Back to Details

audit-context-building

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Deep Context Builder Skill (Ultra-Granular Pure Context Mode)

深度上下文构建Skill(超精细纯上下文模式)

1. Purpose

1. 用途

This skill governs how Claude thinks during the context-building phase of an audit.
When active, Claude will:
  • Perform line-by-line / block-by-block code analysis by default.
  • Apply First Principles, 5 Whys, and 5 Hows at micro scale.
  • Continuously link insights → functions → modules → entire system.
  • Maintain a stable, explicit mental model that evolves with new evidence.
  • Identify invariants, assumptions, flows, and reasoning hazards.
This skill defines a structured analysis format (see Example: Function Micro-Analysis below) and runs before the vulnerability-hunting phase.
本Skill管控审计过程中Claude在上下文构建阶段的思考方式
激活后,Claude将:
  • 默认执行逐行/逐块代码分析。
  • 在微观层面应用First Principles(第一性原理)5 Whys(五问法)5 Hows(五步法)
  • 持续将见解关联到函数、模块乃至整个系统。
  • 维护一个随新证据不断演进的稳定、明确的心智模型。
  • 识别不变量、假设、流程和推理风险。
本Skill定义了结构化的分析格式(见下文示例:函数微观分析),并在漏洞排查阶段之前运行。

2. When to Use This Skill

2. 适用场景

Use when:
  • Deep comprehension is needed before bug or vulnerability discovery.
  • You want bottom-up understanding instead of high-level guessing.
  • Reducing hallucinations, contradictions, and context loss is critical.
  • Preparing for security auditing, architecture review, or threat modeling.
Do not use for:
  • Vulnerability findings
  • Fix recommendations
  • Exploit reasoning
  • Severity/impact rating
适用于以下情况:
  • 在发现Bug或漏洞前需要深度理解代码。
  • 希望通过自下而上的方式理解系统,而非高层猜测。
  • 减少幻觉、矛盾和上下文丢失至关重要。
  • 为安全审计、架构审查或威胁建模做准备。
请勿用于:
  • 漏洞发现
  • 修复建议
  • 漏洞利用推理
  • 严重程度/影响评级

3. How This Skill Behaves

3. 行为模式

When active, Claude will:
  • Default to ultra-granular analysis of each block and line.
  • Apply micro-level First Principles, 5 Whys, and 5 Hows.
  • Build and refine a persistent global mental model.
  • Update earlier assumptions when contradicted ("Earlier I thought X; now Y.").
  • Periodically anchor summaries to maintain stable context.
  • Avoid speculation; express uncertainty explicitly when needed.
Goal: deep, accurate understanding, not conclusions.
激活后,Claude将:
  • 默认对每个代码块和代码行进行超精细分析
  • 在微观层面应用第一性原理、五问法和五步法。
  • 构建并优化持久化的全局心智模型。
  • 当发现矛盾时更新之前的假设(如:"之前我认为是X;现在修正为Y。")。
  • 定期生成锚定摘要以维持稳定的上下文。
  • 避免猜测;必要时明确表达不确定性。
目标:深度、准确的理解,而非直接得出结论。

Rationalizations (Do Not Skip)

常见误区(请勿跳过)

RationalizationWhy It's WrongRequired Action
"I get the gist"Gist-level understanding misses edge casesLine-by-line analysis required
"This function is simple"Simple functions compose into complex bugsApply 5 Whys anyway
"I'll remember this invariant"You won't. Context degrades.Write it down explicitly
"External call is probably fine"External = adversarial until proven otherwiseJump into code or model as hostile
"I can skip this helper"Helpers contain assumptions that propagateTrace the full call chain
"This is taking too long"Rushed context = hallucinated vulnerabilities laterSlow is fast
误区错误原因要求操作
"我大概懂了"浅层次理解会遗漏边缘情况必须进行逐行分析
"这个函数很简单"简单函数组合起来可能产生复杂Bug仍需应用5 Whys
"我会记住这个不变量"上下文会逐渐遗忘必须明确记录下来
"外部调用应该没问题"外部组件在被证明安全前应视为具有攻击性深入代码分析或假设其为敌对组件
"我可以跳过这个辅助函数"辅助函数包含的假设会传播到其他部分追踪完整的调用链
"这太费时间了"仓促构建的上下文会导致后续漏洞排查出现幻觉慢即是快

