ton-vulnerability-scanner
Scans TON (The Open Network) smart contracts for 3 critical vulnerabilities including integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Use when auditing FunC contracts.
70
56%
Does it follow best practices?
Impact
92%
1.13xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.mdQuality
Discovery
85%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, well-crafted description that clearly identifies its niche (TON smart contract security), lists specific vulnerability types it detects, and includes an explicit 'Use when' clause. Its main weakness is that the trigger terms could be broader to capture more natural user phrasings like 'security audit', 'vulnerability check', or alternative language references like Tact.
Suggestions
Expand trigger terms to include common user phrasings like 'security audit', 'vulnerability check', 'contract security', or file extensions like '.fc'
Consider mentioning related terms users might use such as 'Tact contracts', 'TON blockchain security', or 'smart contract bugs'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists three specific concrete vulnerability types: integer-as-boolean misuse, fake Jetton contracts, and forward TON without gas checks. Also specifies the domain (TON smart contracts) and the action (scans for vulnerabilities). | 3 / 3 |
Completeness | Clearly answers both 'what' (scans TON smart contracts for 3 specific vulnerabilities) and 'when' ('Use when auditing FunC contracts'), with an explicit trigger clause. | 3 / 3 |
Trigger Term Quality | Includes good domain-specific terms like 'TON', 'smart contracts', 'FunC', 'Jetton', and 'auditing', but misses common user variations like 'security audit', 'vulnerability scan', 'Tact', '.fc files', 'contract security', or 'bug detection'. The trigger terms are somewhat narrow. | 2 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — targets a very specific niche (TON/FunC smart contract vulnerability scanning) with named vulnerability types. Extremely unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill attempts to cover TON smart contract vulnerability scanning but suffers from significant structural issues including duplicate section numbering, inconsistent vulnerability naming between the description and content, and a broken reference to a non-existent bundle file. While it provides some actionable grep commands and code examples, the extreme verbosity (~300+ lines) and monolithic structure undermine its effectiveness as a skill document. The content would benefit greatly from being restructured into a concise overview with properly organized supporting files.
Suggestions
Fix the duplicate section 5 numbering and reconcile the inconsistent vulnerability names (description says 'integer-as-boolean, fake Jetton, forward TON without gas' but inline summary says 'Missing Sender Check, Integer Overflow, Improper Gas Handling')
Move the detailed finding template, test examples, and quick reference checklist into separate bundle files (e.g., FINDING_TEMPLATE.md, TESTS.md, CHECKLIST.md) and reference them from a much shorter SKILL.md
Either include the referenced VULNERABILITY_PATTERNS.md in the bundle or inline the essential pattern details concisely in the main file
Remove sections Claude doesn't need (Platform Detection file extensions, 'When to Use This Skill' bullet list, 'Purpose' section) and reduce the main file to under 100 lines focusing on the scanning workflow and grep commands
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It includes unnecessary sections like 'When to Use This Skill' (6 bullet points of obvious contexts), 'Platform Detection' explaining file extensions and project structure Claude already knows, and extensive boilerplate. The description says 3 vulnerabilities but the content has duplicate/conflicting section numbering (two section 5s) and the pattern summary doesn't even match the title's claimed vulnerabilities (lists 'Missing Sender Check', 'Integer Overflow', 'Improper Gas Handling' instead of the described 'integer-as-boolean misuse, fake Jetton contracts, forward TON without gas checks'). Testing sections alone consume ~80 lines. | 1 / 3 |
Actionability | The skill provides concrete grep commands for detection and executable TypeScript test examples, plus FunC code for fixes. However, the vulnerability patterns themselves are inconsistent—the description promises 3 specific patterns but the inline summary lists different ones, and the actual detailed patterns are deferred to a VULNERABILITY_PATTERNS.md that doesn't exist in the bundle. The scanning workflow steps with checklists are useful but incomplete without the referenced resource. | 2 / 3 |
Workflow Clarity | The scanning workflow (Steps 1-5) provides a reasonable sequence with checklists for each step, and the grep commands give concrete detection methods. However, there are no explicit validation checkpoints or feedback loops—no 'if you find X, do Y before proceeding' logic. The duplicate section 5 numbering creates confusion about the document's own structure, and the workflow doesn't clearly specify what to do when findings are ambiguous. | 2 / 3 |
Progressive Disclosure | The skill references 'resources/VULNERABILITY_PATTERNS.md' but no bundle files exist, making this a broken reference. The document is monolithic—the full finding template example (~50 lines), complete test suites (~60 lines), and the quick reference checklist could all be in separate files. The duplicate section numbering (two '## 5.' sections) indicates poor organization. Content that should be in referenced files is inlined, bloating the main skill. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- trailofbits/skills
- Commit
a56045e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.