Is this a replacement for a professional security audit?

No, while this skill is excellent for identifying common critical vulnerabilities during development, it should be used as a supplementary tool alongside professional manual audits.

Which vulnerabilities does this skill detect?

The scanner detects six critical Solana vulnerabilities, including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing.

Who developed this security skill?

This skill was authored by Trail of Bits, a leading cybersecurity research firm recognized for their expertise in blockchain and smart contract security.

How do I trigger a scan?

You can use this skill within Claude Code when auditing your project files, specifically focusing on Rust files within your Solana or Anchor directory.

Can I use this with the Anchor framework?

Yes, this skill is specifically designed to support both native Solana programs and those developed using the Anchor framework.

Solana Vulnerability Scanner

Name: Solana Vulnerability Scanner
Author: plurigrid

byplurigrid

•

セキュリティとテスト

Scans Solana and Anchor programs for critical security vulnerabilities to ensure smart contract integrity.

The Solana Vulnerability Scanner is a specialized security tool for Claude Code designed to identify high-impact vulnerabilities in Solana smart contracts. Developed by Trail of Bits, it automatically scans for six critical exploit vectors, including arbitrary Cross-Program Invocations (CPI), improper Program Derived Address (PDA) validation, missing signer checks, and sysvar spoofing. It is an essential companion for developers and auditors working with Rust and the Anchor framework, enabling early detection of security flaws during the development lifecycle to prevent costly exploits.

主な機能

01Scans for sysvar spoofing exploits

02Flags missing signer and ownership checks

03Identifies improper PDA validation vulnerabilities

042 GitHub stars

05Detects arbitrary Cross-Program Invocations (CPI)

06Optimized for both Solana native and Anchor framework programs

ユースケース

01Continuous security integration for Rust-based blockchain development

02Pre-deployment verification of Anchor program logic

03Automated security auditing of Solana smart contracts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi solana-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill