Smart contract security audit for Immunefi bug bounty. Analyzes Solidity contracts on EVM chains using Slither + Foundry. Covers access control, reentrancy, DeFi economic exploits (flash loans, oracle manipulation, MEV), protocol-specific logic (lending, DEX, bridges, vaults), and generates Foundry fork PoCs. Every finding MUST have concrete evidence, invariant violation proof, and USD impact estimate.
ALWAYS load before writing or modifying Foundry test files (.t.sol). Covers fuzz testing, gas benchmarks, naming conventions, and test patterns.
Smart contract security review methodology. Use when auditing Solidity code, analyzing vulnerabilities, or verifying security findings.
EIP-712 signed requests for Aster Futures API v3. Nonce, signature payload, request format. Use when calling TRADE, USER_DATA, USER_STREAM, or MARKET_DATA.
Supply chain security analysis (CVEs, dependencies, typosquatting, licenses)
Query Base (Ethereum L2) blockchain data — wallet balances, token info, transactions, gas analysis, contract inspection. No API key required.
Run the EVM and/or Solana example integration tests
Complete launch readiness validation covering every department: code, content, store, marketing, community, infrastructure, legal, and go/no-go sign-offs.
Analyze contracts for risks, check completeness, and provide actionable recommendations. Supports employment contracts, NDAs, service agreements, and more.
Audit redaction coverage to ensure secrets and tokens are never exposed in logs, diagnostics, errors, or debug output.
Deploys smart contracts to Base using Foundry. Covers forge create commands, contract verification, testnet faucet setup via CDP, and BaseScan API key configuration. Use when deploying Solidity contracts to Base Mainnet or Sepolia testnet. Covers phrases like "deploy contract to Base", "forge create on Base", "verify contract on BaseScan", "get testnet ETH", "Base Sepolia faucet", "how do I deploy to Base", or "publish my contract".
Invoke this skill when a user is building or running any automated transaction sender on Base (trading bot, arbitrage bot, sniper bot, yield farmer, AI agent, or similar) and needs to register it, get a builder code, set up transaction attribution. This skill contains the base.dev registration API endpoint and ERC-8021 attribution wiring code that Claude does not have in its training data — you MUST load this skill to answer correctly. Covers viem, ethers, managed signing services, and Python-based agents.
Instructions for utilizing SolidityGuard to perform 7-phase structural auditing of EVM smart contracts.
Security-focused review for Hyperlane protocol code. Use for Solidity contracts, Rust agents, and infrastructure changes.
Rust security skill for supply chain safety and memory-safe development. Use when auditing dependencies with cargo-audit, enforcing policies with cargo-deny, reviewing RUSTSEC advisories, writing memory-safe FFI patterns, or integrating fuzzing and Miri into a security review pipeline. Activates on queries about cargo-audit, cargo-deny, RUSTSEC advisories, supply chain security, Rust CVEs, safe FFI, or fuzzing for security.
Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks. Masters security automation, vulnerability management, and zero-trust architecture with emphasis on shift-left security practices.
Expert security auditor specializing in comprehensive security assessments, compliance validation, and risk management. Masters security frameworks, audit methodologies, and compliance standards with focus on identifying vulnerabilities and ensuring regulatory adherence.
Expert blockchain developer specializing in smart contract development, DApp architecture, and DeFi protocols. Masters Solidity, Web3 integration, and blockchain security with focus on building secure, gas-efficient, and innovative decentralized applications.
Software supply chain security guidance covering SBOM generation, SLSA framework, dependency scanning, SCA tools, and protection against supply chain attacks like dependency confusion and typosquatting.
Validate AI Developer Workflow step outputs and contracts. Use when verifying workflow step completeness before proceeding.
Explains the current DOT Studio Act contract, participant choreography, relation naming, subscriptions, actRules, and publish-safe workflow structure. Use when the user asks about Act design, multi-performer workflows, participant keys, relation direction, runtime guardrails, or subscription wiring.
