Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.
Scans Cosmos SDK blockchains for 9 consensus-critical vulnerabilities including non-determinism, incorrect signers, ABCI panics, and rounding errors. Use when auditing Cosmos chains or CosmWasm contracts. (project, gitignored)
Comprehensive smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations. (project, gitignored)
Patterns to follow for implementing transaction hooks with tracking. Use when implementing new features interacting with EVM contracts, signing transactions, permit... etc.
Build and harden Amy's Echo backend APIs using Express 5 and Zod contracts. Use when adding or modifying server routes, middleware, request validation, auth/profile checks, error handling, and response-shape guarantees.
Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection
Multi-pass Solidity security review. Activates on: review, audit, check, scan, or any security analysis of .sol files. Does NOT activate on: writing code, creating contracts, implementing features, writing tests, fixing bugs, or answering Solidity questions — Claude handles those natively.
Use when the user wants a contract-first implementation workflow, asks to define correctness before coding, wants multi-stage execution with verification and audit, or needs a proof-style artifact for a code change. Codex should run a CONTRACT -> EXECUTE -> AUDIT -> PACK pipeline.
Use when Codex should operate MedAutoScience through its stable runtime, controller, overlay, and workspace contracts instead of ad-hoc scripts.
Defense-in-depth security across Rust, TypeScript, and Bash for the Pump SDK — cryptographic key handling, memory zeroization, secure file I/O, input validation, privilege management, dependency auditing, and a 60+ item security checklist.
Full smart contract security audit. Trigger on "audit", "audit this contract", "check this contract", "scan for vulnerabilities", "find bugs", "security review".
Use when creating a new Amplifier module (tool, hook, orchestrator, context, or provider). Covers the mount() contract, protocol compliance validation, placeholder patterns, and the module directory structure. Prevents the common mistake of creating no-op mount() stubs that fail protocol_compliance validation.
Compile, deploy, simulate, and verify Solidity smart contracts with OpenZeppelin support.
Document risks for changes touching auth, data, or migrations. Lists top risks, how to test/monitor them, and rollback strategy.
Auto-loaded by cross-chain-auditor agent during Phase 2. Provides detection patterns for: missing source chain/address validation, replay attacks, message ordering, chain-specific code, finality assumptions. Core artifact: Cross-Chain Message Flow diagram.
Auto-loaded by defi-auditor agent during Phase 2 when analyzing ERC4626 vaults. Provides patterns for: share/asset conversion, inflation attack mitigations, rounding direction rules, donation attacks. Critical: first depositor attack, virtual shares offset, dead shares burning.
Auto-loaded by logic-auditor agent during Phase 2. Provides detection patterns for: missing zero checks, address validation, array bounds, parameter constraints, calldata validation, encoding issues. Core artifact: Input Validation Matrix.
Auto-loaded by reentrancy-auditor agent during Phase 2 for state sync analysis. Framework: "When can state become inconsistent? How can that gap be exploited?" Identifies state inconsistency windows during external calls, CEI violations, read-only reentrancy, cross-contract state manipulation.
Auto-loaded by cross-chain-auditor agent during Phase 2 when LayerZero is detected. Provides patterns for: OApp security (peer validation), OFT tokens (slippage), compose message validation, gas options. Critical: missing peer check, wrong peer encoding, no compose validation, insufficient executor gas.
A specialized RAG agent for auditing Smart Contracts and Web3 documentation with line-level citation precision.
