Stats
Actions
Tags
From suiper
Walks OtterSec pre-audit checklist for Sui Move packages: threat model, test coverage, known issues. Use when engaging OtterSec or self-assessing audit readiness.
How this skill is triggered — by the user, by Claude, or both
Slash command
/suiper:ottersec-prepThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
```bash
# Suiperpower telemetry. Routes through the CLI so projects.json + Convex stay in sync.
# Silent on failure so the skill never blocks. Opt out: SUIPERPOWER_TELEMETRY=off.
#
# AGENT NOTE: when this skill finishes, run the matching completion command:
# suiperpower track ottersec-prep build completed
# Or use "failed" / "aborted" if it ended that way.
command -v suiperpower >/dev/null 2>&1 && suiperpower track ottersec-prep build started >/dev/null 2>&1 &
true
If TEL_PROMPTED is no, before doing real work, ask the user:
Help suiperpower get better. We track which skills get used and how long they take. No code, no file paths, no PII. Change anytime in
~/.suiperpower/config.json.A) Sure, anonymous B) No thanks
Write the answer to ~/.suiperpower/config.json telemetryTier field and create ~/.suiperpower/.telemetry-prompted. Then continue.
Walks the OtterSec pre-audit checklist on the user's Move package, surfaces the gaps, and produces the engagement package the auditor expects (threat model, architecture diagram outline, test report, known-issues doc). The goal is for audit time to be spent on real findings, not on hygiene noise.
review-move for an in-house P0-P3 walk first.build-with-move first.If you activated this and the user actually wants something else, consult skills/SKILL_ROUTER.md and hand off.
move/ or similar..suiperpower/build-context.md and any prior review-move output.If unclear, interview the user for:
A filled-in pre-audit checklist (every P0 item answered, P1-P3 documented).
A THREAT_MODEL.md in the project: who is trusted, what are the assets, what are the known risks.
An architecture summary (which modules talk to which, where capabilities flow).
A test-coverage report from sui move test.
A KNOWN_ISSUES.md listing decisions to ship despite known concerns.
Append to .suiperpower/build-context.md:
## ottersec-prep session, <timestamp>
- packages in scope: <list>
- checklist completion: <P0 percent>, <P1 percent>
- threat model doc: <path>
- test count: <n>, coverage: <percent>
- open issues: <list>
The skill never deletes files outside the integration source path without explicit user confirmation.
Context gathering
.suiperpower/build-context.md if present.P0 walk
skills/data/guides/security-checklist.md.Capability inventory
*Cap struct in the package(s).Visibility audit
public(package) is the default; public is reserved for true cross-package APIs.friend declarations; recommend migration.#[test_only] on test helpers.Init function audit
Test coverage
sui move test, capture output.Build cleanliness
sui move build. Confirm zero warnings.assert!(false), commented-out checks, and std::debug::print from production paths.Dependency pin
Move.toml uses pinned revs / tags. Reject main or floating versions in production deps.Threat model + known issues
THREAT_MODEL.md and KNOWN_ISSUES.md if absent.Engagement package
https://osec.io/).Writeback
.suiperpower/build-context.md.Before reporting done, the skill asks itself the following and refuses to declare success if any answer is no:
THREAT_MODEL.md non-trivial (assets, trust assumptions, known risks named)?*Cap listed with holder strategy)?Move.toml pinned, no main in production deps?If any answer is no, the skill reports the gap and works through it before claiming the package is audit-ready.
On-demand references (load when relevant to the user's question):
references/pre-audit-walkthrough.md: Item-by-item walk of the checklist with example pass/fail patterns.references/finding-categories.md: Common findings OtterSec produces, with mitigation patterns.references/threat-model-template.md: One-page threat-model template.Knowledge docs (load when scope expands beyond what is in references):
skills/data/sui-knowledge/sponsor-docs/ottersec-checklist.md: Full checklist source.skills/data/guides/security-checklist.md: P0-P3 reference.claude "/suiper:ottersec-prep <your message>"codex "/ottersec-prep <your message>"~/.cursor/rules/ottersec-prep.mdc and reference it.If you activated this and the user actually wants something else, consult skills/SKILL_ROUTER.md and hand off.
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.
npx claudepluginhub pivyme/suiperpower --plugin suiper