Is this skill specific to a certain blockchain?

Yes, it is specifically designed for Cairo smart contracts operating within the StarkNet ecosystem.

What vulnerabilities does this skill detect?

The skill scans for 6 critical vulnerability types including felt252 arithmetic overflows, L1-L2 messaging bugs, address conversion issues, and signature replay attacks.

Who developed the Cairo Vulnerability Scanner?

The security patterns and logic for this skill were developed by Trail of Bits, a premier software security research and auditing firm.

Can I use this for real-time code auditing?

Yes, by activating this skill in Claude Code, you can receive immediate feedback on potential security flaws as you write or review Cairo code.

Cairo Vulnerability Scanner

Name: Cairo Vulnerability Scanner
Author: plurigrid

byplurigrid

•

Security & Testing

Audits StarkNet smart contracts by scanning for critical Cairo-specific vulnerabilities including felt252 arithmetic and messaging issues.

Developed by security experts at Trail of Bits, the Cairo Vulnerability Scanner enables Claude to perform deep security audits on Cairo and StarkNet smart contracts. It specifically targets six high-impact vulnerability classes, such as felt252 arithmetic overflows, L1-L2 messaging inconsistencies, and address conversion flaws. By integrating this skill, developers and auditors can identify complex blockchain-specific bugs early in the development lifecycle, ensuring that decentralized applications on the StarkNet ecosystem remain robust and secure against common attack vectors.

Key Features

01Scans for address conversion and formatting errors

02Flags potential signature replay attacks

03Automates specialized security checks for StarkNet projects

04Detects felt252 arithmetic overflows and underflows

052 GitHub stars

06Identifies L1-to-L2 messaging vulnerabilities

Use Cases

01Reviewing Cairo codebases for common vulnerability patterns before mainnet deployment

02Performing automated security audits during StarkNet contract development

03Validating L1-L2 communication logic in cross-chain bridge contracts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi cairo-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill