solidity-security
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
78
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillAgent success when using this skill
Validation for skill structure
Discovery
75%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description has good structure with an explicit 'Use when' clause and clear domain focus on smart contract security. However, it relies on somewhat abstract language ('best practices', 'common vulnerabilities') rather than listing specific concrete actions or vulnerability types. The trigger terms cover the basics but could benefit from more natural variations users might employ.
Suggestions
Add specific concrete actions like 'detect reentrancy attacks, validate access controls, implement safe math operations, audit token transfers'
Include additional trigger terms users might naturally say: 'web3 security', 'DeFi audit', 'exploit prevention', 'EVM vulnerabilities', '.sol files'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (smart contract security) and mentions some actions (prevent vulnerabilities, implement secure patterns), but lacks specific concrete actions like 'detect reentrancy attacks, validate access controls, audit gas optimization'. | 2 / 3 |
Completeness | Clearly answers both what (master smart contract security best practices, prevent vulnerabilities, implement secure patterns) and when (writing smart contracts, auditing existing contracts, implementing security measures) with explicit 'Use when' clause. | 3 / 3 |
Trigger Term Quality | Includes relevant keywords like 'smart contract', 'Solidity', 'security', 'auditing', 'blockchain', but misses common variations users might say like 'web3', 'EVM', 'exploit', 'hack prevention', 'DeFi security', or specific vulnerability names. | 2 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on smart contract/Solidity/blockchain security - unlikely to conflict with general coding skills or other security skills due to the specific blockchain/Solidity focus. | 3 / 3 |
Total | 10 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, actionable security skill with excellent code examples demonstrating vulnerable vs secure patterns. The main weaknesses are some verbosity in explanations and lack of a clear step-by-step workflow for applying these security measures during contract development or audit. The progressive disclosure and organization are well done.
Suggestions
Add a brief workflow section at the top outlining when to apply each security pattern during the development lifecycle (e.g., '1. Start with access control, 2. Apply CEI to all external calls, 3. Run static analysis, 4. Write security tests')
Consolidate the reentrancy section - show CEI pattern once with a note that ReentrancyGuard is an alternative, rather than full examples of both
Add explicit validation checkpoints to the audit preparation section (e.g., 'Run slither before proceeding to manual review')
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some redundancy (e.g., explaining both CEI pattern and ReentrancyGuard separately with full examples, verbose security checklist as comments). Some sections could be tightened, though most content is valuable. | 2 / 3 |
Actionability | Excellent executable code examples throughout - vulnerable vs secure patterns side-by-side, complete Hardhat test examples, and copy-paste ready OpenZeppelin imports. Every vulnerability has concrete, runnable code demonstrating both the problem and solution. | 3 / 3 |
Workflow Clarity | While individual patterns are clear, there's no explicit workflow for auditing a contract or implementing security measures step-by-step. The checklist is helpful but lacks validation checkpoints or a clear sequence for when to apply each pattern during development. | 2 / 3 |
Progressive Disclosure | Well-structured with clear sections progressing from critical vulnerabilities to best practices to testing. References to external files (references/*.md, assets/*, scripts/*) are clearly signaled and one level deep. Content is appropriately organized for discovery. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (526 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.