Browse skills

Comprehensive smart contract security analysis for EVM chains (Base, Ethereum, Arbitrum, Optimism). Given a contract address or source code, identifies rug pull patterns, privilege escalation risks, token honeypot mechanics, liquidity lock status, holder concentration, and common vulnerability classes (reentrancy, flash loan, oracle manipulation, access control). Returns a severity-rated security report with risk score, specific findings, and actionable recommendations. Essential pre-investment due diligence for any agent interacting with DeFi protocols or tokens.

Comprehensive cloud infrastructure configuration reviewer that audits Terraform, CloudFormation, Pulumi, Kubernetes manifests, Docker Compose, and Helm charts for security misconfigurations, cost optimization opportunities, reliability risks, and compliance violations. Checks against CIS benchmarks and AWS/GCP/Azure best practices. Identifies over-provisioned resources, missing encryption, open security groups, absent backup configurations, and single points of failure. Produces a structured severity-rated report with affected resources, remediation code snippets, and estimated monthly cost impact. Supports multi-cloud and hybrid deployments.

Validate .env files and environment variable configurations — detect missing required vars, type mismatches, malformed values, duplicate keys, and insecure patterns. Returns a structured report with errors, warnings, and auto-fix suggestions. The guard rail before any deploy, docker-compose up, or CI pipeline runs.

Scan project dependencies for known vulnerabilities (CVEs), license risks, and outdated packages. Supports npm, pip, Go, Rust, Ruby, Java. Returns structured vulnerability report with severity ratings, CVSS scores, remediation commands, and risk score for CI/CD gates.

Deep security audit of source code — detect vulnerabilities (OWASP Top 10, CWE-25), find secrets/credentials, flag injection vectors, identify insecure dependencies, analyze authentication/authorization flaws, and produce a prioritized remediation report with severity ratings (Critical/High/Medium/Low), CWE IDs, and fix suggestions. Supports Python, JavaScript/TypeScript, Go, Rust, Solidity, Java, C/C++, Ruby, PHP.

Validate YAML, JSON, TOML, and .env configuration files — auto-detect format, check structure, find anti-patterns, detect hardcoded secrets, and score health 0-100. Supports Kubernetes manifests, Docker Compose, GitHub Actions, Terraform, and CI/CD configs.

Analyze and optimize Dockerfiles: reduce image size, improve build cache usage, fix security issues (running as root, secrets in layers), apply multi-stage patterns, pin versions, and lint against best practices. Returns optimized Dockerfile + explanation of every change.

Validate YAML, JSON, TOML, and .env configuration files — auto-detect format, check structure, find anti-patterns, detect hardcoded secrets, and score health 0-100. Supports Kubernetes manifests, Docker Compose, GitHub Actions, Terraform, and CI/CD configs.

Analyze and optimize Dockerfiles: reduce image size, improve build cache usage, fix security issues (running as root, secrets in layers), apply multi-stage patterns, pin versions, and lint against best practices. Returns optimized Dockerfile + explanation of every change.

Audit a wallet's ERC-20 approvals on Base. Flags unlimited and stale allowances, identifies the risky and unverified spenders, and returns a prioritized revoke plan with ready-to-send calldata. Stops a drained-approval exploit before it costs an agent its balance.