Is this a replacement for a professional security audit?

While it provides a professional-grade automated scan, it is intended to supplement the development process and help prepare for a formal third-party security audit.

Does scv-scan support languages other than Solidity?

No, this skill is specifically optimized for Solidity smart contracts. It is not recommended for auditing Vyper, Rust/Anchor, or Move contracts as the patterns are language-specific.

How does it handle Solidity version-specific features?

The skill includes version-aware checks, such as recognizing that overflow/underflow is handled by default in Solidity 0.8.0 while still checking for unchecked blocks and assembly.

Can it detect complex reentrancy vulnerabilities?

Yes, it uses deep semantic analysis to detect various types of reentrancy, including cross-function patterns and hidden hooks like ERC-721 safeMint or ERC-777 callbacks.

Does it provide actionable remediation advice?

Every confirmed vulnerability finding includes a specific recommendation and reference to a remediation strategy to help developers fix the issue correctly.

Solidity Security Auditor

Name: Solidity Security Auditor
Author: trailofbits

bytrailofbits

•

274

•

セキュリティとテスト

Conducts comprehensive security audits of Solidity smart contracts using a structured four-phase vulnerability scanning workflow.

The scv-scan skill provides a rigorous, industry-standard approach to auditing Solidity codebases for security vulnerabilities. Developed with patterns from top security researchers, it guides Claude through a systematic process—from initial cheatsheet mapping and codebase-wide sweeps to deep semantic validation and final reporting. It covers 36 distinct vulnerability classes, including reentrancy, access control issues, and logic errors, ensuring that smart contracts are production-ready and resistant to common exploit patterns.

主な機能

01Hybrid detection using both syntactic grep patterns and deep semantic analysis

02Structured four-phase audit workflow (Loading, Sweeping, Validation, Reporting)

03274 GitHub stars

04Detailed vulnerability reporting with standardized severity levels

05Comprehensive coverage of 36 distinct Solidity vulnerability classes

06Integrated reference library for verifying findings and remediation steps

ユースケース

01Rapid vulnerability scanning during the development lifecycle

02Pre-deployment security reviews for Ethereum-based smart contracts

03Validating security best practices after significant code modifications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trailofbits/skills-curated scv-scan

For use in Claude.ai and ChatGPT

Download Skill