solidity-security
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
81
58%
Does it follow best practices?
Impact
96%
1.00xAverage score across 6 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/blockchain-web3/skills/solidity-security/SKILL.mdQuality
Discovery
75%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is structurally sound with a clear 'Use when...' clause and a distinct niche in smart contract security. However, it relies on somewhat high-level language ('best practices', 'common vulnerabilities', 'security measures') rather than listing specific concrete actions or vulnerability types. Adding more specific trigger terms and concrete capabilities would strengthen it.
Suggestions
Replace vague phrases like 'common vulnerabilities' and 'security measures' with specific examples such as 'prevent reentrancy attacks, integer overflow, access control exploits, and front-running vulnerabilities'.
Add more natural trigger terms users might use, such as 'audit', '.sol files', 'reentrancy', 'OpenZeppelin', 'ERC-20/ERC-721 security', or 'DeFi exploit prevention'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (smart contract security, Solidity) and mentions some actions ('writing smart contracts', 'auditing existing contracts', 'implementing security measures'), but doesn't list specific concrete actions like 'prevent reentrancy attacks, validate access control, implement safe math operations'. | 2 / 3 |
Completeness | Clearly answers both 'what' (smart contract security best practices, preventing vulnerabilities, implementing secure Solidity patterns) and 'when' with an explicit 'Use when...' clause covering writing, auditing, and implementing security measures for blockchain applications. | 3 / 3 |
Trigger Term Quality | Includes relevant keywords like 'smart contract', 'Solidity', 'security', 'auditing', 'blockchain', and 'vulnerabilities', but misses common natural variations users might say such as 'reentrancy', 'overflow', 'exploit', 'gas optimization', '.sol files', 'ERC-20', or 'DeFi security'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'smart contract', 'Solidity', 'security', and 'blockchain' creates a clear niche that is unlikely to conflict with other skills. This is a well-defined domain with distinct triggers. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides comprehensive, executable Solidity security examples covering major vulnerability classes, but is far too verbose for a skill file—it explains well-known concepts at length rather than providing concise, actionable reminders. The content would be significantly improved by condensing the main file to a brief overview with a checklist and splitting detailed examples into referenced sub-files.
Suggestions
Reduce SKILL.md to a concise overview (~50-80 lines) with the security checklist and brief pattern reminders, moving detailed vulnerable/secure code pairs into separate referenced files like REENTRANCY.md, ACCESS_CONTROL.md, GAS_OPTIMIZATION.md
Remove explanations of concepts Claude already knows (what reentrancy is, what integer overflow means, what access control is) and focus only on the specific patterns and code to use
Add a concrete audit workflow with sequenced steps and validation checkpoints (e.g., 1. Run static analysis with Slither, 2. Check each item in checklist, 3. Write targeted tests, 4. Document findings)
Cut the gas optimization section entirely or reduce to a 3-line summary—it's tangential to security and is standard Solidity knowledge
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Explains concepts Claude already knows well (reentrancy, overflow, access control, gas optimization basics). Many patterns are shown in both vulnerable and secure forms with extensive inline comments that add little value. The checklist, gas optimization tips, and testing sections are all standard knowledge that don't need this level of detail. | 1 / 3 |
Actionability | All code examples are concrete, executable Solidity with proper imports, complete contract definitions, and specific library references (OpenZeppelin). The Hardhat test examples are also copy-paste ready with real assertions and setup. | 3 / 3 |
Workflow Clarity | The content presents patterns and examples clearly but lacks a coherent workflow for actually auditing or securing a contract. The checklist is helpful but there's no sequenced process with validation checkpoints—e.g., no 'run slither, then check X, then verify Y' flow. The front-running commit-reveal is the only multi-step process shown with clear sequencing. | 2 / 3 |
Progressive Disclosure | Monolithic wall of content with no references to external files or any layered structure. Everything from basic reentrancy to gas optimization to audit preparation is dumped into a single file. This would benefit enormously from splitting into separate files (e.g., VULNERABILITIES.md, GAS_OPTIMIZATION.md, TESTING.md) with a concise overview in SKILL.md. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- wshobson/agents
- Commit
112197c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.