By zaryab2000
End-to-end Solidity smart contract workflow: planning, TDD with Foundry, gas optimization, security review, deployment, upgrades, and audit preparation
Generate the complete audit package before engaging an external auditor
Run a full gas optimization audit on a contract before deployment
Start a new smart contract, interface, library, or protocol component
Run the pre-deployment checklist and deploy via a Forge script
Verify storage layout safety and run staged checks before any proxy upgrade
Use this agent when the solidity-gas-optimizer skill requests a gas audit on a Solidity contract. Given a contract file path and name, runs forge inspect for storage layout analysis, forge snapshot for gas baseline, and a full 8-category gas checklist (storage packing, visibility, calldata, loops, arithmetic, errors, compiler config, events). Applies HIGH and MEDIUM findings automatically, measures delta with forge snapshot --diff, and writes a structured findings report to docs/audits/YYYY-MM-DD-<contract>-gas.md. Do not invoke directly — dispatched by the solidity-gas-optimizer skill.
Use this agent when the solidity-code-reviewer skill requests a security review of a Solidity contract. Performs a two-stage review: (1) spec compliance against the provided interface and design document; (2) security analysis covering reentrancy (CEI, cross-function, read-only), access control (Ownable2Step, tx.origin, role escalation), external call safety (SafeERC20, return values, adversarial addresses, fee-on-transfer tokens), integer arithmetic (unchecked blocks, division before multiplication, downcasts), oracle security (Chainlink staleness, TWAP windows, decimal normalization), flash loan and MEV vectors (first depositor, sandwiching), upgrade safety (storage layout, initializer security, _authorizeUpgrade), and protocol logic invariants. Produces severity-rated findings (Critical/High/Medium/Low/Info) with exact file:line references, impact statements, proof-of-concept attack paths, remediation code, and regression test function names. Writes the full report to docs/audits/YYYY-MM-DD-<contract>-security.md. Do not invoke directly — dispatched by the solidity-code-reviewer skill.
Audit preparation gate for Solidity contracts before external security review. Use when preparing for external audit engagement, when creating audit scope documentation, or when the user says "prepare for audit", "audit package", "scope document", "what do auditors need", "I'm getting this audited", or "external security review". Enforces: complete audit package (scope, protocol overview, threat model, internal findings log, and coverage report) before engaging auditors. Produces professional-grade documentation that maximizes audit value and minimizes wasted auditor time on obvious issues.
TDD implementation gate for Solidity smart contracts. Use after an approved design doc and committed interface exist. Triggers on: "implement this", "write the contract", "fill in the logic", "implement the interface", "code this up", or any intent to write Solidity implementation code. Enforces strict Red-Green-Refactor: no production code without a failing Forge test first. Covers: CEI pattern, custom errors, access control, SafeERC20, ReentrancyGuard, gas snapshots, and all implementation standards for Solidity ^0.8.20 with Foundry.
Security review gate for completed Solidity contract implementations. Use after any contract implementation is complete and before marking work done, merging, or deploying. Triggers on: "review this contract", "security review", "is this secure?", "check for vulnerabilities", "audit this", "pen test this", or when any contract implementation is complete. Dispatches the reviewoor agent with full context: source code, interface, design doc, invariant list, and git diff if modifying an existing contract. All Critical and High severity findings must be resolved with regression tests before exiting this skill.
Deployment gate for Solidity contracts. Use before any deployment to testnet, mainnet, or public fork environments. Triggers on: "deploy this contract", "run the deploy script", "let's go to testnet", "deploy to mainnet", "how do I deploy", "deployment configuration", or any mention of broadcasting transactions or deploy scripts. Enforces: forge script (not forge create), pre-deployment checklist, simulation before broadcast, on-chain verification, multisig ownership transfer, and deployment manifest generation. No manual deployments allowed.
