Secure Workflow Guide
技能 活跃Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
To guide developers through a structured and comprehensive security workflow for smart contracts, identifying vulnerabilities, documenting properties, and improving overall code security.
功能
- Guides through a 5-step secure development workflow
- Runs Slither security scans with vulnerability detection
- Checks special features like upgradeability and ERC conformance
- Generates visual security diagrams (inheritance, function summary, variable authorization)
- Helps document security properties for fuzzing and verification
- Reviews manual security areas (privacy, front-running, crypto, DeFi)
使用场景
- When performing a security review of smart contracts
- Before deploying smart contracts to production
- To enhance the security of smart contracts throughout the development lifecycle
- When needing to document critical security properties for testing and verification
非目标
- Providing generic security advice without executing the workflow
- Describing architecture instead of generating visual diagrams
- Skipping upgradeability or ERC checks without codebase verification
- Setting up fuzzing infrastructure without documenting properties
工作流
- Explore codebase for structure
- Run Slither security scan
- Detect and run applicable special feature checks
- Generate visual security diagrams
- Guide security property documentation
- Analyze manual review areas
- Provide prioritized action plan and next steps
实践
- Security Auditing
- Smart Contract Development
- Secure Coding
- Documentation
- Testing
Trust
- warning:Issues Attention13 issues opened and 4 closed in the last 90 days, indicating a closure rate below 50% and a high number of open issues.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install building-secure-contracts@trailofbits质量评分
类似扩展
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Web3 Testing
99Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.
Solidity Security
98Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
Entry Point Analyzer
97Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.