4. Phase 1 — Initial Orientation (Bottom-Up Scan)

4. 阶段1 — 初始定位(自下而上扫描)

Before deep analysis, Claude performs a minimal mapping:
  1. Identify major modules/files/contracts.
  2. Note obvious public/external entrypoints.
  3. Identify likely actors (users, owners, relayers, oracles, other contracts).
  4. Identify important storage variables, dicts, state structs, or cells.
  5. Build a preliminary structure without assuming behavior.
This establishes anchors for detailed analysis.
在深度分析前,Claude会先进行最小化映射:
  1. 识别主要模块/文件/合约。
  2. 标记明显的公共/外部入口点。
  3. 识别可能的参与者(用户、所有者、中继器、预言机、其他合约)。
  4. 识别重要的存储变量、字典、状态结构体或单元格。
  5. 在不假设行为的前提下构建初步结构。
此步骤为后续的详细分析建立锚点。

5. Phase 2 — Ultra-Granular Function Analysis (Default Mode)

5. 阶段2 — 超精细函数分析(默认模式)

Every non-trivial function receives full micro analysis.
所有非 trivial 函数都将接受完整的微观分析。

5.1 Per-Function Microstructure Checklist

5.1 函数微观结构检查清单

For each function:
  1. Purpose
    • Why the function exists and its role in the system.
  2. Inputs & Assumptions
    • Parameters and implicit inputs (state, sender, env).
    • Preconditions and constraints.
  3. Outputs & Effects
    • Return values.
    • State/storage writes.
    • Events/messages.
    • External interactions.
  4. Block-by-Block / Line-by-Line Analysis For each logical block:
    • What it does.
    • Why it appears here (ordering logic).
    • What assumptions it relies on.
    • What invariants it establishes or maintains.
    • What later logic depends on it.
    Apply per-block:
    • First Principles
    • 5 Whys
    • 5 Hows
针对每个函数:
  1. 用途
    • 函数存在的原因及其在系统中的角色。
  2. 输入与假设
    • 参数和隐式输入(状态、调用者、环境)。
    • 前置条件和约束。
  3. 输出与影响
    • 返回值。
    • 状态/存储写入操作。
    • 事件/消息。
    • 外部交互。
  4. 逐块/逐行分析 针对每个逻辑块:
    • 功能是什么。
    • 为什么在此处出现(排序逻辑)。
    • 依赖哪些假设。
    • 建立或维护了哪些不变量。
    • 后续逻辑依赖此块的哪些内容。
    针对每个块应用:
    • First Principles
    • 5 Whys
    • 5 Hows

5.2 Cross-Function & External Flow Analysis

5.2 跨函数与外部流程分析

(Full Integration of Jump-Into-External-Code Rule)
When encountering calls, continue the same micro-first analysis across boundaries.
(完整集成"深入外部代码"规则)
当遇到调用时,需跨边界延续相同的微观优先分析

Internal Calls

内部调用

  • Jump into the callee immediately.
  • Perform block-by-block analysis of relevant code.
  • Track flow of data, assumptions, and invariants: caller → callee → return → caller.
  • Note if callee logic behaves differently in this specific call context.
  • 立即跳转到被调用函数。
  • 对相关代码进行逐块分析。
  • 追踪数据、假设和不变量的流转: 调用者 → 被调用者 → 返回 → 调用者。
  • 记录被调用者逻辑在此特定调用上下文中是否有不同表现。

External Calls — Two Cases

外部调用 — 两种情况

Case A — External Call to a Contract Whose Code Exists in the Codebase Treat as an internal call:
  • Jump into the target contract/function.
  • Continue block-by-block micro-analysis.
  • Propagate invariants and assumptions seamlessly.
  • Consider edge cases based on the actual code, not a black-box guess.
Case B — External Call Without Available Code (True External / Black Box) Analyze as adversarial:
  • Describe payload/value/gas or parameters sent.
  • Identify assumptions about the target.
  • Consider all outcomes:
    • revert
    • incorrect/strange return values
    • unexpected state changes
    • misbehavior
    • reentrancy (if applicable)
情况A — 调用代码库中存在的外部合约 视为内部调用处理:
  • 跳转到目标合约/函数。
  • 继续逐块微观分析。
  • 无缝传播不变量和假设。
  • 根据实际代码而非黑盒猜测来考虑边缘情况。
情况B — 调用无可用代码的外部组件(真正的外部/黑盒) 视为敌对组件分析:
  • 描述发送的负载/价值/ gas 或参数。
  • 识别对目标组件的假设。
  • 考虑所有可能的结果:
    • 回滚
    • 错误/异常返回值
    • 意外状态变更
    • 异常行为
    • 重入(如适用)

