smart-contract-audit
Audit and analyze Solidity smart contracts for security vulnerabilities. Use when reviewing, auditing, or analyzing smart contracts, Solidity code, DeFi protocols, or blockchain security. Runs Slither and Aderyn static analysis, detects protocol type, spawns specialist agents for deep review, runs a triager/skeptic agent to validate findings, generates Foundry PoCs, and consolidates everything into a severity-rated report with SWC classifications and economic feasibility analysis.
Why use this skill?
Comprehensive smart contract auditing skill for OpenClaw. Features parallel static analysis, multi-agent deep reviews, Foundry PoC generation, and severity-rated security reporting for DeFi.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/cornbrother0x/smart-contract-auditWhat This Skill Does
The smart-contract-audit skill is an advanced, multi-agent orchestration framework designed to conduct rigorous security assessments on Solidity-based blockchain protocols. Unlike single-pass analysis, this skill employs a multi-run strategy, executing static analysis tools (Slither and Aderyn) in parallel while spawning specialist agents to perform deep-dive manual reviews based on the detected protocol architecture. It validates findings through a skeptic/triager agent to minimize false positives, generates verifiable Foundry PoCs for confirmed exploits, and aggregates all output into a professional-grade, severity-rated security report including SWC classifications and economic impact assessments.
Installation
To integrate this skill into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/cornbrother0x/smart-contract-audit
Ensure you have a configured environment with Foundry and Slither dependencies available, as the skill will attempt to auto-detect and compile projects automatically using provided workflow scripts.
Use Cases
- DeFi Protocol Audits: Analyze AMMs, lending platforms, or yield vaults for logic errors, reentrancy, and flash loan vulnerabilities.
- Pre-deployment Security Checks: Verify new smart contract releases before mainnet migration to ensure compliance with industry standards.
- Bridge & Governance Analysis: Inspect cross-chain message passing logic or DAO voting mechanisms for permissioning flaws and timelock bypasses.
- Vulnerability Reproduction: Generate automated Proof-of-Concept scripts in Foundry to demonstrate exploit paths discovered during analysis.
Example Prompts
- "Audit the smart contracts in the current directory and generate a severity-rated report focusing on reentrancy and access control flaws."
- "Perform a security review of the protocol at https://github.com/example/defi-project. Detect the protocol type and focus on potential economic exploits in the staking logic."
- "Analyze the following contract for potential rounding errors and front-running vulnerabilities. Provide a Foundry PoC for any confirmed issues."
Tips & Limitations
- Multi-Run Strategy: Always run the audit 2-3 times as suggested. LLM attention variability means different runs often surface distinct vulnerabilities; the triager agent is designed to synthesize these into a unified report.
- Framework Support: Ensure your project has a recognizable structure (Foundry
foundry.tomlor Hardhathardhat.config.js). Raw files are supported but may lack contextual optimization. - Human-in-the-Loop: While this skill automates significant portions of the audit process, complex business logic flaws should always be validated by an expert security researcher.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-cornbrother0x-smart-contract-audit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write, code-execution, network-access