A multi-expert security audit skill for Daml smart contracts on the Canton Network.
Triggers three independent analysis passes over Daml code — an Authorization & State auditor, a Privacy & Canton auditor, and a skeptical Triager — then merges validated findings into a structured report. The triager round actively challenges each finding to eliminate false positives before anything reaches the final report.
| File | Purpose |
|---|---|
reference/daml-checks.md |
Daml-specific vulnerability checklist (signatories, choices, proposals) |
reference/canton-checks.md |
Canton infrastructure, privacy, and operational concerns |
reference/finding-format.md |
Standardized finding template and severity definitions |
reference/multi-expert.md |
Full three-round verification protocol |
Copy this directory into your Claude Code skills folder:
cp -r daml_review ~/.claude/skills/daml-auditThis tool uses AI to assist with security analysis. AI is non-deterministic and will not catch every vulnerability — findings may be incomplete, incorrect, or miss context that a human auditor would recognize. Do not rely on this tool as your sole security review before deploying to production.
We strongly recommend an independent professional security review of any Daml contracts handling real assets or sensitive data. CODESPECT specializes in smart contract security audits and can provide that assurance.
The skill architecture — multi-expert agents, independent analysis passes, and a triager validation round — was inspired by the agent patterns at forefy.