Security audit for crypto wallet code - key exposure analysis, signing flow integrity, input validation, Cold variant network isolation, dependency vulnerabilities. Auto-triggered when editing security-sensitive modules.
Security baseline for AAVE integration and execution scripts. Use when user asks for AAVE security review, pre-trade checks, liquidation safety, allowance minimization, or execution hardening.
Security architecture and best practices for Klytos CMS. Use when dealing with authentication, encryption, access control, CSRF protection, rate limiting, security headers, HTTPS, or security hardening. Essential for secure development and understanding Klytos security model.
Foundational EVM integration for AAVE-related scripts using viem. Use when user asks to read balances, read/write contracts, send transactions, or set up typed viem clients for Ethereum and Arbitrum.
Audit an Infrahub repository against all best practices and rules. Use when reviewing a project for compliance, onboarding to an existing repo, or before deployment to catch issues early.
Virgil E3Kitによるエンドツーエンド暗号化のベストプラクティス。E3Kit初期化、データ暗号化・復号化、グループ暗号化、鍵管理について。暗号化やE3Kitについて質問があるときに使用。
Use to fetch Ethereum mainnet blocks from an RPC URL and save them on a local directory. Use it to acquire blocks for later execution/proving.
Use to execute Ethereum mainnet blocks from a local directory (dry run). Use it to execute downloaded blocks without proving.
Foundational EVM integration for AAVE-related scripts using viem. Use when user asks to read balances, read/write contracts, send transactions, or set up typed viem clients for Ethereum and Arbitrum.
Use this skill when deploying Aztec smart contracts (not authoring them), including local-network and devnet deployment via aztec-wallet/Aztec.js, fee-payment setup, deterministic addresses, deployment verification, and contract registration workflows.
Use this skill when creating, editing, testing, debugging, or upgrading Aztec smart contracts in Noir/Aztec.nr, including storage modeling, private/public/utility functions, note delivery, authwit authorization, TestEnvironment tests, and artifact/codegen workflows.
Internal execution contract for forwarding one tracked Claude Code rescue task through claude-companion.mjs.
Internal prompt-rewriting contract for tightening a rescue request before one forwarded Claude Code task call.
Security best practices for Electron and web applications. Use when implementing authentication, handling user input, managing secrets, or reviewing code for security. Triggers on security, auth, validation, sanitize, XSS, CSRF, injection, secrets, permissions.
Detects deployment cost inefficiencies in Solidity: factory patterns that deploy full contracts when ERC-1167 minimal proxies would suffice, non-payable admin functions with unnecessary ETH check overhead, dead code paths inflating bytecode, and opportunities for vanity addresses via CREATE2 for high-frequency contracts. Covers DP-001 (minimal proxy factories), DP-002 (payable admin functions), DP-003 (dead code removal), DP-004 (vanity addresses). Use when writing constructors, factory contracts, or reviewing bytecode size.
Identifies arithmetic operations in Solidity where overflow or underflow is provably impossible and wraps them in unchecked {} blocks to eliminate Solidity 0.8+ overflow guard opcodes (~30 gas per operation). Covers UA-001 (general unchecked arithmetic with proven bounds) and UA-002 (post-comparison unchecked subtraction). Never recommends unchecked without explicit proof of safety. Use when reviewing bounded arithmetic or subtraction that follows a bounds check in Foundry-based Solidity 0.8+ projects.
Analyzes foundry.toml optimizer configuration for Foundry-based Solidity projects. Detects suboptimal optimizer_runs settings relative to contract call frequency, missing via_ir flag for complex contracts, and outdated Solidity versions missing built-in optimizer gains. Covers CO-001 (optimizer_runs tuning), CO-002 (via_ir for Yul-level optimization), CO-003 (Solidity version selection for 0.8.22 auto-unchecked loops and 0.8.24 transient storage). Use when writing or reviewing foundry.toml or pragma declarations.
Audits Solidity liquidation mechanisms for unfair liquidation vulnerabilities including missing L2 sequencer grace periods, interest accumulation while paused, repayment paused while liquidation active, late interest/fee updates, lost positive PNL/yield during liquidation, unhealthier post-liquidation state from cherry-picking, corrupted collateral priority, borrower replacement misattribution, no LTV gap allowing immediate liquidation, interest during auctions, and no liquidation slippage protection (project)
Audits Solidity smart contracts for state validation vulnerabilities including unchecked 2-step ownership transfers allowing address(0) bricking, functions accepting unexpected matching or empty inputs bypassing validation, unchecked return values causing silent failures, non-existent ID manipulation corrupting state, missing access control on critical functions, inconsistent array length validation, and improper pause mechanism implementation
Audits Solidity staking and reward protocols for vulnerabilities including front-running first deposit to steal initial rewards, reward dilution via direct transfers, precision loss in reward calculations causing rounding to zero, flash deposit/withdraw griefing diluting rewards, update not called after reward distribution causing stale index, and balance caching issues during claims (project)
Audits Solidity DEX integrations and smart contracts for slippage vulnerabilities enabling sandwich attacks including zero/missing minAmountOut parameters, block.timestamp or missing deadlines, on-chain slippage calculation via manipulable quoters, multi-hop swaps without final output protection, decimal precision mismatches between token pairs, hard-coded slippage preventing withdrawals during volatility, and fixed fee tier assumptions breaking when liquidity migrates
Detects all require() with string messages and revert("string") calls in Solidity contracts and converts them to custom errors. Never allows string-based reverts to pass without flagging. Covers CE-001 (require with string → custom error), CE-002 (revert string → custom error), CE-003 (parameterless errors that should include typed context). Use when writing or reviewing any revert logic in Foundry-based Solidity 0.8.4+ projects.
Audits Solidity smart contracts for signature-related vulnerabilities including missing nonce replay protection allowing signatures to be reused after state changes, cross-chain replay attacks without chain_id validation, missing critical parameters in signed messages enabling manipulation, signatures without expiration timestamps granting lifetime access, unchecked ecrecover return values allowing invalid signatures, and signature malleability via elliptic curve symmetry
