From building-secure-contracts
Comprehensive smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations. (project, gitignored)
How this skill is triggered — by the user, by Claude, or both
Slash command
/building-secure-contracts:guidelines-advisorThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
I will systematically analyze your codebase and provide comprehensive guidance based on Trail of Bits' development guidelines. I'll help you:
I will systematically analyze your codebase and provide comprehensive guidance based on Trail of Bits' development guidelines. I'll help you:
Framework: Building Secure Contracts - Development Guidelines
I'll explore the codebase to understand:
I'll help create:
I'll analyze:
I'll assess:
I'll provide:
I analyze 11 comprehensive areas covering all aspects of smart contract development. For detailed criteria, best practices, and specific checks, see ASSESSMENT_AREAS.md.
Documentation & Specifications
On-Chain vs Off-Chain Computation
Upgradeability
Delegatecall Proxy Pattern
Function Composition
Inheritance
Events
Common Pitfalls
Dependencies
Testing & Verification
Platform-Specific Guidance
For complete details on each area including what I'll check, analyze, and recommend, see ASSESSMENT_AREAS.md.
When the analysis is complete, you'll receive comprehensive guidance covering:
For a complete example analysis report, see EXAMPLE_REPORT.md.
I provide four comprehensive deliverable categories:
For detailed templates and examples of each deliverable, see DELIVERABLES.md.
When invoked, I will:
Explore the codebase
Generate documentation
Analyze architecture
Review implementation
Provide recommendations
| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "System is simple, description covers everything" | Plain English descriptions miss security-critical details | Complete all 5 phases: documentation, architecture, implementation, dependencies, recommendations |
| "No upgrades detected, skip upgradeability section" | Upgradeability can be implicit (ownable patterns, delegatecall) | Search for proxy patterns, delegatecall, storage collisions before declaring N/A |
| "Not applicable" without verification | Premature scope reduction misses vulnerabilities | Verify with explicit codebase search before skipping any guideline section |
| "Architecture is straightforward, no analysis needed" | Obvious architectures have subtle trust boundaries | Analyze on-chain/off-chain distribution, access control flow, external dependencies |
| "Common pitfalls don't apply to this codebase" | Every codebase has common pitfalls | Systematically check all guideline pitfalls with grep/code search |
| "Tests exist, testing guideline is satisfied" | Test existence ≠ test quality | Check coverage, property-based tests, integration tests, failure cases |
| "I can provide generic best practices" | Generic advice isn't actionable | Provide project-specific findings with file:line references |
| "User knows what to improve from findings" | Findings without prioritization = no action plan | Generate prioritized improvement roadmap with specific next steps |
What I'll need:
Let's analyze your codebase and improve it using Trail of Bits' best practices!
npx claudepluginhub harekrishnarai/skills --plugin building-secure-contractsGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Enforces test-driven development: write failing test first, then minimal code to pass. Use when implementing features or bugfixes.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
9plugins reuse this skill
First indexed Jul 10, 2026
Showing the 6 earliest of 9 plugins