audit
SKILL.md
EVM Smart Contract Audit
A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.
The Checklists
20 specialized skills covering every major vulnerability domain. Fetch the master index first:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
The master index contains:
- Full routing table (which skills to load for which contract types)
- The complete audit methodology (recon → parallel agents → synthesis → issues)
- Standard finding format with severity definitions
All 20 skill checklists are at:
https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md
Skills Available
| Skill | When to Load |
|---|---|
evm-audit-general |
Always |
evm-audit-precision-math |
Always |
evm-audit-erc20 |
Contract interacts with ERC20 tokens |
evm-audit-defi-amm |
AMM, DEX, Uniswap V3/V4, liquidity pools |
evm-audit-defi-lending |
Lending, borrowing, CDP, liquidations |
evm-audit-defi-staking |
Staking, liquid staking, restaking, EigenLayer |
evm-audit-erc4626 |
Vaults, share/asset conversion |
evm-audit-erc4337 |
Account abstraction, paymasters, session keys |
evm-audit-bridges |
Cross-chain, LayerZero, CCIP, Wormhole |
evm-audit-proxies |
Upgradeable contracts, UUPS, Transparent, Diamond |
evm-audit-signatures |
Off-chain signatures, EIP-712, permits |
evm-audit-governance |
DAO voting, timelocks, multi-sig |
evm-audit-oracles |
Chainlink, TWAP, Pyth, price feeds |
evm-audit-assembly |
Inline assembly, Yul, CREATE2 |
evm-audit-chain-specific |
Non-mainnet: Arbitrum, OP, zkSync, Blast, BSC |
evm-audit-flashloans |
Flash loan attack vectors |
evm-audit-erc721 |
NFTs, ERC721, ERC1155 |
evm-audit-dos |
DoS, unbounded loops, gas griefing |
evm-audit-access-control |
Ownership, roles, centralization risks |
How To Run An Audit
- Fetch the master skill (link above) — it has the full pipeline
- Read the contract(s)
- Select 5-8 skills using the routing table
- Spawn one opus sub-agent per skill (parallel)
- Each agent walks its checklist and writes
findings-<skill>.md - Synthesize all findings into
AUDIT-REPORT.md - File GitHub issues for Medium severity and above
Invocation
Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md
Sources
Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks
Weekly Installs
13
Repository
austintgriffith…thskillsGitHub Stars
131
First Seen
11 days ago
Security Audits
Installed on
opencode12
github-copilot12
cline12
kimi-cli12
gemini-cli12
cursor12