solidity-security
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
74
62%
Does it follow best practices?
Impact
94%
1.00xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/blockchain-web3/skills/solidity-security/SKILL.mdQuality
Discovery
75%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is structurally sound with a clear 'Use when' clause and a distinct niche in smart contract security. However, it lacks specificity in the concrete actions it covers (e.g., specific vulnerability types or security patterns) and could benefit from more natural trigger terms that users would actually use when seeking help with Solidity security issues. The word 'Master' at the beginning reads slightly like instructional language rather than a capability description.
Suggestions
Replace the vague 'prevent common vulnerabilities' with specific examples like 'detect reentrancy attacks, prevent integer overflow, validate access controls, implement safe external calls'.
Add more natural trigger terms users would say, such as 'reentrancy', 'overflow', 'exploit', '.sol', 'ERC-20 security', 'DeFi', or 'gas optimization'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (smart contract security, Solidity) and mentions some actions ('prevent common vulnerabilities', 'implement secure patterns', 'auditing'), but doesn't list specific concrete actions like 'detect reentrancy attacks, validate access controls, implement safe math operations'. | 2 / 3 |
Completeness | Clearly answers both 'what' (master smart contract security best practices, prevent vulnerabilities, implement secure Solidity patterns) and 'when' with an explicit 'Use when' clause covering writing, auditing, and implementing security measures for blockchain applications. | 3 / 3 |
Trigger Term Quality | Includes relevant keywords like 'smart contract', 'Solidity', 'security', 'auditing', 'blockchain', but misses common natural variations users might say such as 'reentrancy', 'overflow', 'ERC-20', 'gas optimization', 'exploit', '.sol files', or 'DeFi security'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of smart contracts, Solidity, and security auditing creates a clear niche that is unlikely to conflict with general coding skills or other blockchain-related skills. The triggers are distinct enough to avoid false matches. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable Solidity security examples covering major vulnerability categories, which is its primary strength. However, it is excessively verbose—repeating patterns (CEI shown twice), explaining well-known concepts at length, and inlining content that should live in the referenced files. The lack of a clear audit workflow with validation steps and the absence of actual bundle files weaken its utility as a structured skill.
Suggestions
Reduce content by 50-60%: remove redundant CEI pattern demonstrations, condense vulnerability explanations to just the secure pattern (Claude knows what reentrancy and overflow are), and move detailed examples to the referenced files.
Add a clear sequential audit workflow with explicit validation steps, e.g., '1. Run Slither → 2. Check output for X → 3. If findings, apply pattern Y → 4. Re-run analysis → 5. Only deploy when clean.'
Actually create the referenced bundle files (references/reentrancy.md, assets/security-checklist.md, etc.) and move the detailed code examples there, keeping SKILL.md as a concise overview with one-level-deep references.
Remove the gas optimization section entirely or move it to a separate referenced file—it's tangential to the security focus and adds significant length.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~400+ lines. It explains concepts Claude already knows (what reentrancy is, what integer overflow is, basic Solidity patterns), includes redundant examples (the CEI pattern is shown twice in nearly identical form), and provides extensive code for well-known patterns that don't need this level of elaboration. The gas optimization section and many vulnerability examples could be drastically condensed. | 1 / 3 |
Actionability | The skill provides fully executable Solidity code examples for every vulnerability and pattern, complete with vulnerable vs. secure comparisons. The Hardhat test examples are concrete and copy-paste ready. Commands and imports reference real OpenZeppelin contracts. | 3 / 3 |
Workflow Clarity | The checklist provides a good overview of what to verify, but there's no clear sequential workflow for auditing a contract or securing an existing one. The front-running section has a two-step commit-reveal process, but overall there are no validation checkpoints or feedback loops for the audit/security review process itself. | 2 / 3 |
Progressive Disclosure | The skill references multiple files in a Resources section (references/reentrancy.md, assets/security-checklist.md, etc.), but no bundle files are provided, making these references non-functional. The main file is monolithic with all content inline rather than appropriately split across referenced files, despite the references suggesting such a structure exists. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (526 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
99da384
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.