How does variant analysis work in this skill?

Variant analysis involves identifying the root cause of a specific security bug, extracting its code pattern (regex or AST), and systematically scanning the rest of the codebase to find similar instances of the same vulnerability.

Is VulnHunter an automated vulnerability scanner?

It acts as an expert assistant within Claude Code, providing the methodology, patterns, and checklists to guide a human-led security audit rather than just acting as a simple automated 'grep' tool.

What languages does VulnHunter support?

VulnHunter provides specific security patterns and 'footgun' detection for JavaScript, TypeScript, Python, Rust, and Solidity, though its general security methodologies can be applied to almost any language.

Can VulnHunter be used for smart contract security?

Yes, it includes specialized categories for Solidity and smart contract risks, such as delegatecall vulnerabilities, tx.origin authentication bypasses, and timestamp manipulation.

VulnHunter Security Audit

Name: VulnHunter Security Audit
Author: sendaifun

bysendaifun

•

安全与测试

Detects security vulnerabilities, dangerous API patterns, and code "footguns" using advanced variant analysis and sharp-edges detection.

VulnHunter is a specialized security analysis skill designed for comprehensive code audits and vulnerability hunting within the Claude Code environment. It combines "Sharp Edges" detection—identifying inherently risky APIs and insecure default configurations—with systematic "Variant Analysis" to track down similar bugs across entire codebases. Inspired by industry-leading security methodologies from firms like Trail of Bits, this skill helps developers and auditors identify high-impact flaws in JavaScript, Python, Rust, and Solidity. Whether you are reviewing third-party dependencies or securing complex smart contracts, VulnHunter provides the structured workflow and pattern-matching capabilities needed to harden your software against exploits.

主要功能

01Pre-configured patterns for memory safety, cryptographic weaknesses, and race conditions

02Language-specific security checks for JavaScript, Python, Rust, and Solidity

0354 GitHub stars

04Sharp Edges detection for identifying dangerous defaults and error-prone APIs

05Structured auditing workflow from initial reconnaissance to final reporting

06Systematic variant analysis to find recurring vulnerability patterns across files

使用场景

01Reviewing smart contracts for blockchain-specific vulnerabilities like reentrancy or storage collisions

02Performing deep security audits on unfamiliar or legacy codebases

03Identifying variants of a known bug to ensure comprehensive patching across a repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sendaifun/skills vulnhunter

For use in Claude.ai and ChatGPT

Download Skill