solidity-security
tessl i github:wshobson/agents --skill solidity-securityMaster smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
Validation
81%| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (526 lines); consider splitting into references/ and linking | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
Total | 13 / 16 Passed | |
Implementation
73%This is a strong, actionable security skill with excellent code examples demonstrating vulnerable vs secure patterns. The main weaknesses are some verbosity in explanations and lack of explicit workflow guidance for conducting security audits or implementing security measures systematically. The progressive disclosure and actionability are excellent.
Suggestions
Add a clear workflow section for 'How to audit a contract' with numbered steps and validation checkpoints (e.g., 1. Run Slither, 2. Check for reentrancy patterns, 3. Verify access control...)
Consolidate the reentrancy section - show CEI pattern once with a note that ReentrancyGuard is an alternative, rather than full duplicate examples
Convert the security checklist from comments to an actual actionable checklist with verification steps
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some redundancy (e.g., explaining both CEI pattern and ReentrancyGuard separately with full examples, verbose security checklist as comments). Some sections could be tightened, though most content is valuable. | 2 / 3 |
Actionability | Excellent executable code examples throughout - vulnerable vs secure patterns side-by-side, complete Hardhat test examples, and copy-paste ready Solidity contracts. Every vulnerability includes concrete, runnable code. | 3 / 3 |
Workflow Clarity | While individual patterns are clear, there's no explicit workflow for auditing a contract or implementing security measures. The checklist is helpful but lacks sequencing and validation checkpoints for the audit/development process. | 2 / 3 |
Progressive Disclosure | Well-structured with clear sections, references to external files (references/*.md, assets/*, scripts/*), and appropriate content organization. Main skill provides overview with pointers to detailed materials. | 3 / 3 |
Total | 10 / 12 Passed |
Activation
75%The description has good structure with explicit 'Use when' guidance and a clear security-focused niche in the blockchain domain. However, it lacks specific concrete actions (what vulnerabilities? what patterns?) and could benefit from more natural trigger terms that users commonly use when seeking smart contract security help.
Suggestions
Add specific concrete actions like 'detect reentrancy attacks, validate access controls, implement safe math operations, audit for front-running vulnerabilities'
Include additional natural trigger terms users might say: 'web3 security', 'DeFi audit', 'exploit prevention', 'EVM vulnerabilities', 'contract hack'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (smart contract security) and mentions some actions (prevent vulnerabilities, implement secure patterns), but lacks specific concrete actions like 'detect reentrancy attacks, validate access controls, audit gas optimization'. | 2 / 3 |
Completeness | Clearly answers both what (master smart contract security, prevent vulnerabilities, implement secure patterns) and when (writing contracts, auditing existing contracts, implementing security measures) with explicit 'Use when' clause. | 3 / 3 |
Trigger Term Quality | Includes relevant keywords like 'smart contract', 'Solidity', 'security', 'auditing', 'blockchain', but misses common variations users might say like 'web3', 'EVM', 'exploit', 'hack prevention', 'DeFi security'. | 2 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on smart contract/Solidity security with distinct triggers; unlikely to conflict with general coding skills or other blockchain-related skills due to explicit security focus. | 3 / 3 |
Total | 10 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.