Entry Point Analyzer
技能 已验证 活跃Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.
To systematically identify the attack surface of smart contracts by pinpointing all externally callable, state-modifying functions to guide security audits.
功能
- Identifies state-changing entry points
- Categorizes functions by access level (public, restricted, contract-only)
- Supports multiple smart contract languages (Solidity, Vyper, Solana, Move, TON, CosmWasm)
- Excludes view/pure/read-only functions
- Generates structured markdown audit reports
- Integrates with Slither for Solidity analysis
使用场景
- Starting a smart contract security audit to map attack surface
- Finding entry points, external functions, or audit flows
- Analyzing access control patterns
- Identifying privileged operations and role-restricted functions
非目标
- Vulnerability detection (use domain-specific audits)
- Writing exploit POCs
- Code quality or gas optimization analysis
- Analyzing read-only functions
- Non-smart-contract codebases
Trust
- info:Issues Attention13 issues opened and 4 closed in the last 90 days, indicating maintainer attention but a potential lag in response time.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install entry-point-analyzer@trailofbits质量评分
已验证类似扩展
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Web3 Testing
99Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.
Aptos Move Testing
98Expert on testing Move smart contracts on Aptos, including unit tests, integration tests, Move Prover formal verification, debugging strategies, and test coverage. Triggers on keywords move test, unit test, integration test, move prover, formal verification, debug, coverage, assert, expect
Aptos Framework Expert
98Expert on Aptos Framework (0x1 standard library) - account, coin, fungible_asset, object, timestamp, table, event, vector, string, option, error, and other core modules. Triggers on keywords aptos framework, 0x1, account module, table, smarttable, event, timestamp, randomness, aggregator, resource account