Stats
Links
Categories
Solidity smart contract audit skills for Claude Code. Per-function audit with 7-stage pipeline: design decisions, parallelized analysis, verification, human review, dispute re-evaluation.
npx claudepluginhub gonzaloetjo/solidity-audit-skillsMulti-stage parallelized per-function audit for Solidity contracts with human-in-the-loop review. Discovers functions, captures design decisions, runs 3 analysis stages, then presents findings for developer classification and re-evaluation of disputed items.
Agent team variant of solidity-function-audit with human-in-the-loop review. Uses agent teams for inter-agent messaging, shared task list with dependencies, plus interactive design decision capture, findings review, and dispute re-evaluation. Requires CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1.
Non-interactive eval variant of solidity-function-audit. Removes all interactive prompts for automated evaluation via claude -p mode. Reads design decisions from GROUND_TRUTH.md, skips Slither, always runs verification, stops after Verification (no Stage 4/5).
Function-by-function security audit of your Solidity contracts, powered by Claude Code agents.
| Severity | Function | Finding |
|---|---|---|
| CRITICAL | withdraw() | Missing reentrancy guard allows drain via callback before balance update |
| CRITICAL | setOracle() | No access control — any caller can replace the price oracle |
| WARNING | deposit() | Underflow revert produces generic Panic(0x11) instead of custom error |
| INFO | _stakeToShares() | Rounding direction correctly protocol-favorable (DOWN on deposit) |
Each function gets a standalone analysis block. Here's a trimmed example from a staking vault audit:
Rationale: Entry point for users to deposit native token and receive LST shares. Must correctly convert deposited stake to shares at the current exchange rate, protect against sandwich/frontrunning via slippage, and maintain share supply/pool accounting invariants.
State mutations:
_mint(msg.sender, shares) -- increases totalSupply() and balanceOf(msg.sender) by sharesaddress(this).balance is implicitly increased by msg.value at the start of the callDependencies:
getTotalPooledStake(), totalSupply(), INITIAL_SHARES_OFFSET_stakeToShares(msg.value, preDepositStake), _mint(msg.sender, shares)nonReentrant, whenNotPausedFindings:
WARNING -- Underflow revert acts as implicit insolvency guard. The subtraction getTotalPooledStake() - msg.value will revert with arithmetic underflow if getTotalPooledStake() < msg.value. The revert reason will be a generic Panic(0x11) rather than a descriptive custom error.
INFO -- Zero-share deposit protection. if (shares == 0) revert StakingVault__InvalidAmount() prevents dust deposits that produce zero shares.
INFO -- Slippage protection. minShares > 0 && shares < minShares check allows callers to skip by passing 0.
Verdict: SOUND
| Stage | What happens | Mode | Output |
|---|---|---|---|
| 0. Design decisions | Extract + confirm developer intent | Interactive | stage0/ |
| 0.5 Slither | Static analysis (if installed) | Orchestrator | stage0/slither-findings.md |
| 1. Foundation | Map state variables, access control, external calls | Agents (parallel) | stage1/ |
| 2. Domain audit | Per-function analysis grouped by domain | Agents (parallel) | stage2/domain-*.md |
| 3. Cross-cutting | Reentrancy paths, state consistency, math/rounding, adversarial sequencing | Agents (parallel) | stage3/ |
| 4. Human review | Classify findings: BUG, DESIGN, DISPUTED, DISCUSS | Interactive | review/ |
| 5. Re-evaluation | Re-analyze disputed findings with developer context | Agent (conditional) | review/ |
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Production-ready workflow orchestration with 84 marketplace plugins, 192 local specialized agents, and 156 local skills - optimized for granular installation and minimal token usage
Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations