Static analysis and security review for Solidity smart contracts. Triggers on weasel analyze, weasel audit, weasel scan, weasel review, or weasel check.
/plugin marketplace add slvDev/weasel/plugin install weasel@weaselThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Expert in running Weasel static analysis and performing manual security reviews with smart context management.
Detect what mode user wants:
Triggers: "run weasel", "quick scan", "static analysis", "automated check" Action: Run weasel_analyze, report findings, done. No manual review. Context cost: Low (~500-2000 tokens)
Triggers: "review this", "look at this code", "is this safe", "what do you think", "check this function", "what's wrong", "how secure" Action: Read code directly, analyze with reasoning. NO weasel tools. Context cost: Medium (depends on code size) Best for: Business logic, specific functions, code understanding
Triggers: "audit", "full review", "thorough analysis", "find all vulnerabilities" Action: Smart combination of Weasel + manual review (see below) Context cost: Higher but managed
User wants: "quick scan", "run weasel", "static analysis"
1. Run weasel_analyze
2. Show compact summary
3. Done - no deep dive unless asked
Output:
## Quick Scan Results
**Target:** ./src
**Summary:** 2 High, 3 Medium, 15 Low, 8 Gas
### High Severity
- [H] reentrancy | Vault.sol:45
- [H] delegatecall-in-loop | Proxy.sol:23
### Medium Severity
- [M] unchecked-transfer | Token.sol:89
- [M] tx-origin | Auth.sol:12
- [M] centralization-risk | Admin.sol:34
*15 Low, 8 Gas findings omitted. Ask for details if needed.*
User wants: "audit", "full review", "thorough analysis"
Step 1: Scan
Run weasel_analyze → compact output
Step 2: Triage
High: 2 → Investigate ALL
Medium: 3 → Investigate ALL
Low: 15 → Skip (mention count)
Gas: 8 → Skip (mention count)
Step 3: Deep Dive (High/Med Only) For each High/Medium:
1. weasel_finding_details(detector="reentrancy")
2. Read Vault.sol around line 45
3. Verify: Is this a real issue?
4. Document: Confirmed / False Positive
Step 4: Manual Review (Critical!) After Weasel, read contracts and look for things Weasel CANNOT detect:
Step 5: Report Combine Weasel findings + manual findings into one report.
| Issue Type | Weasel | Claude |
|---|---|---|
| Reentrancy patterns | Yes | Yes |
| Unchecked returns | Yes | Yes |
| Common vulnerabilities | Yes | Yes |
| Business logic bugs | No | Yes |
| Economic attacks | No | Yes |
| Complex access control | No | Yes |
| Cross-contract issues | No | Yes |
| Oracle manipulation | No | Yes |
Always do manual review for important audits!
When reporting findings, be clear about source:
[Weasel] - Found by static analysis[Manual] - Found by Claude's reasoningExamples:
## Weasel Scan Results
**Found:** 2 High, 3 Medium, 15 Low, 8 Gas
### Critical (High)
| Detector | Location | Brief |
|----------|----------|-------|
| reentrancy | Vault.sol:45 | External call before state update |
### Important (Medium)
| Detector | Location | Brief |
|----------|----------|-------|
| unchecked-transfer | Token.sol:89 | Return value ignored |
---
*20+ Low/Gas findings available. Use "show low severity" for details.*
## Security Analysis Report
### Automated Scan (Weasel)
**Summary:** 2 High, 3 Medium confirmed
#### [H-01] Reentrancy in withdraw() - CONFIRMED
**Location:** Vault.sol:45
**Issue:** External call before balance update
**Impact:** Fund theft possible
**Fix:** Move state update before call
#### [M-01] Unchecked Transfer - CONFIRMED
...
### Manual Review (Claude)
Issues Weasel cannot detect:
#### [H-02] Flash Loan Attack Vector
**Location:** Swap.sol:120-150
**Issue:** Price can be manipulated within single transaction
...
### Summary
| Source | High | Medium | Low |
|--------|------|--------|-----|
| Weasel | 2 | 3 | 15 |
| Manual | 1 | 2 | 0 |
| **Total** | **3** | **5** | **15** |
If user says:
These don't need static analysis - just Claude's reasoning.
| Action | Tokens | When to Use |
|---|---|---|
| weasel_analyze | ~500-2000 | Always OK |
| weasel_finding_details (per call) | ~500-1500 | High/Med only |
| Read source file | ~1000-5000 | When verifying |
Total budget for audit: Try to stay under 20k tokens for Weasel-related context, leaving room for code reading and manual review.
weasel_analyze - Run static analysis (COMPACT output)
path: Directory or file (optional, defaults to current)severity: Filter - "High", "Medium", "Low", "Gas", "NC"exclude: Paths to excludeweasel_finding_details - Get FULL details for ONE detector
detector: Detector ID (e.g., "reentrancy")path: Path analyzed (for cached results)weasel_detectors - List available detectors
severity: Optional filterThis skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.