By solanabr
Solana + full-stack security auditor: 20 checklists / 1,346 items / 131 known-vectors, severity 1-10, scope-gated loading. A full audit-firm lifecycle (automated + interactive), executable PoC + fix-patch delivery, a Rust pre-scanner + cross-audit memory for token efficiency, native rigor gates (context reconstruction, false-positive validation, maturity scorecard), and orchestrated Trail of Bits execution tooling (SAST, fuzzing, coverage, mutation).
Flow B — AI-assisted iterative audit with a human in the loop. Same lifecycle as audit-cycle, but pauses at checkpoints to surface confirmed findings, the next-focus plan, and targeted questions only the human can answer (business context, trust model, severity calls). The human steers; the agent re-synthesizes toward the audit document.
Flow A — fully automated audit-firm lifecycle. Runs scope → context → tool-assisted first pass → domain-partitioned manual review → independent reconciliation → client report end-to-end, and delivers a professional audit report (MD + optional PDF). Audit-shaped automation, not a substitute for a human firm audit.
Aggregate audit checkpoints into the final report — executive summary, Scope Coverage, findings by severity, maturity scorecard, and remediation roadmap.
Full scope-gated security audit of a Solana / full-stack repository — discovery, context reconstruction, per-item checklist verdicts, false-positive validation, and a severity-ranked report.
Deep single-instruction / single-function security review using the instruction worksheet, context reconstruction, and adversarial exploit modeling.
Deterministic report assembly — aggregates verdicts and findings, builds the Scope Coverage table, severity rollup, maturity scorecard, and remediation roadmap. No code reasoning; keeps report generation cheap.
Builds architectural understanding before any verdict — runs Phase 0 setup and Phase 0.5 Context Reconstruction, producing the instruction matrix, state model, and per-function worksheets. Spawned first in a full audit.
Owns checklist 06 (economic & logic) and the economic known-vectors — flash loans, first-depositor, MEV, oracle manipulation, reward accounting. Drives economic simulation to quantify profitability.
Drafts a minimal idiomatic unified diff that closes exactly the cited bound, then verifies it by re-running the finding's PoC against a scratch worktree — the exploit must now revert. Optional mutation + blast-radius evidence. Emits [FIX-VERIFIED] / [FIX-INSUFFICIENT] / [FIX-PROPOSED]; never claims FIX-VERIFIED without an executed revert.
Independent reconciliation reviewer — the dual-review second pass. Takes the top-severity confirmed findings and re-derives each one from the code (not from the primary's write-up), reusing the context worksheets to avoid re-reconstruction. Emits CONFIRM / DISPUTE / DOWNGRADE per finding; a DISPUTE forces the finding back through Rule 5b or to [UNCONFIRMED]. Scoped to top-severity only to bound cost.
Uses power tools
Uses Bash, Write, or Edit tools
Runs pre-commands
Contains inline bash commands via ! syntax
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Production-grade security audit for any codebase, powered by AI agents. 20 checklists · 1,346 verification items · 131 known attack vectors · executable PoCs + fix patches A full audit-firm lifecycle (automated + interactive) · Benchmarked against CertiK, SOC 2, OWASP Top 10:2025 Verify COSTS.md as a referecence - Running this audit can burn a lot of credits.
auditor-skill is a skill file (a structured prompt + checklists) that turns any LLM agent (Copilot, Cursor, Windsurf, Claude Code, Codex, etc.) into a professional-grade security auditor. It reads your code file by file, checks 1,346 items across 20 security domains, tests against 131 real-world attack vectors, and produces a structured report with severity scores.
It is not a SaaS product. It's a folder of markdown files you clone into your repo or give to an AI agent.
Adaptation required before use. This skill was originally developed for a specific Solana/Anchor DeFi project and then generalized. Before running it on your project you must update
discovery/file-map.mdwith your actual folder structure, file names, and state variable names. The questionnaire inQUESTIONS.mdis a blank template — fill it out (or run/auditor:intake) for your project before invoking the auditor. Everything else (checklists, known vectors, output rules) is fully portable as-is.
/auditor:audit-cycle runs the whole engagement autonomously (intake → context → threat model → tool-assisted pass → domain-partitioned review → triage → independent peer review → synthesis) and hands back a professional client report. /auditor:audit-assist runs the same pipeline interactively, pausing at checkpoints for the calls only you can make./auditor:poc builds a runnable exploit (Mollusk / LiteSVM / Surfpool-fork / fuzz) that asserts the vulnerability, and /auditor:patch drafts a minimal fix and proves it reverts the exploit. Evidence is tiered ([PoC-REPRODUCED] … [PoC-PROSE]); prose is never dropped when a harness can't be built.audit-scan) enumerates the risky surface deterministically (~$0), cutting ~30-40% of input tokens on large programs. A cross-audit memory store (audit-mem) gives exact dedup, regression detection, and false-positive suppression across runs.| Guide | What's inside |
|---|---|
| docs/getting-started.md | Install, submodule init, build the Rust tools, run your first audit |
| docs/audit-flows.md | The lifecycle and when to use each flow (/audit, /audit-cycle, /audit-assist, /re-audit) |
| docs/commands.md | Reference for all 15 commands |
| docs/agents.md | The 8-agent roster and how they chain |
| docs/power-tools.md | audit-scan, audit-mem, Trail of Bits, Surfpool, PoC/patch harnesses |
| docs/poc-and-patches.md | Executable exploit + fix-patch delivery |
| docs/output-and-rigor.md | Severity, the Rule 5b gate, scope-gated loading, report format |
Core Solana dev kit: agents, workflow commands, go-to-market skills, MCP servers, and dev hooks. The full install (install.sh) additionally ships .claude/rules, the permissions/sandbox policy, and 18 ext/ submodules.
npx claudepluginhub solanabr/auditor-skillAI-powered smart contract security auditor with parallel hunt lanes, Devil's Advocate verification, static analysis (Slither, Aderyn), fuzz testing (Echidna, Medusa), symbolic execution (Halmos), Solodit intelligence, and interactive Map-Hunt-Attack methodology
The Solana Security Standard (SOL-0XX) in Claude Code: the scan_solana_code MCP tool + the full 52-rule guidance, plus a /scan command — by Jelleo.
Blue-team release-gate skill for smart contract systems. Classifies projects, reviews deployment and upgrade execution paths, inspects CI/CD and dependency trust boundaries, evaluates signer/admin operational security, and produces evidence-based release blockers, warnings, and release verdicts.
Audits Solidity codebases for smart contract vulnerabilities using a four-phase workflow covering 36 vulnerability classes.
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
Automated OWASP security checks — Web Top 10:2025, LLM Top 10:2025, API Security Top 10:2023