Stats
Actions
Tags
From grimoire
Drafts structured security findings from vulnerability observations using grimoire conventions and familiar agent triage context. Guides title construction, severity estimation, and section drafting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/grimoire:finding-draftThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Draft structured security findings from vulnerability observations.
Draft structured security findings from vulnerability observations.
Before starting, read skills/finding/SKILL.md to understand finding structure, best
practices, and conventions. That skill defines the format, frontmatter schema, severity
scale, and key principles that this workflow applies.
When this skill is activated, create a todo list from the following steps. Mark each task in_progress before starting it and completed when done.
- [ ] 0. Load finding knowledge (read skills/finding/SKILL.md)
- [ ] 1. Gather context
- [ ] 2. Construct title
- [ ] 3. Estimate severity and classify type
- [ ] 4. Draft sections
- [ ] 5. Write finding file
- [ ] 6. Suggest follow-ups
Read skills/finding/SKILL.md to internalize finding structure, best practices, and
conventions. This is required before proceeding — the base skill defines the format you
will produce.
Verify the workspace:
GRIMOIRE.md in the project root. If absent, suggest running [[summon]] first.grimoire/findings/ exists. Create it if not.Gather vulnerability context:
Possibly By Design, surface the familiar's
yes/no question to the user before drafting — the answer may change whether there
is a finding to draft at all),@reference.Check in with the user before continuing.
Build the title following the where / how / what rule from the finding skill.
Present the candidate title to the user for confirmation.
Severity — propose one of: Critical, High, Medium, Low, Informational. Provide a one-sentence justification. Use the severity scale from the finding skill. If the familiar produced an Adjusted Severity, use that as your starting point and only deviate with explicit justification.
Type — classify the flaw. Consult skills/finding/references/finding-format.md for the
recommended type taxonomy.
Context — list the affected source files with optional line numbers for the context
frontmatter field.
Present severity, type, and context to the user for confirmation.
Write each section following the format from the finding skill and the detailed guidelines
in skills/finding/references/finding-best-practices.md:
## Description (mandatory) — 2-4 self-contained paragraphs covering component, flaw, preconditions, and impact. If the familiar produced a feasibility predicate or prerequisite table, the finding's preconditions should match it (or explicitly differ, with reasoning). The minimum attacker class from the familiar's Feasibility section should be stated here verbatim.
## Details (optional) — only when the mechanism is non-obvious or multi-step.
## Proof of Concept — @path/to/poc-file if one exists, placeholder otherwise.
## Recommendation (mandatory) — objective fix direction. Never non-trivial code changes.
## References (optional) — numbered citations. Use the librarian agent to discover relevant references — prior audit findings, specification clauses, and vulnerability database entries related to the flaw.
Consult skills/finding/examples/reentrancy-finding.md for a complete finding and
skills/finding/examples/access-control-finding.md for a minimal valid finding.
Present the drafted content to the user for review before writing the file.
Determine the target directory:
grimoire/findings/ for manual audit research (default)grimoire/sigil-findings/ for automated tooling or sigil agentsGenerate the filename per the filing conventions in the finding skill.
Write the complete finding file with frontmatter and all sections.
Validate by running:
bash skills/finding/scripts/validate-finding.sh <path-to-finding>
If validation fails, fix the issues and re-validate.
Based on the finding:
/finding-dedupnpx claudepluginhub joranhonig/grimoireGuides writing structured security findings with title conventions, sections, and severity classification. Helps format standalone vulnerability reports.
Generates Markdown audit reports for confirmed smart contract vulnerabilities, including impact, code snippets, and fixes; writes to findings/ files for submission.
Triages a single security finding to a defensible disposition with mitigation, false positive, or accepted-risk writeup. Use for scanner, audit, or advisory results needing a decision.