What is the difference between default and deep audit modes?

Default mode performs a standard scan across all project files, while 'deep' mode adds an adversarial reasoning agent (Agent 5) to specifically look for complex, multi-step exploits.

How does the skill validate potential vulnerabilities?

The auditor uses a combination of static analysis, parallel agent verification, and can even use Starknet.js to perform view calls or state-changing probes to validate exploit paths.

Can I audit specific files instead of an entire repository?

Yes, you can trigger the skill on specific filenames or directories to perform a scoped audit and reduce processing time.

What smart contract languages does this skill support?

This skill is specifically optimized for Cairo and Starknet-based smart contracts, supporting the latest Cairo syntax and Starknet-specific patterns.

Cairo & Starknet Security Auditor

Name: Cairo & Starknet Security Auditor
Author: keep-starknet-strange

bykeep-starknet-strange

•

Security & Testing

Performs comprehensive security audits and vulnerability scanning for Cairo smart contracts on Starknet using parallelized agent reasoning.

The cairo-auditor skill is a specialized security tool for the Starknet ecosystem, designed to automate the rigorous review of Cairo smart contracts. It orchestrates a parallelized workflow where multiple scanning agents analyze code against specific attack vectors, including reentrancy, access control, and integer overflows. By combining deterministic preflight checks via Semgrep with deep adversarial reasoning and real-time Starknet.js probing, it identifies complex vulnerabilities that traditional linters might miss, delivering a unified, deduplicated security report for developers.

Key Features

01Deep adversarial reasoning mode to simulate complex exploit paths

0279 GitHub stars

03Parallelized multi-agent orchestration for specialized vulnerability detection

04Deterministic preflight scanning with Semgrep integration

05Automated contract file discovery and repository scoping

06Live state-probing using Starknet.js for exploit validation

Use Cases

01Deep-dive adversarial audits for critical account and session management logic

02Automated triage of suspicious findings identified during CI/CD or by external reviewers

03Pre-merge security reviews for Cairo smart contracts to prevent on-chain vulnerabilities

Key Features

01Deep adversarial reasoning mode to simulate complex exploit paths

0279 GitHub stars

03Parallelized multi-agent orchestration for specialized vulnerability detection

04Deterministic preflight scanning with Semgrep integration

05Automated contract file discovery and repository scoping

06Live state-probing using Starknet.js for exploit validation

Use Cases

01Deep-dive adversarial audits for critical account and session management logic

02Automated triage of suspicious findings identified during CI/CD or by external reviewers

03Pre-merge security reviews for Cairo smart contracts to prevent on-chain vulnerabilities