npx claudepluginhub austintgriffith/ethskills --plugin ethskillsThis skill uses the workspace's default tool permissions.
A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.
Orchestrates interactive Solidity smart contract security audits using Map-Hunt-Attack methodology: static analysis (Slither, Aderyn), fuzzing (Echidna, Medusa, Halmos), verification, and reporting.
Analyzes smart contract codebases per Trail of Bits best practices: generates documentation/specs, reviews architecture, upgradeability patterns, implementation quality, pitfalls, dependencies, testing. Provides actionable recommendations.
Audits Cairo/Starknet smart contracts for security vulnerabilities. Discovers in-scope files, runs preflight scans, spawns agents, and merges findings into reports with default, deep, or file-specific modes.
Share bugs, ideas, or general feedback.
A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.
20 specialized skills covering every major vulnerability domain. Fetch the master index first:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
The master index contains:
All 20 skill checklists are at:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md
| Skill | When to Load |
|---|---|
evm-audit-general | Always |
evm-audit-precision-math | Always |
evm-audit-erc20 | Contract interacts with ERC20 tokens |
evm-audit-defi-amm | AMM, DEX, Uniswap V3/V4, liquidity pools |
evm-audit-defi-lending | Lending, borrowing, CDP, liquidations |
evm-audit-defi-staking | Staking, liquid staking, restaking, EigenLayer |
evm-audit-erc4626 | Vaults, share/asset conversion |
evm-audit-erc4337 | Account abstraction, paymasters, session keys |
evm-audit-bridges | Cross-chain, LayerZero, CCIP, Wormhole |
evm-audit-proxies | Upgradeable contracts, UUPS, Transparent, Diamond |
evm-audit-signatures | Off-chain signatures, EIP-712, permits |
evm-audit-governance | DAO voting, timelocks, multi-sig |
evm-audit-oracles | Chainlink, TWAP, Pyth, price feeds |
evm-audit-assembly | Inline assembly, Yul, CREATE2 |
evm-audit-chain-specific | Non-mainnet: Arbitrum, OP, zkSync, Blast, BSC |
evm-audit-flashloans | Flash loan attack vectors |
evm-audit-erc721 | NFTs, ERC721, ERC1155 |
evm-audit-dos | DoS, unbounded loops, gas griefing |
evm-audit-access-control | Ownership, roles, centralization risks |
findings-<skill>.mdAUDIT-REPORT.mdAudit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks