Guidelines Advisor
Skill AktivSmart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations.
To systematically improve the security and quality of smart contract development by providing expert-level analysis and guidance based on established best practices.
Funktionen
- Generates system documentation and specifications
- Analyzes on-chain/off-chain architecture
- Reviews upgradeability patterns and proxy implementations
- Assesses implementation quality and identifies common pitfalls
- Evaluates dependencies and testing suites
- Provides prioritized, actionable recommendations
Anwendungsfälle
- Use when developing new smart contracts to ensure adherence to best practices from the start.
- Use when auditing existing smart contracts to identify potential vulnerabilities and areas for improvement.
- Use to generate documentation and architectural overviews for smart contract projects.
- Use to assess the quality and security of dependencies used in smart contract development.
Nicht-Ziele
- Providing legal advice on smart contract compliance.
- Automatically fixing identified issues without user input.
- Replacing the need for manual security audits entirely.
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a closure rate below 50% with a significant number of open issues.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install building-secure-contracts@trailofbitsQualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Toprank Weekly Review
100Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.
Janitor Tokens
100Zeigt an, wie viele Token im Kontextfenster jede Fähigkeit verbraucht. Verwenden Sie dies, wenn der Benutzer nach Token-Kosten, Budget, Kapazität oder nach Fähigkeiten fragt, die am meisten Kontextspeicherplatz verschwenden.