Continuity Rule

连续性规则

Treat the entire call chain as one continuous execution flow. Never reset context. All invariants, assumptions, and data dependencies must propagate across calls.
将整个调用链视为一个连续的执行流。 切勿重置上下文。 所有不变量、假设和数据依赖必须跨调用传播。

5.3 Complete Analysis Example

5.3 完整分析示例

See FUNCTION_MICRO_ANALYSIS_EXAMPLE.md for a complete walkthrough demonstrating:
  • Full micro-analysis of a DEX swap function
  • Application of First Principles, 5 Whys, and 5 Hows
  • Block-by-block analysis with invariants and assumptions
  • Cross-function dependency mapping
  • Risk analysis for external interactions
This example demonstrates the level of depth and structure required for all analyzed functions.
详见 FUNCTION_MICRO_ANALYSIS_EXAMPLE.md 中的完整演示,包括:
  • 对DEX交换函数的完整微观分析
  • First Principles、5 Whys和5 Hows的应用
  • 包含不变量和假设的逐块分析
  • 跨函数依赖映射
  • 外部交互的风险分析
此示例展示了所有被分析函数所需的深度和结构化要求。

5.4 Output Requirements

5.4 输出要求

When performing ultra-granular analysis, Claude MUST structure output following the format defined in OUTPUT_REQUIREMENTS.md.
Key requirements:
  • Purpose (2-3 sentences minimum)
  • Inputs & Assumptions (all parameters, preconditions, trust assumptions)
  • Outputs & Effects (returns, state writes, external calls, events, postconditions)
  • Block-by-Block Analysis (What, Why here, Assumptions, First Principles/5 Whys/5 Hows)
  • Cross-Function Dependencies (internal calls, external calls with risk analysis, shared state)
Quality thresholds:
  • Minimum 3 invariants per function
  • Minimum 5 assumptions documented
  • Minimum 3 risk considerations for external interactions
  • At least 1 First Principles application
  • At least 3 combined 5 Whys/5 Hows applications
执行超精细分析时,Claude必须严格遵循 OUTPUT_REQUIREMENTS.md 中定义的格式输出。
核心要求:
  • 用途(至少2-3句话)
  • 输入与假设(所有参数、前置条件、信任假设)
  • 输出与影响(返回值、状态写入、外部调用、事件、后置条件)
  • 逐块分析(功能、此处存在的原因、假设、First Principles/5 Whys/5 Hows应用)
  • 跨函数依赖(内部调用、含风险分析的外部调用、共享状态)
质量阈值:
  • 每个函数至少记录3个不变量
  • 至少记录5个假设
  • 外部交互至少包含3个风险考量
  • 至少应用1次First Principles
  • 至少应用3次5 Whys/5 Hows(合计)

5.5 Completeness Checklist

5.5 完整性检查清单

Before concluding micro-analysis of a function, verify against the COMPLETENESS_CHECKLIST.md:
  • Structural Completeness: All required sections present (Purpose, Inputs, Outputs, Block-by-Block, Dependencies)
  • Content Depth: Minimum thresholds met (invariants, assumptions, risk analysis, First Principles)
  • Continuity & Integration: Cross-references, propagated assumptions, invariant couplings
  • Anti-Hallucination: Line number citations, no vague statements, evidence-based claims
Analysis is complete when all checklist items are satisfied and no unresolved "unclear" items remain.
完成函数微观分析前,请对照 COMPLETENESS_CHECKLIST.md 进行验证:
  • 结构完整性:所有必填部分齐全(用途、输入、输出、逐块分析、依赖)
  • 内容深度:满足最低阈值要求(不变量、假设、风险分析、First Principles)
  • 连续性与集成:存在交叉引用、传播的假设、不变量关联
  • 抗幻觉:引用行号、无模糊表述、基于证据的结论
当所有检查项均满足且无未解决的"不明确"项时,分析才算完成。

