Blockchain
Web3, smart contracts, and specialized crypto tools.
aave-integration
This skill should be used when the user needs to interact with AAVE V3 protocol contracts directly, read on-chain data, get reserve configurations, fetch current APY rates, simulate position changes, or execute protocol operations programmatically. Provides low-level access to AAVE Pool contracts, UI Pool Data Provider, and quote generation for supply, borrow, repay, and withdraw operations on Ethereum and Arbitrum.
solana-security
Audit Solana programs (Anchor or native Rust) for security vulnerabilities. Use when reviewing smart contract security, finding exploits, analyzing attack vectors, performing security assessments, or when explicitly asked to audit, review security, check for bugs, or find vulnerabilities in Solana programs.
aave-planner
This skill should be used when the user asks to "supply to aave", "deposit to aave", "lend on aave", "borrow from aave", "take loan on aave", "repay aave loan", "pay back aave", "withdraw from aave", "remove collateral", "aave lending", "earn yield on aave", or mentions AAVE V3 operations including supply, borrow, repay, or withdraw on Ethereum or Arbitrum.
wallet-security-rules
Security rules for crypto wallet code - private key handling, signing operations, transaction safety, air-gap integrity, address validation. Auto-applies when editing security-sensitive code.
security-auditor
Security audit for crypto wallet code - key exposure analysis, signing flow integrity, input validation, Cold variant network isolation, dependency vulnerabilities. Auto-triggered when editing security-sensitive modules.
aave-security-foundations
Security baseline for AAVE integration and execution scripts. Use when user asks for AAVE security review, pre-trade checks, liquidation safety, allowance minimization, or execution hardening.
klytos-security-architecture
Security architecture and best practices for Klytos CMS. Use when dealing with authentication, encryption, access control, CSRF protection, rate limiting, security headers, HTTPS, or security hardening. Essential for secure development and understanding Klytos security model.
aave-viem-integration
Foundational EVM integration for AAVE-related scripts using viem. Use when user asks to read balances, read/write contracts, send transactions, or set up typed viem clients for Ethereum and Arbitrum.
infrahub-repo-auditor
Audit an Infrahub repository against all best practices and rules. Use when reviewing a project for compliance, onboarding to an existing repo, or before deployment to catch issues early.
virgil-encryption
Virgil E3Kitによるエンドツーエンド暗号化のベストプラクティス。E3Kit初期化、データ暗号化・復号化、グループ暗号化、鍵管理について。暗号化やE3Kitについて質問があるときに使用。
fetch-blocks
Use to fetch Ethereum mainnet blocks from an RPC URL and save them on a local directory. Use it to acquire blocks for later execution/proving.
execute-blocks
Use to execute Ethereum mainnet blocks from a local directory (dry run). Use it to execute downloaded blocks without proving.
aave-viem-integration
Foundational EVM integration for AAVE-related scripts using viem. Use when user asks to read balances, read/write contracts, send transactions, or set up typed viem clients for Ethereum and Arbitrum.
aztec-deployment
Use this skill when deploying Aztec smart contracts (not authoring them), including local-network and devnet deployment via aztec-wallet/Aztec.js, fee-payment setup, deterministic addresses, deployment verification, and contract registration workflows.
aztec-contracts
Use this skill when creating, editing, testing, debugging, or upgrading Aztec smart contracts in Noir/Aztec.nr, including storage modeling, private/public/utility functions, note delivery, authwit authorization, TestEnvironment tests, and artifact/codegen workflows.
cli-runtime
Internal execution contract for forwarding one tracked Claude Code rescue task through claude-companion.mjs.
task-prompt-shaping
Internal prompt-rewriting contract for tightening a rescue request before one forwarded Claude Code task call.
security
Security best practices for Electron and web applications. Use when implementing authentication, handling user input, managing secrets, or reviewing code for security. Triggers on security, auth, validation, sanitize, XSS, CSRF, injection, secrets, permissions.
deployment
Detects deployment cost inefficiencies in Solidity: factory patterns that deploy full contracts when ERC-1167 minimal proxies would suffice, non-payable admin functions with unnecessary ETH check overhead, dead code paths inflating bytecode, and opportunities for vanity addresses via CREATE2 for high-frequency contracts. Covers DP-001 (minimal proxy factories), DP-002 (payable admin functions), DP-003 (dead code removal), DP-004 (vanity addresses). Use when writing constructors, factory contracts, or reviewing bytecode size.
unchecked-arithmetic
Identifies arithmetic operations in Solidity where overflow or underflow is provably impossible and wraps them in unchecked {} blocks to eliminate Solidity 0.8+ overflow guard opcodes (~30 gas per operation). Covers UA-001 (general unchecked arithmetic with proven bounds) and UA-002 (post-comparison unchecked subtraction). Never recommends unchecked without explicit proof of safety. Use when reviewing bounded arithmetic or subtraction that follows a bounds check in Foundry-based Solidity 0.8+ projects.
compiler-optimizer
Analyzes foundry.toml optimizer configuration for Foundry-based Solidity projects. Detects suboptimal optimizer_runs settings relative to contract call frequency, missing via_ir flag for complex contracts, and outdated Solidity versions missing built-in optimizer gains. Covers CO-001 (optimizer_runs tuning), CO-002 (via_ir for Yul-level optimization), CO-003 (Solidity version selection for 0.8.22 auto-unchecked loops and 0.8.24 transient storage). Use when writing or reviewing foundry.toml or pragma declarations.
audit-unfair-liquidation
Audits Solidity liquidation mechanisms for unfair liquidation vulnerabilities including missing L2 sequencer grace periods, interest accumulation while paused, repayment paused while liquidation active, late interest/fee updates, lost positive PNL/yield during liquidation, unhealthier post-liquidation state from cherry-picking, corrupted collateral priority, borrower replacement misattribution, no LTV gap allowing immediate liquidation, interest during auctions, and no liquidation slippage protection (project)
