Is this a replacement for a professional security audit?

No, while this skill is excellent for identifying common critical vulnerabilities during development, it should be used as a supplementary tool alongside professional manual audits.

Which vulnerabilities does this skill detect?

The scanner detects six critical Solana vulnerabilities, including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing.

Who developed this security skill?

This skill was authored by Trail of Bits, a leading cybersecurity research firm recognized for their expertise in blockchain and smart contract security.

How do I trigger a scan?

You can use this skill within Claude Code when auditing your project files, specifically focusing on Rust files within your Solana or Anchor directory.

Can I use this with the Anchor framework?

Yes, this skill is specifically designed to support both native Solana programs and those developed using the Anchor framework.

Solana Vulnerability Scanner

Name: Solana Vulnerability Scanner
Author: plurigrid

byplurigrid

•

安全与测试

Scans Solana and Anchor programs for critical security vulnerabilities to ensure smart contract integrity.

关于

The Solana Vulnerability Scanner is a specialized security tool for Claude Code designed to identify high-impact vulnerabilities in Solana smart contracts. Developed by Trail of Bits, it automatically scans for six critical exploit vectors, including arbitrary Cross-Program Invocations (CPI), improper Program Derived Address (PDA) validation, missing signer checks, and sysvar spoofing. It is an essential companion for developers and auditors working with Rust and the Anchor framework, enabling early detection of security flaws during the development lifecycle to prevent costly exploits.

主要功能

Scans for sysvar spoofing exploits
Flags missing signer and ownership checks
Identifies improper PDA validation vulnerabilities
2 GitHub stars
Detects arbitrary Cross-Program Invocations (CPI)
Optimized for both Solana native and Anchor framework programs

使用场景

Continuous security integration for Rust-based blockchain development
Pre-deployment verification of Anchor program logic
Automated security auditing of Solana smart contracts

关于

主要功能

Scans for sysvar spoofing exploits
Flags missing signer and ownership checks
Identifies improper PDA validation vulnerabilities
2 GitHub stars
Detects arbitrary Cross-Program Invocations (CPI)
Optimized for both Solana native and Anchor framework programs

使用场景

Continuous security integration for Rust-based blockchain development
Pre-deployment verification of Anchor program logic
Automated security auditing of Solana smart contracts