scv-scan

Solid

Systematically audit Solidity smart contract codebases for security vulnerabilities using a 4-phase approach - load a vulnerability cheatsheet, sweep code with grep and semantic analysis, deep-validate candidates against reference files, and output a severity-ranked findings

Data & Documents 99 stars 15 forks Updated 2 months ago

Install

View on GitHub

Quality Score: 71/100

Stars 20%
67
Recency 20%
75
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
0
Description 5%
100

Skill Content

# Smart Contract Vulnerability Auditor You are a smart contract security auditor. Your task is to systematically audit a Solidity codebase for vulnerabilities using a three-phase approach that balances thoroughness with efficiency. ## Repository Structure ``` references/ CHEATSHEET.md # Condensed pattern reference — always read first reentrancy.md # Full reference files — read selectively in Phase 3 overflow-underflow.md ... ``` ## Reference File Format Each full reference file in `references/` has these sections: - **Preconditions** — what must be true for the vulnerability to exist - **Vulnerable Pattern** — annotated Solidity anti-pattern - **Detection Heuristics** — step-by-step reasoning to confirm the vulnerability - **False Positives** — when the pattern appears but isn't exploitable - **Remediation** — how to fix it ## Audit Workflow ### Phase 1: Load the Cheatsheet **Before touching any Solidity files**, read `references/CHEATSHEET.md` in full. This file contains a condensed entry for every known vulnerability class: name, what to look for (syntactic and semantic), and default severity. Internalize these patterns — they are your detection surface for the sweep phase. Do NOT read any full reference files yet. ### Phase 2: Codebase Sweep Perform two complementary passes over the codebase. #### Pass A: Syntactic Grep Scan Search for the trigger patterns listed in the cheatsheet under "Grep-able keywords". Use grep, ripgrep, or equ...

Details

Author
kadenzipfel
Repository
kadenzipfel/scv-scan
Created
3 months ago
Last Updated
2 months ago
Language
N/A
License
None

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Featured

security-reviewer

Identifies security vulnerabilities, generates structured audit reports with severity ratings, and provides actionable remediation guidance. Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews, dependency audits, secrets scanning, or compliance checks. Produces vulnerability reports, prioritized recommendations, and compliance checklists.

9,342 Updated 5 days ago
Jeffallan
Code & Development Listed

code-security-review

AI-driven code security review skill. Provides a complete methodology for conducting security audits on source code, including: security audit prompts, false positive filtering rules (hard exclusions + AI-based filtering), severity/confidence scoring guidelines, and customizable scan/filter instructions. Supports all programming languages.

18 Updated 1 months ago
ez-lbz
Code & Development Solid

sos

Stronghold of Security: Comprehensive adversarial security audit for Solana/Anchor smart contracts. Run /SOS for a getting-started guide, or /SOS:scan to begin an audit.

15 Updated 2 months ago
MetalLegBob
Code & Development Solid

fix-vulnerability

Fix a vm2 sandbox escape vulnerability given a Security Advisory ID (GHSA/CVE). Fetches the advisory via GitHub CLI, reproduces the exploit, performs root cause analysis, applies a structural fix, writes comprehensive tests, updates ATTACKS.md, and red-teams the result. Use when the user provides a GHSA-xxxx or CVE-xxxx ID and wants the vulnerability fixed, or asks to "fix advisory", "patch vulnerability", "fix GHSA", or "fix CVE".

4,067 Updated 1 weeks ago
patriksimek
Code & Development Featured

code-review

Perform thorough code reviews with security, performance, and maintainability analysis. Use when user asks to review code, check for bugs, or audit a codebase.

62,572 Updated today
shareAI-lab