An optimized collection of AI agent skills for security auditing
curl -fsSL https://raw.githubusercontent.com/forefy/.context/main/install.sh | bash- The installer will prompt for your agent harness and install location:
- Global - skills installed to
~/.claude/skills/ - Current project - skills installed to
.claude/skills/
- Global - skills installed to
- Next time you are auditing with an AI agent, the agent harness will automatically know when to read the skill files and invoke its magic
You can also use npx skills add forefy/.context but vercel's skills registry is less optimal
Security auditing skills for AI agents, adhering to the Agent Skills Format.
.context is one of the oldest efforts by security researchers to share auditing knowledge directly to your AI agent, and is built gradually over time. at the most simple form, you type "audit this contract" and end up with a multi-agent triaged AI report.
↓
↓
Skills are auto-installed to .claude/skills/ (or .agents/skills/) and invoked via textual inference when you request to audit a codebase, for example:
> Audit this codebase with the scope of @file.sol
Skills are auto-installed to .claude/skills/ and referenced by name:
@smart-contract-security-audit
Custom slash commands are auto-installed to .github/prompts/:
/generate_audit_report_generic
Optimized for protocol developers to use pre-audit, or for auditors expirementing with AI skills.
smart-contract-security-audit- Full smart contract audit framework with multi-expert analysis for Solidity, Anchor, Vyper, TON (FunC/Tact), and Sui (Move). Includes language-specific checks and vulnerability pattern references.infrastructure-security-audit- Infrastructure security audit framework for IaC, Docker, Kubernetes, and cloud configurations. audits generate numbered folders in.context/outputs/for tracking and reports
Workflow skills are designed to be picked up naturally as you travel through a codebase in your auditing process, and strategically fill context into a specific task.
-
auditor-quiz- Quick skill to get yourself engaged with the codebase from a security auditor perspective (but also from protocol dev perspective) and test how well you memorized it by quizing yourself. -
tiny-auditor- context window optimized audit skill - think caveman for audits. -
foundry-poc- context window optimized skill to generate a foundry proof of concept for a discussed finding. -
sandboxed-audit-runner- wraps the entire agent session inside the Anthropic Sandbox Runtime before starting any audit on untrusted code. Protects the host from prompt injection attacks embedded in the codebase - malicious comments, filenames, or configs designed to make the agent exfiltrate keys or make unauthorized network calls. -
agent-onboarding- agents are pre-instructed to get familiar with the code before anything, but also tracka. shared TODO.md - when you are in focus mode in your auditing you should have at least 4 concurrent AI terminals running. To sync their work, as well as keep quality coverage tracking of your audit, you can onboard agents to the team with a purpose (e.g. "Onboard to team to look for issues in recent commits only") -
gdocs-audit-report- expert skill for creating, formatting, and maintaining security audit reports in Google Docs via the Docs API. Covers finding formatting, summary tables, inline code styling, severity color schemes, index-drift safety, and all common Docs API pitfalls. -
blockchain-forensics- Trace stolen funds, attribute attacker wallets, using only public on-chain data. Also useful during audits for checking deployer history, validating privileged roles, and understanding how past exploits on similar protocols played out on-chain. -
git-commit- before letting the agent blind-commiting your code, it pre-runs tests, security reviews changed code, strips dead code and sensitive data it finds, enforces clean commit messages and validates the change won't break deployments. -
context-window-to-skill- converts a completed agent conversation into a reusable skill. extracts the pitfalls, tweaks, and lessons from the session so the next run gets it right from the start.
Skills follow the Agent Skills open standard - compatible with both GitHub Copilot and Claude Code.
Each skill is a directory with:
SKILL.md- Main framework and instructions- Language-specific reference files (loaded as needed for token efficiency)
reference/- Vulnerability patterns organized by language, protocol etc. Skills automatically reference these patterns during audits using progressive disclosure for token efficiency.
|
forefy |
Your research knowledge is the only skill required to contribute, whether its a methodology, specific knowledge on a protocol or language or even corrections - everything's highly welcome! help secure and improve the community!