Can it detect integer overflows and underflows?

Absolutely. The skill systematically reviews all mathematical operations to ensure they use checked arithmetic methods and provides remediation for unsafe operations.

Is it compatible with native Rust Solana programs?

Yes, it provides dedicated manual account validation patterns, secure PDA derivation guidance, and low-level CPI security checks for programs not using Anchor.

Does this skill support the Anchor framework?

Yes, it includes specific patterns and security checklists for Anchor versions 0.30+ as well as legacy versions, covering account constraints and CpiContext safety.

What kind of output does the security report provide?

It generates a professional report with findings ranked by severity (Critical to Informational), including the vulnerable code location, exploit scenarios, and secure recommendations.

Does it account for the latest 2025 Solana features?

Yes, the skill is updated to include modern practices such as Token-2022 extension handling, InitSpace derive usage, and fuzz testing with the Trident framework.

Solana Security Auditor

Name: Solana Security Auditor
Author: mwathiben

bymwathiben

0•

安全与测试

Audits Solana smart contracts for security vulnerabilities using a systematic 5-step review framework for both Anchor and native Rust implementations.

This skill provides a comprehensive security review framework for Solana developers, covering everything from initial account validation to complex vulnerability patterns like PDA substitution and arbitrary CPI. It enables Claude to perform deep technical assessments of smart contracts, identifying common pitfalls such as integer overflows, missing signer checks, and improper account reloading. By following a rigorous 5-step process, the skill generates structured security reports with severity-ranked findings, proof-of-concept exploit scenarios, and actionable code remediations tailored to 2025 best practices.

主要功能

01Automated checks for arithmetic safety, account ownership, and signer requirements

02Structured reporting with severity levels, exploit scenarios, and secure code alternatives

03Systematic 5-step security review process for comprehensive program audits

04Detection of advanced vulnerability patterns including Type Cosplay and PDA substitution

050 GitHub stars

06Support for both Anchor framework constraints and native Rust validation logic

使用场景

01Performing a pre-deployment security audit on DeFi or NFT protocols

02Identifying and fixing complex PDA and CPI vulnerabilities in native Rust contracts

03Reviewing existing Anchor programs for compatibility with modern security standards and Token-2022

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mwathiben/hush-private-bookmarks solana-security

For use in Claude.ai and ChatGPT

主要功能

01Automated checks for arithmetic safety, account ownership, and signer requirements

02Structured reporting with severity levels, exploit scenarios, and secure code alternatives

03Systematic 5-step security review process for comprehensive program audits

04Detection of advanced vulnerability patterns including Type Cosplay and PDA substitution

050 GitHub stars

06Support for both Anchor framework constraints and native Rust validation logic

使用场景

01Performing a pre-deployment security audit on DeFi or NFT protocols

02Identifying and fixing complex PDA and CPI vulnerabilities in native Rust contracts

03Reviewing existing Anchor programs for compatibility with modern security standards and Token-2022