Stats
Actions
Tags
From sui-dev-agents
Scans .move files in sources/ for vulnerabilities like access control issues, object transfers, and economic exploits; generates severity-prioritized audit report and saves as audits/audit-<timestamp>.md.
How this command is triggered — by the user, by Claude, or both
Slash command
/sui-dev-agents:auditThe summary Claude sees in its command listing — used to decide when to auto-load this command
# Security Audit When invoked, follow these steps: 1. **Scan all Move files**: - Find all `.move` files in `sources/` - Read and parse module structures - Identify public entry functions 2. **Check for common vulnerabilities**: **Access Control**: - Public entry functions without capability checks - Missing owner/admin verification - Unprotected admin functions **Object Transfer**: - `transfer::public_transfer` without validation - Missing recipient checks - Shared object concurrent access issues **Capability Management**: - Capabilities with `st...
When invoked, follow these steps:
Scan all Move files:
.move files in sources/Check for common vulnerabilities:
Access Control:
Object Transfer:
transfer::public_transfer without validationCapability Management:
store ability (leakable)Economic Exploits:
Resource Handling:
drop implementation cleanupType Safety:
Generate audit report:
Security Audit Report
=====================
CRITICAL (must fix):
- [sources/marketplace.move:45] Public entry function lacks capability check
- [sources/token.move:78] Integer overflow in mint function
HIGH (should fix):
- [sources/vault.move:23] Capability has 'store' ability (leakable)
MEDIUM (review):
- [sources/nft.move:56] Missing input validation
LOW (informational):
- [sources/utils.move:12] Unused function
PASSED:
✓ No public_transfer without validation
✓ Proper generic constraints
✓ No dangling references
Best practices check:
Recommendations:
Save report:
audits/audit-<timestamp>.mdnpx claudepluginhub first-mover-tw/sui-dev-agents --plugin sui-dev-agents/web3-auditAudits Solidity smart contracts against a 10-bug-class checklist, applies pre-dive kill signals to assess effort viability, and generates a Foundry PoC template for confirmed findings.
/scanScans a codebase against the Solana Security Standard (SOL-0XX), reporting advisory findings grouped by rule with file locations, descriptions, and fixes.
/cairo-auditorAudits Cairo smart contracts in the current repo or specified files, supporting deep/adversarial mode and file output. Produces security and quality reports.
/kasi-securityRuns security audit on project codebase: detects stack (PHP/Node/Python/etc.), loads checklist, scans files for SQLi/XSS/CSRF/auth bypass/etc., outputs prioritized findings with confidence labels.
/auditLogs and labels agent interactions (prompts, responses, tool calls) to an append-only JSONL file. Subcommands: record and label.
/auditAudits UI code against design system for spacing, depth, color, and pattern violations. Reports file-specific issues and suggestions. Supports path argument or defaults to common UI paths.