Security Audit

Guides blockchain auditors through verifying that smart contract code implements exactly what specification documents describe. Uses a 6-phase methodology with intermediate representations to systematically compare whitepapers and design docs against actual code implementation, identifying gaps, mismatches, and undocumented behavior.

Entry Point Analyzer is a security auditing skill for smart contracts. It systematically identifies all state-changing entry points (externally callable functions that modify state) in smart contract codebases across Solidity, Vyper, Solana, Move, TON, and CosmWasm. The skill classifies each entry point by access control level and generates structured audit reports to guide security analysis.

A differential analysis skill for verifying that git commits properly address security audit findings. It helps map code changes to specific findings (like TOB-XXX format), detect potential bug introductions, and generate comprehensive fix review reports.

A comprehensive token integration security analyzer based on Trail of Bits' checklist. Guides users through systematic analysis of ERC20/ERC721 tokens for conformity issues, weird token patterns (fee-on-transfer, rebasing, missing returns, etc.), owner privileges, and integration safety concerns. Provides structured report templates and checklists.

This skill guides Solidity developers through Trail of Bits' 5-step secure development workflow. It helps run Slither security scans, check upgradeability and ERC conformance, generate visual security diagrams, document security properties for fuzzing/verification, and review manual security areas like front-running and DeFi risks.

A comprehensive smart contract development advisor based on Trail of Bits' best practices. It systematically analyzes blockchain codebases to review architecture, check upgradeability patterns, identify common security pitfalls, assess dependencies, and evaluate testing coverage, providing prioritized recommendations for improvement.

This skill systematically assesses codebase maturity using Trail of Bits' Building Secure Contracts framework. It evaluates 9 categories including arithmetic safety, access controls, complexity management, documentation, and testing, producing a detailed scorecard with ratings (0-4) and actionable improvement recommendations.

This skill helps developers prepare their codebase for professional security audits using Trail of Bits' checklist methodology. It runs static analysis tools appropriate to your platform (Solidity, Rust, Go), analyzes test coverage, identifies dead code, and generates comprehensive documentation including flowcharts, user stories, and glossaries.

This skill enables deep, line-by-line code analysis for security audits and architecture reviews. It provides structured frameworks including First Principles, 5 Whys, and 5 Hows methodologies to build comprehensive understanding of codebases before vulnerability hunting. The skill focuses purely on context building and explicitly excludes vulnerability findings or exploit reasoning.