governance-upgrade-risk
Governance Upgrade Risk
Governance and upgradeability trust review skill.
Purpose
Detect whether governance or upgrade control is concentrated, weakly separated, or capable of undermining user or integrator trust.
Focus
This skill is responsible for:
- single-key upgrade authority concentration,
- emergency admin abuse surface,
- governance bypass paths,
- unsafe config authority patterns,
- and migration or initialization flows that weaken trust.
What To Look For
- upgrade power held by an unsafe authority structure
- governance assumptions not matched by enforced control
- emergency powers that can bypass trust assumptions silently
- initialization or migration paths that can rewrite critical state
Output Shape
Each finding should state:
- what trust assumption governance appears to promise,
- how actual control differs,
- and whether another agent should refuse to integrate or allocate through it.
More from newmanxbt/sealevel-guard
cpi-risk
Detects whether the program can invoke the wrong program, propagate too much privilege, or trust unsafe callback behavior. Internal specialist module for CPI risk review.
1token-invariants
Detects whether token and vault logic can violate economic or accounting assumptions another agent would rely on. Internal specialist module for token invariant review.
1pda-integrity
Detects whether a program's PDA design allows spoofing, role confusion, or weak authority derivation. Internal specialist module for PDA integrity review.
1access-control
Detects whether privileged behavior is exposed to the wrong signer, authority, or account path. Internal specialist module for Solana access-control review.
1account-constraints
Detects whether the program trusts the wrong accounts, owners, or mutability assumptions. Internal specialist module for Anchor account validation review.
1sealevel-guard-review
Orchestrates parallelized Solana trust-gate review to determine whether a codebase or program is safe enough to ship, integrate, or allocate capital through. Use when asked to review, audit, or assess risk of a Solana program.
1