Gas optimization gate for Solidity contracts before deployment. Dispatches the optimizoor agent to run a full 8-category gas audit. Use when: tests pass and contract is ready for gas review, user asks "is this gas efficient?", "can we reduce gas costs?", "optimize gas", "check gas usage", or after any implementation change to a value-handling function. Covers: storage layout and slot packing, function visibility, calldata vs memory, loop optimization, arithmetic (unchecked), custom errors, compiler configuration, and event vs storage decisions. Produces a gas audit report with forge snapshot diff before deployment.
Modifies files
Hook triggers on file write and edit operations
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
No model invocation
Executes directly as bash, bypassing the AI model
No model invocation
Executes directly as bash, bypassing the AI model
A Claude Code plugin that enforces a gate-based workflow for Solidity smart contract development. Every phase — planning, building, testing, gas optimization, documentation, deployment, upgrades, and audit prep — is a mandatory checkpoint, not a suggestion.
This plugin is under active development and is not ready for use. APIs, skill files, and hook behavior may change without notice. Installation instructions will be added when the first stable release is ready.
Left to its own defaults, an AI agent will happily write 200 lines of implementation code the moment you describe a contract — no design doc, no interface, no invariants, no tests. This plugin corrects that by injecting a strict rule before every response in a Solidity session:
Before responding to ANY message, check if a phase skill applies. If there is even a 1% chance a skill is relevant — invoke it first. No exceptions.
Plan → Build → Test → Gas Optimize → NatSpec → Deploy/Upgrade → Audit Prep
Each phase has a hard gate that blocks the next phase until its conditions are met.
| Component | Count | Purpose |
|---|---|---|
| Skills | 10 | Phase gates — each enforces a mandatory checklist |
| Agents | 2 | optimizoor (gas audit), reviewoor (security review) |
| Commands | 6 | User entry points (/new-contract, /gas-audit, /security-review, /audit-prep, /pre-deploy, /pre-upgrade) |
| Hooks | 2 | Session start (injects THE RULE), PreToolUse (plan gate) |
| Phase | What Is Blocked Without It |
|---|---|
solidity-planner | No .sol files until design doc + interface committed |
solidity-builder | No implementation without a failing test first (TDD) |
solidity-tester | No value-handling contract without fuzz + invariant tests |
solidity-gas-optimizer | No deployment without a gas audit report |
solidity-natspec | No commit without NatSpec on every public/external function |
solidity-deployer | No manual deployments — only forge script with simulation |
solidity-upgrader | No upgrade without storage layout diff + fork test |
solidity-code-reviewer | No contract marked complete without security review |
solidity-audit-prep | No external audit without a complete 4-document package |
forge, cast)^0.8.20MIT — Zaryab
npx claudepluginhub zaryab2000/decipher-solidity-superpowersAnalyzes Solidity smart contracts for gas inefficiencies. Detects storage packing gaps, loop anti-patterns, custom error opportunities, visibility mismatches, unchecked arithmetic, calldata vs memory decisions, and deployment cost issues. Enforces gas regression detection on every file save via forge integration.
zaryab2000AI-powered smart contract security auditor with parallel hunt lanes, Devil's Advocate verification, static analysis (Slither, Aderyn), fuzz testing (Echidna, Medusa), symbolic execution (Halmos), Solodit intelligence, and interactive Map-Hunt-Attack methodology
ArchethectAudits Solidity codebases for smart contract vulnerabilities using a four-phase workflow covering 36 vulnerability classes.
trailofbitsBlue-team release-gate skill for smart contract systems. Classifies projects, reviews deployment and upgrade execution paths, inspects CI/CD and dependency trust boundaries, evaluates signer/admin operational security, and produces evidence-based release blockers, warnings, and release verdicts.
quillai-networkSolidity static analyzer with AI-powered security skills for auditing and developing secure smart contracts
slvDevBlockchain development with Solidity security, DeFi protocols, NFT standards, and Web3 testing
EricGrillReference for BattleChain, the pre-mainnet L2 for battle-testing smart contracts with real funds. Covers deploying contracts, Safe Harbor agreements, whitehat attack workflows, and contract lifecycle management
Cyfrin