Stats
Actions
Tags
Guides Starknet account contract reviews: validate/execute path constraints, nonce/signature replay protection, session-key policy boundaries, and error code resolution.
How this skill is triggered — by the user, by Claude, or both
Slash command
/starknet-agentic-skills:account-abstractionThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Reviewing account contract validation and execution paths.
__validate__ enforces lightweight, bounded checks.__execute__ enforces policy and selector boundaries.cairo-auditor for final AA/security pass before merge.__validate__ constraints and DoS resistance.__execute__ policy enforcement correctness.import { Account, CallData, RpcProvider } from "starknet";
const provider = new RpcProvider({ nodeUrl: process.env.STARKNET_RPC! });
const account = new Account(provider, process.env.ACCOUNT_ADDRESS!, process.env.PRIVATE_KEY!);
// Validate preview (debug-only): inspect __validate__ behavior with the current nonce.
const nonce = await account.getNonce();
const call = { contractAddress: process.env.TARGET!, entrypoint: "set_limit", calldata: CallData.compile({ value: 7 }) };
await provider.callContract({
contractAddress: account.address,
entrypoint: "__validate__",
calldata: CallData.compile({ calls: [call], nonce }),
});
// Execute path: real transaction that triggers __execute__ and nonce checks.
const tx = await account.execute([call]);
await provider.waitForTransaction(tx.transaction_hash);
| Code | Condition | Recovery |
|---|---|---|
AA-001 | __validate__ is too expensive or stateful | Remove heavy logic from validation; add a test that caps validation steps. |
AA-002 | __execute__ allows blocked selectors/self-calls | Enforce selector filters and self-call checks; add authorized/unauthorized regression tests. |
AA-003 | Nonce or domain mismatch causes replay risk | Normalize nonce source/hash domain; add replay and cross-domain tests. |
AA-999 | Unexpected runtime panic | Capture calldata + caller context, reproduce in unit tests, then escalate to cairo-auditor. |
npx claudepluginhub keep-starknet-strange/starknet-agentic --plugin starknet-agentic-skillsReference for building Starknet applications using starknet.js v9.x SDK, including contract interaction, account management, transaction handling, fee estimation, wallet integration, and paymaster flows.
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities: felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, signature replay, and storage collisions.
Scans Cairo/StarkNet smart contracts for vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.