Agent Skills
Discover and share powerful Agent Skills for AI assistants
solidity-security - Agent Skill - Agent Skills
Home/ Skills / solidity-security Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
Use the skills CLI to install this skill with one command. Auto-detects all installed AI assistants.
Method 1 - skills CLI
npx skills i wshobson/agents/plugins/blockchain-web3/skills/solidity-security CopyMethod 2 - openskills (supports sync & update)
npx openskills install wshobson/agents CopyAuto-detects Claude Code, Cursor, Codex CLI, Gemini CLI, and more. One install, works everywhere.
Installation Path
Download and extract to one of the following locations:
Claude Code Cursor OpenCode Gemini CLI Codex CLI
~/.claude/skills/solidity-security/ Back No setup needed. Let our cloud agents run this skill for you.
Select Model
Claude Haiku 4.5 $0.10 Claude Sonnet 4.5 $0.20 Claude Opus 4.5 $0.50 Claude Sonnet 4.5 $0.20 /task
Best for coding tasks
Try NowEnvironment setup included
Solidity Security
Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.
When to Use This Skill
Writing secure smart contracts
Auditing existing contracts for vulnerabilities
Implementing secure DeFi protocols
Preventing reentrancy, overflow, and access control issues
Optimizing gas usage while maintaining security
Preparing contracts for professional audits
Understanding common attack vectors
Detailed patterns and worked examples
Detailed pattern documentation lives in references/details.md. Read that file when the navigation tier above is insufficient.
Testing for Security
// Hardhat test example
const { expect } = require ( "chai" );
const { ethers } = require ( "hardhat" );
describe ( "Security Tests" , function () {
it ( "Should prevent reentrancy attack" , async function () {
const [ attacker ] = await ethers. getSigners ();
Audit Preparation
contract WellDocumentedContract {
/**
* @title Well Documented Contract
* @dev Example of proper documentation for audits
* @notice This contract handles user deposits and withdrawals
*/
/// @notice Mapping of user balances
mapping ( address
const
VictimBank
=
await
ethers.
getContractFactory
(
"SecureBank"
);
const bank = await VictimBank. deploy ();
const Attacker = await ethers. getContractFactory ( "ReentrancyAttacker" );
const attackerContract = await Attacker. deploy (bank.address);
// Deposit funds
await bank. deposit ({ value: ethers.utils. parseEther ( "10" ) });
// Attempt reentrancy attack
await expect (
attackerContract. attack ({ value: ethers.utils. parseEther ( "1" ) }),
).to.be. revertedWith ( "ReentrancyGuard: reentrant call" );
});
it ( "Should prevent integer overflow" , async function () {
const Token = await ethers. getContractFactory ( "SecureToken" );
const token = await Token. deploy ();
// Attempt overflow
await expect (token. transfer (attacker.address, ethers.constants.MaxUint256))
.to.be.reverted;
});
it ( "Should enforce access control" , async function () {
const [ owner , attacker ] = await ethers. getSigners ();
const Contract = await ethers. getContractFactory ( "SecureContract" );
const contract = await Contract. deploy ();
// Attempt unauthorized withdrawal
await expect (contract. connect (attacker). withdraw ( 100 )).to.be. revertedWith (
"Ownable: caller is not the owner" ,
);
});
});
=>
uint256
)
public
balances;
/**
* @dev Deposits ETH into the contract
* @notice Anyone can deposit funds
*/
function deposit () public payable {
require ( msg .value > 0 , "Must send ETH" );
balances[ msg.sender ] += msg .value;
}
/**
* @dev Withdraws user's balance
* @notice Follows CEI pattern to prevent reentrancy
* @param amount Amount to withdraw in wei
*/
function withdraw ( uint256 amount ) public {
// CHECKS
require (amount <= balances[ msg.sender ], "Insufficient balance" );
// EFFECTS
balances[ msg.sender ] -= amount;
// INTERACTIONS
( bool success, ) = msg.sender .call{value : amount}( "" );
require (success, "Transfer failed" );
}
}