Set up a local Verdaccio environment to test EDR + Hardhat 3 + a third-party repo (e.g. openzeppelin-contracts). Builds EDR with a chosen Rust profile, publishes EDR and Hardhat packages to a local Verdaccio registry, and installs them in the target repo. Use when you need to test local EDR changes in a realistic npm-installed setup.
Use this skill whenever the user wants to write, scaffold, or build a Solana smart contract or program from scratch. Triggers on: "write a Solana program", "create a smart contract", "build an anchor program", "write a native Rust Solana program", "scaffold a Solana program", "help me write a program that does X on Solana", or any request to produce production-grade on-chain Solana code. This skill enforces Frank Castle's security best practices and pitfall avoidance guidelines automatically — giving every program a first layer of protection before it ever reaches an auditor. Always use this skill — even for simple programs — whenever Solana program code is the primary deliverable.
Sicherheit & DSGVO - Atoll Tourisme. Use when reviewing security, implementing auth, or hardening code.
Security - React Native Best Practices. Use when reviewing security, implementing auth, or hardening code.
Wrap the current audit agent session inside the Anthropic Sandbox Runtime (srt) before starting any security audit. Use this before invoking smart-contract-audit, infrastructure-audit, or any other audit skill on an untrusted codebase. Triggers include: start a sandboxed audit, run audit in sandbox, sandbox before auditing, protect my session during audit.
Update the unihan-etl dependency in cihai to the latest version with atomic, well-documented commits. This skill should be used when the user asks to "update unihan-etl", "bump unihan-etl", "upgrade unihan-etl", "check for unihan-etl updates", "update unihan-etl dependency", or mentions updating the unihan-etl dependency in cihai. Covers discovery, package bump, code adaptation, test updates, and CHANGES entries as separate commits.
This skill should be used when the user asks about "AIR", "algebraic intermediate representation", "ZK constraints", "trace design", "constraint soundness", "polynomial commitments", "FRI", "STARK", "lookup arguments", "permutation arguments", "memory consistency", "transition constraints", "boundary constraints", "vanishing polynomial", "quotient polynomial", "Fiat-Shamir", or needs expert-level cryptographic review of constraint systems.
Develop Cairo contracts for Eternum with strict TDD workflow - plan, test first, then implement
Comprehensive verification system for construction automation deliverables. Use after completing estimates, schedules, reports, or data processing tasks to ensure quality.
Docusaurus build health validation and deployment safety for Claude Skills showcase. Pre-commit MDX validation (Liquid syntax, angle brackets, prop mismatches), pre-build link checking, post-build health reports. Activate on 'build errors', 'commit hooks', 'deployment safety', 'site health', 'MDX validation'. NOT for general DevOps (use deployment-engineer), Kubernetes/cloud infrastructure (use kubernetes-architect), runtime monitoring (use observability-engineer), or non-Docusaurus projects.
Validates that a DAG node's output matches its declared JSON schema before passing to downstream nodes. The glue that makes multi-agent DAGs reliable. Use when checking output contract compliance, generating validation schemas from descriptions, or debugging contract mismatches between nodes. Activate on "validate output", "output contract", "schema validation", "contract mismatch", "output doesn't match". NOT for content quality assessment (use dag-quality), skill grading (use skill-grader), or general JSON schema work outside DAG context.
Best practices for Flutter mobile app security. Use when reviewing or writing code that handles secrets, user data, network communication, authentication, or cryptography. Covers static security concerns — not pen-testing or runtime analysis.
Comprehensive Solidity contract security scanner detecting 104 vulnerability patterns across reentrancy, access control, arithmetic, DeFi, proxy, and token categories. Integrates Slither, Aderyn, and Mythril with manual analysis.
Analyzes storage layout, proxy patterns, and state variable security in Solidity contracts. Detects storage collisions, uninitialized pointers, and upgrade risks. Use when auditing proxy/upgradeable contracts.
Validates Solidity implementation against specification documents. Extracts behavior from docs (README, specs, NatSpec) and verifies code matches documented intent. Uses Trail of Bits methodology for divergence detection.
Deep reentrancy vulnerability analysis for Solidity contracts. Covers single-function, cross-function, cross-contract, and read-only reentrancy. Maps all external call paths and validates CEI pattern compliance.
Analyzes Solidity contract entry points to map attack surface. Identifies all external/public functions, categorizes by privilege level, maps access control, and detects authorization patterns. Use as first step in any audit.
Analyzes DeFi-specific security patterns in Solidity contracts. Covers oracle manipulation, flash loan attacks, economic exploits, vault inflation, MEV, and protocol-specific vulnerabilities.
Comprehensive access control and authorization review for Solidity contracts. Checks ownership, role-based access, proxy authorization, centralization risks, and privilege escalation vulnerabilities.
Advanced Solidity/EVM smart contract security auditor with 104 vulnerability patterns, multi-tool integration, and professional report generation.
Validate API changes against an expected contract. Use when a mid-level developer needs to detect breaking changes.
Contract review assistant analyzing agreements against playbooks. GREEN/YELLOW/RED severity. Use when reviewing vendor contracts, SaaS agreements, service agreements, or generating redline suggestions.
Cross-cutting infrastructure security audit skill that checks cloud infrastructure, DNS, TLS, endpoints, access control, network security, containers, CI/CD pipelines, secrets management, logging, and physical security against ALL major compliance frameworks. Use for infrastructure audit, cloud security audit, infrastructure compliance, DNS security audit, TLS audit, endpoint security, access control audit, network security assessment, infrastructure security, cloud compliance, Vanta alternative, compliance automation, security posture assessment, hardware security keys, YubiKey compliance.
Smart contract vulnerability playbook. Use when auditing Solidity/EVM contracts for reentrancy, integer overflow, access control, delegatecall, flash loan, signature replay, and MEV-related attack patterns.
