Does this skill detect vulnerabilities directly?

No, this skill is designed to map the attack surface by identifying entry points and access levels; specialized skills like 'audit-context-building' should be used for specific vulnerability detection.

Which smart contract languages are supported?

It supports a wide range of languages including Solidity (.sol), Vyper (.vy), Solana (Rust), Move (Aptos/Sui), TON (FunC/Tact), and CosmWasm.

Why are view and pure functions excluded from the analysis?

The skill focuses on state-changing functions because they represent the primary attack surface where state corruption or loss of funds can occur. Read-only functions cannot directly cause these issues.

How does it handle Solidity access control?

It checks for common patterns like onlyOwner, roles, and custom require statements. If Slither is installed, it uses Slither's printer for high-accuracy visibility and modifier detection.

Entry Point Analyzer

Name: Entry Point Analyzer
Author: trailofbits

bytrailofbits

•

939

•

安全与测试

Identifies and categorizes state-changing entry points in smart contract codebases to streamline security audits and map attack surfaces.

This skill automates the discovery of externally callable functions that modify state across various smart contract languages including Solidity, Vyper, and Rust. By filtering out read-only functions and classifying access levels—such as public, role-restricted, or contract-only—it helps security researchers and developers quickly visualize privileged operations and potential entry points for vulnerabilities. It integrates seamlessly with Slither for Solidity analysis while providing a structured markdown report that maps out the entire state-modifying landscape of a project, ensuring auditors focus on the most critical code paths.

主要功能

01Seamless integration with Slither to enhance Solidity audit workflows with automated printing

02Automatic classification of functions into public, role-restricted, and contract-only access levels

03Smart filtering to exclude read-only (view/pure) functions and focus on state-modifying logic

04939 GitHub stars

05Multi-language support for Solidity, Vyper, Solana, Move, TON, and CosmWasm

06Structured markdown report generation with detailed function locations and detected access patterns

使用场景

01Mapping the attack surface at the start of a comprehensive smart contract security audit

02Identifying privileged operations and emergency pause functions during a protocol review

03Verifying access control implementations across complex codebases with multiple administrative roles

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trailofbits/skills entry-point-analyzer

For use in Claude.ai and ChatGPT

Download Skill