askill
audit

auditSafety 95Repository

Deep EVM smart contract security audit system. Use when asked to audit a contract, find vulnerabilities, review code for security issues, or file security issues on a GitHub repo. Covers 500+ non-obvious checklist items across 19 domains via parallel sub-agents. Different from the security skill (which teaches defensive coding) — this is for systematically auditing contracts you didn't write.

auditaustintgriffith
101 stars
2k downloads
Updated 3/8/2026

Package Files

Loading files...
SKILL.md

EVM Smart Contract Audit

A full audit system for any EVM contract. Runs parallel specialist agents against domain-specific checklists, synthesizes findings, and files GitHub issues.

The Checklists

20 specialized skills covering every major vulnerability domain. Fetch the master index first:

https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md

The master index contains:

  • Full routing table (which skills to load for which contract types)
  • The complete audit methodology (recon → parallel agents → synthesis → issues)
  • Standard finding format with severity definitions

All 20 skill checklists are at:

https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/<skill-name>/references/checklist.md

Skills Available

SkillWhen to Load
evm-audit-generalAlways
evm-audit-precision-mathAlways
evm-audit-erc20Contract interacts with ERC20 tokens
evm-audit-defi-ammAMM, DEX, Uniswap V3/V4, liquidity pools
evm-audit-defi-lendingLending, borrowing, CDP, liquidations
evm-audit-defi-stakingStaking, liquid staking, restaking, EigenLayer
evm-audit-erc4626Vaults, share/asset conversion
evm-audit-erc4337Account abstraction, paymasters, session keys
evm-audit-bridgesCross-chain, LayerZero, CCIP, Wormhole
evm-audit-proxiesUpgradeable contracts, UUPS, Transparent, Diamond
evm-audit-signaturesOff-chain signatures, EIP-712, permits
evm-audit-governanceDAO voting, timelocks, multi-sig
evm-audit-oraclesChainlink, TWAP, Pyth, price feeds
evm-audit-assemblyInline assembly, Yul, CREATE2
evm-audit-chain-specificNon-mainnet: Arbitrum, OP, zkSync, Blast, BSC
evm-audit-flashloansFlash loan attack vectors
evm-audit-erc721NFTs, ERC721, ERC1155
evm-audit-dosDoS, unbounded loops, gas griefing
evm-audit-access-controlOwnership, roles, centralization risks

How To Run An Audit

  1. Fetch the master skill (link above) — it has the full pipeline
  2. Read the contract(s)
  3. Select 5-8 skills using the routing table
  4. Spawn one opus sub-agent per skill (parallel)
  5. Each agent walks its checklist and writes findings-<skill>.md
  6. Synthesize all findings into AUDIT-REPORT.md
  7. File GitHub issues for Medium severity and above

Invocation

Audit this contract and file issues: https://github.com/owner/repo/blob/main/contracts/Foo.sol
Checklists: https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md

Sources

Built from research by Dacian, beirao.xyz, Sigma Prime, RareSkills, Decurity, weird-erc20, Spearbit, Hacken, OpenZeppelin, Cyfrin, and more. Full attribution: https://github.com/austintgriffith/evm-audit-skills#attribution--thanks

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

85/100Analyzed 3/9/2026

Comprehensive EVM smart contract audit system covering 19 vulnerability domains with parallel sub-agent architecture. Excellent clarity with routing table, structured 7-step process, and invocation examples. Highly reusable across different EVM contract types. Heavy reliance on external checklists and master skill reduces completeness slightly. Safe defensive tool with clear when-to-use guidance and technical attribution.

95
88
92
78
72

Metadata

Licenseunknown
Version-
Updated3/8/2026
Publisheraustintgriffith

Tags

ci-cdgithubsecurity