audit
Deep EVM smart contract security audit system. Use when asked to audit a contract, find vulnerabilities, review code for security issues, or file security issues on a GitHub repo. Covers 500+ non-obvious checklist items across 19 domains via parallel sub-agents. Different from the security skill (which teaches defensive coding) — this is for systematically auditing contracts you didn't write.
Best use case
audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Deep EVM smart contract security audit system. Use when asked to audit a contract, find vulnerabilities, review code for security issues, or file security issues on a GitHub repo. Covers 500+ non-obvious checklist items across 19 domains via parallel sub-agents. Different from the security skill (which teaches defensive coding) — this is for systematically auditing contracts you didn't write.
Teams using audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How audit Compares
| Feature / Agent | audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Deep EVM smart contract security audit system. Use when asked to audit a contract, find vulnerabilities, review code for security issues, or file security issues on a GitHub repo. Covers 500+ non-obvious checklist items across 19 domains via parallel sub-agents. Different from the security skill (which teaches defensive coding) — this is for systematically auditing contracts you didn't write.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# EVM Smart Contract Audit A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues. ## The Checklists 20 specialized skills covering every major vulnerability domain. Fetch the master index first: ``` https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md ``` The master index contains: - Full routing table (which skills to load for which contract types) - The complete audit methodology (recon → parallel agents → synthesis → issues) - Standard finding format with severity definitions All 20 skill checklists are at: ``` https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md ``` ## Skills Available | Skill | When to Load | |-------|-------------| | `evm-audit-general` | Always | | `evm-audit-precision-math` | Always | | `evm-audit-erc20` | Contract interacts with ERC20 tokens | | `evm-audit-defi-amm` | AMM, DEX, Uniswap V3/V4, liquidity pools | | `evm-audit-defi-lending` | Lending, borrowing, CDP, liquidations | | `evm-audit-defi-staking` | Staking, liquid staking, restaking, EigenLayer | | `evm-audit-erc4626` | Vaults, share/asset conversion | | `evm-audit-erc4337` | Account abstraction, paymasters, session keys | | `evm-audit-bridges` | Cross-chain, LayerZero, CCIP, Wormhole | | `evm-audit-proxies` | Upgradeable contracts, UUPS, Transparent, Diamond | | `evm-audit-signatures` | Off-chain signatures, EIP-712, permits | | `evm-audit-governance` | DAO voting, timelocks, multi-sig | | `evm-audit-oracles` | Chainlink, TWAP, Pyth, price feeds | | `evm-audit-assembly` | Inline assembly, Yul, CREATE2 | | `evm-audit-chain-specific` | Non-mainnet: Arbitrum, OP, zkSync, Blast, BSC | | `evm-audit-flashloans` | Flash loan attack vectors | | `evm-audit-erc721` | NFTs, ERC721, ERC1155 | | `evm-audit-dos` | DoS, unbounded loops, gas griefing | | `evm-audit-access-control` | Ownership, roles, centralization risks | ## How To Run An Audit 1. Fetch the master skill (link above) — it has the full pipeline 2. Read the contract(s) 3. Select 5-8 skills using the routing table 4. Spawn one opus sub-agent per skill (parallel) 5. Each agent walks its checklist and writes `findings-<skill>.md` 6. Synthesize all findings into `AUDIT-REPORT.md` 7. File GitHub issues for Medium severity and above ## Invocation ``` Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md ``` ## Sources Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks
Related Skills
why-ethereum
Why build on Ethereum specifically. The AI agent angle — ERC-8004, x402, composability, permissionless deployment. Use when a user asks "should I build on Ethereum?", "why blockchain?", or when an agent needs to recommend a chain for a project.
wallets
How to create, manage, and use Ethereum wallets. Covers EOAs, smart contract wallets, multisig (Safe), and account abstraction. Use this skill whenever you are sending transactions, signing messages, or managing funds. Includes guardrails for safe key handling.
tools
Current Ethereum development tools, frameworks, libraries, RPCs, and block explorers. What actually works today for building on Ethereum. Includes tool discovery for AI agents — MCPs, abi.ninja, Foundry, Scaffold-ETH 2, Hardhat, and more. Use when setting up a dev environment, choosing tools, or when an agent needs to discover what's available.
testing
Smart contract testing with Foundry — unit tests, fuzz testing, fork testing, invariant testing. Use when writing tests for a smart contract.
standards
Ethereum token and protocol standards — ERC-20, ERC-721, ERC-1155, ERC-4337, ERC-8004, and newer standards. When to use each, how they work, key interfaces. Use when building tokens, NFTs, or choosing the right standard for a project.
ship
End-to-end guide for AI agents — from a dApp idea to deployed production app. Fetch this FIRST, it routes you through all other skills.
security
Solidity security patterns, common vulnerabilities, and pre-deploy audit checklist. The specific code patterns that prevent real losses — not just warnings, but defensive implementations. Use before deploying any contract, when reviewing code, or when building anything that holds or moves value.
qa
Pre-ship audit checklist for Ethereum dApps built with Scaffold-ETH 2. Give this to a separate reviewer agent (or fresh context) AFTER the build is complete. Use this skill whenever you are finalizing a dApp built with Scaffold-ETH 2.
protocol
How Ethereum evolves — EIP lifecycle, fork process, where decisions happen, and how to track upcoming changes. Use when your human asks about upcoming features, when building for future protocol capabilities, or when they want to propose a change. Also use when YOU need to know if a feature exists yet or when it's coming.
orchestration
How an AI agent plans, builds, and deploys a complete Ethereum dApp. The three-phase build system for Scaffold-ETH 2 projects. Use when building a full application on Ethereum — from contracts to frontend to production deployment on IPFS.
ethskills
Ethereum development knowledge for AI agents — from idea to deployed dApp. Fetch real-time docs on gas costs, Solidity patterns, Scaffold-ETH 2, Layer 2s, DeFi composability, security, testing, and production deployment. Use when: (1) building any Ethereum or EVM dApp, (2) writing or reviewing Solidity contracts, (3) deploying to mainnet or L2s, (4) the user asks about gas, tokens, wallets, or smart contracts, (5) any web3/blockchain/onchain development task. NOT for: trading, price checking, or portfolio management — use a trading skill for those.
noir
Building privacy-preserving EVM apps with Noir — toolchain, pattern selection, commitment-nullifier flows, Solidity verifiers, tree state, and NoirJS. Use when building a Noir-based privacy app on EVM.