analyzing-ethereum-smart-contract-vulnerabilities
Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.
41
41%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-ethereum-smart-contract-vulnerabilities/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, rich domain-specific trigger terms, and a very clear niche that minimizes conflict risk. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill over others.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks to audit, scan, or analyze Solidity smart contracts for security vulnerabilities, or mentions Slither, Mythril, or pre-deployment security checks.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'static and symbolic analysis', 'detect reentrancy, integer overflow, access control, and other vulnerability classes', and names specific tools (Slither, Mythril). Very concrete and detailed. | 3 / 3 |
Completeness | The 'what' is very well covered (static/symbolic analysis of Solidity contracts using specific tools to detect specific vulnerability classes). However, there is no explicit 'Use when...' clause or equivalent trigger guidance, which caps this at 2 per the rubric guidelines. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural terms a user would say: 'Solidity', 'smart contracts', 'Slither', 'Mythril', 'reentrancy', 'integer overflow', 'access control', 'vulnerability', 'Ethereum mainnet', 'deployment'. These are all terms a developer working in this domain would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche: Solidity smart contract security analysis with specific tools (Slither, Mythril) targeting Ethereum. Very unlikely to conflict with other skills given the narrow domain and specific tooling mentioned. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a high-level outline or table of contents with no actionable content. It lacks any executable commands, code examples, concrete CLI flags, sample outputs, or validation steps. Every section describes what should be done in abstract terms without showing how to do it, making it unusable as a skill for Claude.
Suggestions
Add concrete, executable CLI commands for each step, e.g., `slither . --json report.json --filter-paths node_modules` and `myth analyze contracts/Vault.sol --solv 0.8.19 --execution-timeout 300 -o json`
Include a real or representative example showing sample Slither/Mythril output and how to interpret and triage specific findings (e.g., a reentrancy detection with SWC-107)
Add explicit validation checkpoints, such as verifying solc version matches pragma, checking that Slither exits cleanly before proceeding to Mythril, and validating the final report schema
Remove the generic overview paragraph and 'When to Use' boilerplate; replace with a concise quick-start section that gets directly to running the tools
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The overview paragraph explains what smart contracts are, why they're important, and what Slither and Mythril do at a conceptual level — all things Claude already knows. The 'When to Use' section is generic boilerplate. Significant token waste throughout with no actionable density. | 1 / 3 |
Actionability | No executable commands, no code examples, no concrete CLI invocations for Slither or Mythril. Steps are entirely abstract descriptions ('Run Slither against the contract codebase') with zero copy-paste-ready guidance. This describes rather than instructs. | 1 / 3 |
Workflow Clarity | The four steps are vague headings with single-sentence descriptions. There are no validation checkpoints, no error handling, no feedback loops, and no concrete sequencing details. For a multi-step security analysis workflow involving destructive/critical operations (pre-deployment audit), this is inadequate. | 1 / 3 |
Progressive Disclosure | The content is a monolithic document with no references to supporting files, no linked resources, and no bundle files. All content is inline but paradoxically lacks the detail that would justify being inline. There's no structure for discovery or navigation to deeper material. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
9a588e6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.