Who created the Substrate Vulnerability Scanner skill?

This skill was developed by Trail of Bits, a premier cybersecurity firm known for its deep expertise in blockchain security and formal verification.

How does this help with Polkadot parachain development?

It helps developers identify issues that could lead to chain halts, unauthorized fund transfers, or excessive gas consumption before code is deployed to a live environment.

Is this skill suitable for general Rust development?

While it uses Rust analysis, it is specifically tailored for Substrate and Polkadot runtimes and might not be applicable to non-blockchain Rust projects.

What specific vulnerabilities does this scanner detect?

The skill scans for seven critical issues: arithmetic overflows/underflows, panic-driven DoS, incorrect weights, improper origin checks, and other common FRAME pallet vulnerabilities.

Does it replace a professional manual audit?

No, it is a powerful automated tool for identifying common flaws, but it should be used to supplement rather than replace a comprehensive manual security review.

Substrate Vulnerability Scanner

Name: Substrate Vulnerability Scanner
Author: plurigrid

byplurigrid

•

Seguridad y Pruebas

Identifies seven critical security vulnerabilities in Substrate and Polkadot pallets during the development and auditing process.

The Substrate Vulnerability Scanner is a specialized security tool developed by Trail of Bits for auditing Substrate-based blockchain runtimes. It automates the detection of critical flaws such as arithmetic overflows, panic-driven Denial of Service (DoS) vectors, incorrect weight assignments, and improper origin checks within FRAME pallets. By integrating these security patterns into Claude Code, it allows developers and auditors to catch complex blockchain-specific bugs early in the development lifecycle, ensuring the robustness and safety of Polkadot ecosystem projects.

Características Principales

01Analyzes FRAME pallets for domain-specific security anti-patterns

02Detects arithmetic overflows and underflows in pallet logic

032 GitHub stars

04Checks for missing or incorrect origin authorization and access control

05Identifies potential panic-induced Denial of Service vectors

06Validates weight calculations to prevent resource exhaustion

Casos de Uso

01Performing a security audit on custom Substrate runtime pallets

02Verifying transaction weights before deploying to a Polkadot parachain

03Automating vulnerability scanning during the development of blockchain contracts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi substrate-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill