solidity-guardian
Smart contract security analysis skill. Detect vulnerabilities, suggest fixes, generate audit reports. Supports Hardhat/Foundry projects. Uses pattern matching + best practices from Trail of Bits, OpenZeppelin, and Consensys.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aviclaw/solidity-guardianWhat This Skill Does
The Solidity Guardian is a comprehensive smart contract security analysis tool designed for the OpenClaw AI agent. It acts as an automated security auditor that scans Solidity source code for vulnerabilities ranging from critical reentrancy exploits to standard best-practice deficiencies. By integrating pattern matching derived from industry-standard resources like Trail of Bits, OpenZeppelin, and Consensys, it ensures that your smart contracts remain robust against common attack vectors. The skill supports both Hardhat and Foundry development environments, making it a versatile addition to any Web3 developer's workflow.
Installation
To add this skill to your OpenClaw agent, use the following installation command in your terminal:
clawhub install openclaw/skills/skills/aviclaw/solidity-guardian
Ensure that your project environment is correctly configured to allow the agent access to your contracts directory. Once installed, you can trigger scans directly through the agent interface or via your CLI.
Use Cases
- Pre-deployment Audits: Perform a quick security check before migrating contracts to a testnet or mainnet.
- CI/CD Integration: Automatically analyze codebase changes in pull requests to catch vulnerabilities introduced during active development.
- Educational Benchmarking: Learn about common security pitfalls by reviewing the detailed findings and fix suggestions provided by the agent.
- Legacy Code Review: Scan older smart contract repositories to identify deprecated patterns or insecure coding practices.
Example Prompts
- "Solidity Guardian, please scan the contracts/Vault.sol file and generate a markdown report of all findings."
- "Run a security audit on the entire ./contracts directory and highlight any critical vulnerabilities that require immediate attention."
- "Analyze my project and suggest fixes for any missing access control or reentrancy risks found in the current implementation."
Tips & Limitations
- Pattern Matching: While the tool is highly effective at catching 40+ known vulnerabilities, it relies on static analysis. It is not a replacement for a manual professional audit by an expert security firm.
- Optimization: For very large projects, consider analyzing individual files or sub-directories to manage the agent's memory usage.
- Contextual Awareness: The tool works best when provided with a clean build environment. Ensure your project compiles successfully before initiating an analysis to ensure the parser has access to all necessary import dependencies.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aviclaw-solidity-guardian": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: file-read, code-execution
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.