6. Phase 3 — Global System Understanding

6. 阶段3 — 全局系统理解

After sufficient micro-analysis:
  1. State & Invariant Reconstruction
    • Map reads/writes of each state variable.
    • Derive multi-function and multi-module invariants.
  2. Workflow Reconstruction
    • Identify end-to-end flows (deposit, withdraw, lifecycle, upgrades).
    • Track how state transforms across these flows.
    • Record assumptions that persist across steps.
  3. Trust Boundary Mapping
    • Actor → entrypoint → behavior.
    • Identify untrusted input paths.
    • Privilege changes and implicit role expectations.
  4. Complexity & Fragility Clustering
    • Functions with many assumptions.
    • High branching logic.
    • Multi-step dependencies.
    • Coupled state changes across modules.
These clusters help guide the vulnerability-hunting phase.
完成足够的微观分析后:
  1. 状态与不变量重构
    • 映射每个状态变量的读写操作。
    • 推导跨函数和跨模块的不变量。
  2. 工作流重构
    • 识别端到端流程(存款、取款、生命周期、升级)。
    • 追踪状态在这些流程中的转换。
    • 记录跨步骤持续存在的假设。
  3. 信任边界映射
    • 参与者 → 入口点 → 行为。
    • 识别不可信输入路径。
    • 权限变更和隐含角色预期。
  4. 复杂度与脆弱性聚类
    • 包含大量假设的函数。
    • 高分支逻辑。
    • 多步骤依赖。
    • 跨模块的耦合状态变更。
这些聚类将为后续的漏洞排查阶段提供指导。

7. Stability & Consistency Rules

7. 稳定性与一致性规则

(Anti-Hallucination, Anti-Contradiction)
Claude must:
  • Never reshape evidence to fit earlier assumptions. When contradicted:
    • Update the model.
    • State the correction explicitly.
  • Periodically anchor key facts Summarize core:
    • invariants
    • state relationships
    • actor roles
    • workflows
  • Avoid vague guesses Use:
    • "Unclear; need to inspect X." instead of:
    • "It probably…"
  • Cross-reference constantly Connect new insights to previous state, flows, and invariants to maintain global coherence.
(抗幻觉、抗矛盾)
Claude必须:
  • 绝不能为了迎合之前的假设而歪曲证据。 当发现矛盾时:
    • 更新心智模型。
    • 明确说明修正内容。
  • 定期锚定关键事实 总结核心内容:
    • 不变量
    • 状态关系
    • 参与者角色
    • 工作流
  • 避免模糊猜测 使用:
    • "不明确;需要检查X。" 而非:
    • "可能是…"
  • 持续交叉引用 将新见解与之前的状态、流程和不变量关联,以保持全局一致性。

8. Subagent Usage

8. 子Agent使用

Claude may spawn subagents for:
  • Dense or complex functions.
  • Long data-flow or control-flow chains.
  • Cryptographic / mathematical logic.
  • Complex state machines.
  • Multi-module workflow reconstruction.
Subagents must:
  • Follow the same micro-first rules.
  • Return summaries that Claude integrates into its global model.
Claude可生成子Agent用于处理:
  • 密集或复杂的函数。
  • 长数据流或控制流链。
  • 密码学/数学逻辑。
  • 复杂状态机。
  • 跨模块工作流重构。
子Agent必须:
  • 遵循相同的微观优先规则。
  • 返回可被Claude整合到全局模型中的摘要。

9. Relationship to Other Phases

9. 与其他阶段的关系

This skill runs before:
  • Vulnerability discovery
  • Classification / triage
  • Report writing
  • Impact modeling
  • Exploit reasoning
It exists solely to build:
  • Deep understanding
  • Stable context
  • System-level clarity
本Skill在以下阶段之前运行:
  • 漏洞发现
  • 分类/分流
  • 报告撰写
  • 影响建模
  • 漏洞利用推理
它的唯一目的是构建:
  • 深度理解
  • 稳定上下文
  • 系统级清晰度

10. Non-Goals

10. 非目标

While active, Claude should NOT:
  • Identify vulnerabilities
  • Propose fixes
  • Generate proofs-of-concept
  • Model exploits
  • Assign severity or impact
This is pure context building only.
激活本Skill时,Claude不得:
  • 识别漏洞
  • 提出修复方案
  • 生成概念验证
  • 建模漏洞利用
  • 分配严重程度或影响等级
此Skill仅用于纯上下文构建