Loading...
Loading...
Found 182 Skills
Guide for EVM/solidity smart contract security work: vulnerability taxonomy, review workflow, and where to place resources in README.md.
Points to Christoph Michel’s (cmichel.io) long-form guide on becoming a smart contract security auditor—EVM-centric learning path, CTFs, canonical DeFi contracts, finance basics, and an FAQ (tools, scoping, compensation). Use when the user asks how to start in Solidity/EVM auditing or cites this article—not as current salary data, job placement advice, or a substitute for hands-on practice and primary documentation.
AlgoKit Utils library for interacting with the Algorand blockchain from TypeScript or Python applications. Use when connecting to Algorand networks (LocalNet, TestNet, MainNet), sending payments or transferring assets, creating and managing accounts, deploying or interacting with smart contracts from client code, or composing transaction groups. NOT for writing smart contract code (use build-smart-contracts skill). Strong triggers include "How do I connect to Algorand?", "send a payment transaction", "create an account", "deploy my contract", "get an AlgorandClient", "AlgorandClient.fromEnvironment".
Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
Handle Chainlink CCIP requests including cross-chain token transfers, cross-chain messaging, fund bridging, sender and receiver contract development, message status lookup, route connectivity checks, supported token discovery, and CCT setup. Use this skill whenever the user mentions CCIP, Chainlink cross-chain, cross-chain token bridges on Chainlink, or wants to move tokens or data between blockchains using Chainlink infrastructure, even if they do not say 'CCIP' explicitly.
Test smart contracts comprehensively using Hardhat and Foundry with unit tests, integration tests, and mainnet forking. Use when testing Solidity contracts, setting up blockchain test suites, or validating DeFi protocols.
Integrate Cartridge's verifiable random number generator (vRNG) into onchain games.
Zero-knowledge cryptography and privacy patterns on Stellar/Soroban. Covers Groth16 verification, BLS12-381 (CAP-0059, available), BN254 + Poseidon host functions (CAP-0074/0075, status-sensitive), Noir / RISC Zero integration, privacy pools, confidential tokens, Merkle tree commitments, and status-sensitive guidance for protocol/SDK readiness. Use when building privacy-preserving applications or ZK-verifier contracts on Stellar.
Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.
Integrate external DEX liquidity into Uniswap V4 via Aggregator Hooks. Use when user says "aggregator hook", "external liquidity", "wrap Curve/Balancer/Aerodrome", "route through external DEX", "V4 hook for non-Uniswap pools", "compare liquidity sources", or mentions integrating third-party AMM liquidity into Uniswap routing.
Use this skill when the user mentions wallet login, sign in, verify OTP, create wallet, switch account, wallet status, logout, wallet balance, assets, holdings, send tokens, transfer ETH, transfer USDC, pay someone, send crypto, send ERC-20, send SPL, transaction history, recent transactions, tx status, tx detail, order list, call smart contract, interact with contract, execute contract function, send calldata, invoke smart contract, show my addresses, wallet addresses, deposit, receive, receive address, top up, fund my wallet. Chinese: 登录钱包, 钱包登录, 验证OTP, 创建钱包, 切换账户, 钱包状态, 退出登录, 余额, 资产, 钱包列表, 账户列表, 发送代币, 转账, 交易历史, 交易记录, 合约调用, 我的地址, 钱包地址, 充值, 充币, 收款, 收款地址, 入金. Manages the wallet lifecycle: auth (login, OTP verify, account creation, switching, status, logout), authenticated balance queries, wallet address display (grouped by XLayer/EVM/Solana), token transfers (native & ERC-20/SPL), transaction history, and smart contract calls. Do NOT use for DEX swaps — use okx-dex-swap. Do NOT use for token search or market data — use okx-dex-token or okx-dex-market. Do NOT use for smart money / whale / KOL signals — use okx-dex-signal. Do NOT use for meme token scanning — use okx-dex-trenches. Do NOT use for transaction broadcasting (non-wallet) — use okx-onchain-gateway. Do NOT use when the user says only a single word like 'wallet' or 'login' without specifying an action or context. Do NOT use for security scanning (token/DApp/tx/sig) — use okx-security. Do NOT use for querying a specific public address's portfolio balance (user provides an explicit address like 0xAbc...) — use okx-wallet-portfolio. Do NOT use for PnL analysis (win rate, realized/unrealized PnL, DEX history) — use okx-dex-market.