Solana Vulnerability Scanner
Skill AktivScans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing. Use when auditing Solana/Anchor programs.
To systematically identify and report critical security vulnerabilities in Solana and Anchor smart contracts, enabling developers to secure their blockchain applications.
Funktionen
- Scans Solana/Anchor programs
- Detects 6 critical vulnerability patterns
- Reports findings with location and severity
- Provides code-based recommendations for fixes
- Validates account and CPI security
Anwendungsfälle
- Auditing Solana programs (native Rust or Anchor)
- Reviewing cross-program invocation (CPI) logic
- Validating program-derived address (PDA) implementations
- Pre-launch security assessment of Solana protocols
Nicht-Ziele
- General-purpose code linting
- Performance analysis
- End-to-end deployment or testing orchestration
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate and potentially slow maintainer response.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install building-secure-contracts@trailofbitsQualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Web3 Testing
99Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.
Aptos Gas & Performance Optimization Expert
99Expert on Aptos gas optimization, performance tuning, storage costs, execution efficiency, inline functions, aggregator usage, parallel execution, table vs vector tradeoffs, and gas profiling tools. Triggers on keywords gas optimization, performance, gas cost, storage fee, inline, aggregator, parallel execution, gas profiling, optimization
Emblem Ai Agent Wallet
99Stellen Sie eine Verbindung zu EmblemVault her und verwalten Sie Wallet-bewusste Workflows über EmblemAI mit einem Überprüfungs-ersten, bedienergesteuerten Ansatz. Unterstützt Solana, Ethereum, Base, BSC, Polygon, Hedera und Bitcoin. Verwenden Sie es auch, wenn der Benutzer das Emblem-Authentifizierungsmodell erklärt benötigt: Ein Browser-Authentifizierungsablauf kann einen Benutzer mit Wallets, E-Mail/Passwort oder Social-Login anmelden, während der Agentenmodus automatisch eine Profil-bezogene Wallet ohne manuelle Einrichtung bereitstellen kann.