Who created the Solana Vulnerability Scanner skill?

The skill is authored by Trail of Bits, a premier cybersecurity research firm known for their work in blockchain and software security.

Which Solana vulnerabilities does this skill detect?

The scanner identifies six critical issue types: arbitrary CPI, improper PDA validation, missing signer checks, missing ownership checks, sysvar spoofing, and specific logic errors common in Solana programs.

Should I rely solely on this tool for my contract security?

While this tool is highly effective at catching common critical vulnerabilities, it should be used as a primary automated check alongside professional manual security audits.

Is this scanner compatible with the Anchor framework?

Yes, it is designed to analyze both native Solana programs and those developed using the Anchor framework.

Solana Vulnerability Scanner

Name: Solana Vulnerability Scanner
Author: plurigrid

byplurigrid

•

安全与测试

Automates security audits for Solana smart contracts by identifying critical vulnerabilities including arbitrary CPI and improper PDA validation.

Developed by security experts at Trail of Bits, the Solana Vulnerability Scanner is a specialized tool designed to audit Solana and Anchor programs. It focuses on detecting six high-impact vulnerability classes—such as missing signer checks, sysvar spoofing, and improper PDA validation—that are common targets for exploits in the Solana ecosystem. This skill is essential for developers and security researchers who need to ensure the robustness of on-chain programs before deployment or during code reviews.

主要功能

018 GitHub stars

02Scans for sysvar spoofing vulnerabilities

03Flags missing signer and account ownership checks

04Detects arbitrary Cross-Program Invocations (CPI)

05Optimized for both native Solana and Anchor framework programs

06Identifies improper Program Derived Address (PDA) validation

使用场景

01Hardening Anchor-based dApps against account-based vulnerabilities

02Automating the detection of common exploit patterns during development

03Performing pre-audit security reviews of Solana smart contracts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi solana-vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill