Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Secure Workflow Guide

Skill Aktiv
Teil von:Building Secure Contracts

Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.

Zweck

To guide developers through a structured and comprehensive security workflow for smart contracts, identifying vulnerabilities, documenting properties, and improving overall code security.

Funktionen

  • Guides through a 5-step secure development workflow
  • Runs Slither security scans with vulnerability detection
  • Checks special features like upgradeability and ERC conformance
  • Generates visual security diagrams (inheritance, function summary, variable authorization)
  • Helps document security properties for fuzzing and verification
  • Reviews manual security areas (privacy, front-running, crypto, DeFi)

Anwendungsfälle

  • When performing a security review of smart contracts
  • Before deploying smart contracts to production
  • To enhance the security of smart contracts throughout the development lifecycle
  • When needing to document critical security properties for testing and verification

Nicht-Ziele

  • Providing generic security advice without executing the workflow
  • Describing architecture instead of generating visual diagrams
  • Skipping upgradeability or ERC checks without codebase verification
  • Setting up fuzzing infrastructure without documenting properties

Workflow

  1. Explore codebase for structure
  2. Run Slither security scan
  3. Detect and run applicable special feature checks
  4. Generate visual security diagrams
  5. Guide security property documentation
  6. Analyze manual review areas
  7. Provide prioritized action plan and next steps

Praktiken

  • Security Auditing
  • Smart Contract Development
  • Secure Coding
  • Documentation
  • Testing

Trust

  • warning:Issues Attention13 issues opened and 4 closed in the last 90 days, indicating a closure rate below 50% and a high number of open issues.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install building-secure-contracts@trailofbits

Qualitätspunktzahl

75 /100
Analysiert about 13 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Soul Guardian

100

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

Skill
prompt-security

Audit Dependency Versions

100

Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.

Skill
pjt222

Codex Diff Develop

100

Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.

Skill
j4rk0r

Web3 Testing

99

Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.

Skill
wshobson

Solidity Security

98

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

Skill
wshobson

Entry Point Analyzer

97

Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.

Skill
trailofbits