analyzing-ethereum-smart-contract-vulnerabilities
Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy, integer overflow, access control, and other vulnerability classes before deployment to Ethereum mainnet.
55
45%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/analyzing-ethereum-smart-contract-vulnerabilities/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, highly specific description that clearly identifies the domain (Solidity smart contracts), tools (Slither, Mythril), and concrete vulnerability classes it detects. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The technical terminology is appropriate for the target audience and provides excellent distinctiveness.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks to audit, scan, or review Solidity smart contracts for security vulnerabilities, or mentions Slither, Mythril, or pre-deployment security checks.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'static and symbolic analysis', 'detect reentrancy, integer overflow, access control, and other vulnerability classes', and names specific tools (Slither, Mythril). Very concrete about what it does. | 3 / 3 |
Completeness | The 'what' is very well covered (static/symbolic analysis of Solidity contracts using specific tools to detect specific vulnerability classes). However, there is no explicit 'Use when...' clause or equivalent trigger guidance, which per the rubric caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural terms a user would say: 'Solidity', 'smart contracts', 'Slither', 'Mythril', 'reentrancy', 'integer overflow', 'access control', 'vulnerability', 'Ethereum mainnet', 'deployment'. These are all terms a developer working in this domain would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche: Solidity smart contract security analysis with named tools (Slither, Mythril) targeting Ethereum. Very unlikely to conflict with other skills given the specificity of the domain, tools, and vulnerability types mentioned. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
7%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a high-level outline masquerading as a skill document. It provides no executable commands, no code examples, no concrete CLI flags, and no actual analysis procedures. The content explains concepts Claude already knows while failing to provide the specific, actionable guidance (e.g., exact slither/mythril commands, output parsing, triage criteria) that would make this skill useful.
Suggestions
Add concrete, copy-paste-ready CLI commands for both Slither (e.g., `slither . --json output.json --detect reentrancy-eth,unchecked-lowlevel`) and Mythril (e.g., `myth analyze contracts/Vault.sol --solv 0.8.19 -o json`)
Include a real or realistic code example showing a vulnerable Solidity contract and the corresponding tool output, demonstrating how to interpret findings
Add explicit validation checkpoints and feedback loops, such as verifying solc version compatibility, checking for compilation errors before analysis, and cross-referencing findings between tools
Remove the verbose overview paragraph and generic 'When to Use' section; replace with lean, specific content like example triage criteria, SWC ID mappings, and false positive filtering rules
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The overview paragraph explains concepts Claude already knows (smart contract immutability, what Slither and Mythril do at a high level, why security matters). The 'When to Use' section is generic boilerplate. Much of the content is padding that doesn't add actionable value. | 1 / 3 |
Actionability | No executable commands, no code examples, no concrete CLI invocations for Slither or Mythril. Steps are entirely abstract descriptions ('Run Slither against the contract codebase') with zero specifics on flags, output formats, or actual usage patterns. | 1 / 3 |
Workflow Clarity | Steps are listed but contain no actual instructions, no validation checkpoints, no error handling, and no feedback loops. Each step is a single vague sentence describing what to do without explaining how. For a multi-step security analysis workflow, this is critically insufficient. | 1 / 3 |
Progressive Disclosure | The content has some structural organization with headers and numbered steps, but there are no references to external files for detailed content. The skill is neither a concise overview pointing to details elsewhere nor a self-contained detailed guide—it's an outline with no substance. | 2 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.