CtrlK
BlogDocsLog inGet started
Tessl Logo

analyzing-ethereum-smart-contract-vulnerabilities

Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.

52

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

35%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is well-structured with a clear step sequence, but it is non-actionable (no executable commands) and fails to surface the useful bundle files that contain the concrete CLI commands and automation script.

Suggestions

Add concrete executable commands to each step (e.g. `slither contracts/ --json slither-report.json`, `myth analyze contracts/Token.sol -o json`) or point to references/api-reference.md for them.

Add explicit validation checkpoints, e.g. confirm the solc version matches the contract pragma before analysis and re-run a detector after fixing a finding.

Signpost the bundle files from the body (e.g. "See [references/api-reference.md](references/api-reference.md) for full CLI flags and the SWC registry; use [scripts/agent.py](scripts/agent.py) to run both tools together") and trim the explanatory Overview background.

DimensionReasoningScore

Conciseness

The Overview explains concepts Claude already knows ("deployed smart contracts are immutable and handle real financial assets", how Slither/Mythril work), which is padding, though the When-to-Use, Prerequisites, Steps, and Expected Output sections are reasonably lean.

2 / 3

Actionability

The steps are abstract descriptions ("Execute Slither against the contract codebase", "Run Mythril deep analysis", "Produce a structured audit report") with no executable commands or code, matching the score-1 anchor of describing rather than instructing.

1 / 3

Workflow Clarity

A clear Step 1-4 sequence is present (Slither, Mythril, Triage, Report), but there are no validation checkpoints or feedback loops, so workflow clarity is capped at 2.

2 / 3

Progressive Disclosure

The body is organized into clear sections, but it never references or links the existing bundle files (references/api-reference.md with concrete CLI commands, scripts/agent.py), so navigation to the detailed materials is missing.

2 / 3

Total

7

/

12

Passed

Description

82%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, distinctive, and uses strong natural trigger terms, but it omits an explicit "when to use" trigger clause, which caps its completeness at 2.

Suggestions

Add an explicit "Use when..." clause naming triggering situations, e.g. "Use when auditing Solidity/DeFi smart contracts before deployment or when investigating smart-contract vulnerabilities."

Include common user variations such as "smart contract audit", "DeFi security review", or "vulnerability scan" to broaden trigger-term coverage.

DimensionReasoningScore

Specificity

Lists multiple concrete actions ("static and symbolic analysis") with named tools ("Slither and Mythril") and specific targets ("reentrancy, integer overflow, access control"), matching the score-3 anchor of multiple specific concrete actions.

3 / 3

Completeness

Clearly answers what the skill does, but there is no "Use when..." clause or equivalent explicit trigger guidance; per the rubric guideline a missing trigger clause caps completeness at 2.

2 / 3

Trigger Term Quality

Uses natural domain terms a blockchain-security user would actually say ("Solidity smart contracts", "Slither", "Mythril", "reentrancy", "integer overflow", "Ethereum"), giving good coverage of relevant keywords.

3 / 3

Distinctiveness Conflict Risk

Highly specific niche (Solidity/Ethereum smart-contract security with named tools) that is clearly distinguishable and unlikely to trigger for the wrong skill.

3 / 3

Total

11

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
mukul975/Anthropic-Cybersecurity-Skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.