions
/workers-app-tester Pentest an Android app on a rooted device
/save Save the current session as a reusable agent
Claude and Codex support are included through repo-local metadata:
.claude-plugin/marketplace.json.agents/plugins/marketplace.jsonplugins/<name>/.codex-plugin/plugin.jsonplugins/To use this repo as a repo-scoped Codex marketplace:
.agents/plugins/marketplace.json can resolve ./plugins/<name> relative to the repo root.codex, then /plugins, open the workersio marketplace, and install the plugins you want.Claude-source plugin ports are now managed from the root repo through:
plugins/catalog.json — root inventory for existing plugins and vendored Claude-source portsscripts/sync-root-plugins.mjs — copies skills/plugins/<name> into root plugins/<name> and generates manifestsscripts/validate-root-plugins.mjs — validates manifest parity, marketplace drift, and SKILL.md relative links.codex-port/preserve-paths.json inside any copied plugin — opt-in list of root-only files to restore after re-sync when a plugin gets Codex-specific adaptationsCurrent port policy:
plugins/ but blocked from the Codex marketplace until their hook/MCP/task-specific behavior is portedfp-check, gh-cli, git-cleanup, modern-python, second-opinion, skill-improver, static-analysis, workflow-skill-design, zeroize-auditIf you want the plugins available user-wide and automatically synced to this repo, use the PowerShell installer:
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode install
Useful commands:
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode status
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode uninstall
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode install -Force
-Force backs up conflicting user-level paths to *.backup-YYYYMMDD-HHMMSS before replacing them with junctions.
What it creates:
%USERPROFILE%\.codex\.agents\plugins -> junction to this repo's .agents\plugins%USERPROFILE%\.codex\plugins\<plugin-name> -> junctions to this repo's plugins\<plugin-name>Why this layout:
.codex home-Mode installFor dry runs or custom targets, override the Codex home:
Convert sessions into reusable agents
Structured Solana smart contract security audits
A comprehensive static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection.
Security-focused differential review of code changes with git history analysis and blast radius estimation.
Write Kani bounded model checker proofs for Solana and Rust programs
npx claudepluginhub daothinh/spec-cdex --plugin building-secure-contractsHarness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications
Next.js development expertise with skills for App Router, Server Components, Route Handlers, Server Actions, and authentication patterns
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use