← Back to Skills Marketplace
mzfshark

Smart Contract Audit

by Mauricio Z. · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
54
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install axodus-smartcontracts-audits
Description
Audit Solidity contracts for common vulnerabilities and design risks.
README (SKILL.md)

SKILL: smart-contract-audit

Purpose

Perform a deterministic, evidence-based vulnerability review of Solidity contracts and produce a prioritized audit report with concrete fixes.

When to Use

  • Before any deployment (even testnet) of value-bearing contracts.
  • After changing access control, external calls, accounting, or token logic.
  • When integrating with external protocols.

Inputs

  • scope (required, string[]): contract files and dependencies.
  • threat_model (optional, string): assets at risk, attacker capabilities, trust assumptions.
  • deployment_assumptions (optional, string): upgradeability, admin keys, multisig/DAO governance.

Steps

  1. Map the system:
    • entrypoints (public/external)
    • privileged roles
    • external calls and token transfers
  2. Run checklist-based review:
    • access control (missing/overbroad roles)
    • reentrancy surfaces (external calls, callbacks)
    • accounting correctness (under/overflow, rounding, precision, fee logic)
    • ERC standard compliance (events, return values)
    • upgradeability hazards (storage layout, initializer patterns)
    • DoS vectors (unbounded loops, griefing)
  3. Identify invariants and where they can break.
  4. Produce findings with reproduction notes and recommended fixes.

Validation

  • Every finding includes:
    • impacted function(s)
    • why it’s exploitable or risky
    • concrete remediation guidance
  • Non-issues are explicitly marked as “informational” when needed.

Output

Audit report (example schema):

summary: "\x3Csystem overview + top risks>"
findings:
  - id: "SC-001"
    severity: "critical|high|medium|low|info"
    title: "\x3Cshort>"
    location: ["contracts/X.sol:123"]
    description: "\x3Cwhat is wrong>"
    impact: "\x3Cwhat can happen>"
    recommendation: "\x3Chow to fix>"
assumptions: ["..."]

Safety Rules

  • Do not provide exploit code for real targets.
  • Do not claim “secure” or “audited” as an absolute; report risk and evidence.
  • Escalate to stricter review if funds or governance are at stake.

Example

Scope: ["contracts/Vault.sol", "contracts/Token.sol"] Output: includes reentrancy review of withdraw() and role boundaries for setFee().

Usage Guidance
This skill is instruction-only and appears coherent for auditing Solidity source files. However: (1) verify the skill author/owner provenance before trusting reports (metadata shows inconsistent author/owner labels); (2) do not feed any private keys, mnemonic phrases, or other secrets as part of the 'scope' input — audits should only include contract source and harmless test artifacts; (3) treat the generated audit as advisory: cross-check findings with standard static analyzers (Slither, Mythril, Echidna) and manual review before deploying; (4) although the SKILL.md asks not to provide exploit code, the model could still produce PoC snippets — review outputs for disallowed content and never run exploit code against real systems. If you need stronger assurance, prefer a skill with verifiable source (GitHub repo, maintainer identity) or run audits locally using known open-source tools.
Capability Analysis
Type: OpenClaw Skill Name: axodus-smartcontracts-audits Version: 1.0.0 The skill bundle defines a structured process for auditing Solidity smart contracts, focusing on common vulnerabilities like reentrancy, access control, and accounting logic. The instructions in SKILL.md and smart-contract-audit.md are professional, include explicit safety rules against generating exploit code, and contain no evidence of malicious intent, data exfiltration, or prompt injection.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The name, description, and runtime instructions all align: the skill describes checklist-based auditing of Solidity contracts and requires only contract sources as input. Minor metadata inconsistencies exist (author listed as "RedHat Dev" in SKILL.md/_meta.json while registry owner is a different ID), which is a provenance/labeling issue but not a technical mismatch with functionality.
Instruction Scope
SKILL.md is explicit and scoped to analyzing the provided `scope` files, mapping entrypoints/roles, checklist review, and producing findings. It does not instruct the agent to read unrelated files, access external endpoints, or exfiltrate data. It also contains safety guidance not to provide exploit code for real targets.
Install Mechanism
There is no install spec and no code files. This is instruction-only, so nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential request for the described audit functionality.
Persistence & Privilege
The skill does not request always:true and is user-invocable. The skill allows normal autonomous model invocation (platform default), which increases blast radius only in combination with other risks — no such risks are present here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install axodus-smartcontracts-audits
  3. After installation, invoke the skill by name or use /axodus-smartcontracts-audits
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
smart-contract-audit v1.0.0 - Initial release providing deterministic, evidence-based vulnerability reviews for Solidity contracts. - Audits identify risks including access control flaws, reentrancy, accounting errors, and ERC standard compliance. - Inputs support custom scope, threat models, and deployment assumptions. - Outputs a structured YAML audit report with prioritized findings and actionable recommendations. - Emphasizes responsible disclosure, reproduction guidance, and explicit risk explanations.
Metadata
Slug axodus-smartcontracts-audits
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Smart Contract Audit?

Audit Solidity contracts for common vulnerabilities and design risks. It is an AI Agent Skill for Claude Code / OpenClaw, with 54 downloads so far.

How do I install Smart Contract Audit?

Run "/install axodus-smartcontracts-audits" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Smart Contract Audit free?

Yes, Smart Contract Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Smart Contract Audit support?

Smart Contract Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Smart Contract Audit?

It is built and maintained by Mauricio Z. (@mzfshark); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments