Read on-chain state in MultiversX smart contracts. Use when accessing caller info, account balances, block timestamps, ESDT token metadata, local roles, code metadata, or any data from self.blockchain().
Gas-optimized cache patterns for MultiversX smart contracts using Drop-based write-back caches. Use when building contracts that read/write multiple storage values per transaction, DeFi protocols, or any gas-sensitive contract.
Validates smart contract audit findings against platform-specific judging criteria. Predicts acceptance likelihood, scores quality, flags automatic invalidators, and generates a detailed Validation-Report.md. Use when asked to validate, score, or predict acceptance of audit findings, bug reports, or security research writeups before submission. Supports Code4rena, Sherlock, Cantina, HackenProof, and generic criteria.
Comprehensive code analysis toolkit for MultiversX smart contracts. Covers differential review (version comparison, upgrade safety), fix verification (validate patches, regression testing), and variant analysis (find similar bugs across codebase). Use when reviewing PRs, verifying security patches, or hunting for bug variants.
Verify cryptographic operations execute in constant time to prevent timing attacks. Use when auditing custom crypto implementations, secret comparisons, or security-sensitive algorithms in smart contracts.
Perform Codex-style full-repository review for Gait (not PR-limited), with severity-ranked findings focused on regressions, fail-closed safety, determinism, portability, and docs/CLI contract correctness.
Audit project dependencies with verifiable security assertions
Use when designing the evaluation protocol for a method development project — locks primary metrics, datasets, seeds, statistical tests, and baseline list into an immutable contract
Complete Drift Protocol SDK for building perpetual futures, spot trading, and DeFi applications on Solana. Use when building trading bots, integrating Drift markets, managing positions, or working with vaults.
Write, test, and deploy Compact smart contracts for Midnight. Use when writing privacy-preserving contracts, ZK circuits, shielded tokens, or any on-chain Midnight code. Triggers on: Midnight, Compact, smart contract, zero-knowledge, ZK, shielded, circuit, witness, ledger, proof server, DUST, NIGHT, disclose, Zswap. Covers Compact language syntax, privacy model, circuit patterns, testing, security best practices, SDK integration, and wallet connectivity.
Use when designing, reviewing, or debugging Apex execution context, sharing keywords, CRUD/FLS enforcement, system-vs-user mode behavior, or secure write patterns. Triggers: 'with sharing', 'inherited sharing', 'stripInaccessible', 'AuraEnabled security', 'CRUD FLS'. NOT for SOQL injection review alone — use apex/soql-security for query-specific hardening.
Deploy smart contracts on Abstract using Foundry (default) or Hardhat. Covers zksolc compilation, deployment, Abscan verification, and testnet faucets for the Abstract Ethereum L2. This skill should be used when deploying or compiling contracts on Abstract, using forge/foundry-zksync, forge build --zksync, forge create --zksync, anvil-zksync, verifying on Abscan, or working with the zkSync compiler on Abstract.
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.
Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets. (project, gitignored)
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing. Use when auditing Solana/Anchor programs. (project, gitignored)
Universal contractual development mode enforcer. Reads project-specific rules from CLAUDE.md dynamically. Activate for any project requiring verified claims, security checks, evidence-based recommendations, or strict development standards. Triggers: /c-framework, /cf, "modo contractual", "verify code", "enforce rules", "contract mode". Works with any stack (Node, Python, Go, etc.) and any project type (API, SaaS, CLI, web-app).
Use when building applications on the Hedera network, creating accounts and tokens, deploying smart contracts, submitting transactions, querying network data, or working with consensus services. Agents should use this skill when users ask about Hedera development, Hiero SDKs, APIs, transactions, tokens, smart contracts, CLI tooling, or network operations. Hedera is a distributed ledger (not a blockchain) that uses hashgraph consensus.
Atomic lend-execute-verify pattern — reentrancy guards, shard validation, endpoint checks.
Factory pattern for deploying and managing child contracts from a template.
Identify and analyze MultiversX Smart Contract entry points (#[endpoint],
Read another contract's storage directly using storage_mapper_from_address for same-shard contracts.
Envelope encryption patterns with X25519 for agent memories. Use when implementing key generation, DEK management, encrypting/decrypting records, key rotation, or sharing encrypted data between agents. Triggers on encryption, X25519, DEK, envelope encryption, key exchange, crypto.
Make contract-driven agents safe to change with strict validation, architecture docs, and contract diffs in CI.
Ed25519 是一种使用 Edwards 曲线 Curve25519 的高性能数字签名算法。它以 64 字节签名和 32 字节密钥提供 128 位安全性,相比 RSA 和 ECDSA 具有显著优势,包括确定性签名(无需随机 nonce)、抗侧信道攻击以及快速验证。
