From building-secure-contracts
Comprehensive smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations. (project, gitignored)
How this skill is triggered — by the user, by Claude, or both
Slash command
/building-secure-contracts:guidelines-advisorThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
I will systematically analyze your codebase and provide comprehensive guidance based on Trail of Bits' development guidelines. I'll help you:
I will systematically analyze your codebase and provide comprehensive guidance based on Trail of Bits' development guidelines. I'll help you:
Framework: Building Secure Contracts - Development Guidelines
I'll explore the codebase to understand:
I'll help create:
I'll analyze:
I'll assess:
I'll provide:
I analyze 11 comprehensive areas covering all aspects of smart contract development. For detailed criteria, best practices, and specific checks, see ASSESSMENT_AREAS.md.
Documentation & Specifications
On-Chain vs Off-Chain Computation
Upgradeability
Delegatecall Proxy Pattern
Function Composition
Inheritance
Events
Common Pitfalls
Dependencies
Testing & Verification
Platform-Specific Guidance
For complete details on each area including what I'll check, analyze, and recommend, see ASSESSMENT_AREAS.md.
When the analysis is complete, you'll receive comprehensive guidance covering:
For a complete example analysis report, see EXAMPLE_REPORT.md.
I provide four comprehensive deliverable categories:
For detailed templates and examples of each deliverable, see DELIVERABLES.md.
When invoked, I will:
Explore the codebase
Generate documentation
Analyze architecture
Review implementation
Provide recommendations
| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "System is simple, description covers everything" | Plain English descriptions miss security-critical details | Complete all 5 phases: documentation, architecture, implementation, dependencies, recommendations |
| "No upgrades detected, skip upgradeability section" | Upgradeability can be implicit (ownable patterns, delegatecall) | Search for proxy patterns, delegatecall, storage collisions before declaring N/A |
| "Not applicable" without verification | Premature scope reduction misses vulnerabilities | Verify with explicit codebase search before skipping any guideline section |
| "Architecture is straightforward, no analysis needed" | Obvious architectures have subtle trust boundaries | Analyze on-chain/off-chain distribution, access control flow, external dependencies |
| "Common pitfalls don't apply to this codebase" | Every codebase has common pitfalls | Systematically check all guideline pitfalls with grep/code search |
| "Tests exist, testing guideline is satisfied" | Test existence ≠ test quality | Check coverage, property-based tests, integration tests, failure cases |
| "I can provide generic best practices" | Generic advice isn't actionable | Provide project-specific findings with file:line references |
| "User knows what to improve from findings" | Findings without prioritization = no action plan | Generate prioritized improvement roadmap with specific next steps |
What I'll need:
Let's analyze your codebase and improve it using Trail of Bits' best practices!
Guides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Enforces test-driven development: write failing test first, then minimal code to pass. Use when implementing features or bugfixes.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
6plugins reuse this skill
First indexed Jul 10, 2026
npx claudepluginhub vanhauser-thc/skills --plugin building-secure-contracts