Cosmos Vulnerability Scanner
技能 活跃Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence. 25 core + 16 IBC + 10 EVM + 3 CosmWasm patterns. Use when auditing custom x/ modules, reviewing IBC integrations, or assessing pre-launch chain security. Updated for SDK v0.53.x.
To audit Cosmos SDK modules and CosmWasm contracts for consensus-critical vulnerabilities, preventing chain halts, fund loss, and state divergence.
功能
- Scans Cosmos SDK modules and CosmWasm contracts
- Identifies consensus-critical vulnerabilities (chain halts, fund loss, state divergence)
- Covers 25 core, 16 IBC, 10 EVM, and 3 CosmWasm patterns
- Outputs findings as individual markdown files
- Supports SDK v0.53.x and specific vulnerability patterns
使用场景
- Auditing custom x/ modules in Cosmos SDK
- Reviewing IBC integrations for vulnerabilities
- Performing pre-launch security assessments of Cosmos chains
- Investigating chain halt incidents
非目标
- Pure Solidity/EVM audits without Cosmos SDK context
- Analysis of CometBFT consensus engine internals
- General Go code review unrelated to blockchain context
- Auditing non-consensus-critical application logic like CLI commands or REST endpoints
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate and potentially slow maintainer response.
Practical Utility
- info:Usage examplesWhile the SKILL.md describes the workflow in detail, concrete end-to-end usage examples with specific inputs and expected outputs are not explicitly provided.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install building-secure-contracts@trailofbits质量评分
类似扩展
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Toprank Weekly Review
100Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.
Janitor Tokens
100显示每个技能消耗的上下文窗口令牌数量。当用户询问有关令牌成本、上下文预算、技能大小,或希望了解哪些技能浪费了最多的上下文空间时使用。