Security review skill for Solidity contracts and protocols. Use when Codex needs to audit a Solidity repo, check a contract for exploitable bugs, review smart contracts for security issues, or produce a structured findings report. Supports default full-repo scans, `deep` multi-pass reviews, and targeted scans of specific `.sol` files.
Audit Solidity code for ways to steal funds, lock funds, grief users, or break core protocol invariants.
Use one of these modes:
deep: audit all in-scope Solidity files, then add an explicit adversarial reasoning pass.file1.sol file2.sol ...: audit only the specified Solidity files.Honor --file-output only when the user explicitly asks for a markdown report file. Otherwise, keep output in the terminal.
Apply these exclusions in every mode unless the user explicitly overrides them:
interfaces/, lib/, mocks/, and test/.*.t.sol, *Test*.sol, and *Mock*.sol.If the user passes file paths, treat those files as the scope. Otherwise use to discover files and resolve the skill-local helper paths without any glob lookup.
scripts/discover-solidity-files.sh.solIf no in-scope Solidity files remain after filtering, stop and say so clearly.
bash scripts/build-audit-input.sh --repo-root . --mode <mode> with optional --file or --attack-vectors arguments.AGENTS.md before deciding that any issue is reportable.docs/worker-playbooks/vector-scan.md and process docs/attack-vectors/attack-vectors-1.md through docs/attack-vectors/attack-vectors-4.md in sequential passes instead of parallel worker fan-out.deep mode, read docs/worker-playbooks/adversarial-reasoning.md and make this pass slower and more adversarial: look for multi-step exploit paths, composability failures, privilege-boundary mistakes, and attack chains that need setup.run_in_background, or undocumented automation.Produce findings directly in their final markdown form. Do not generate raw notes that need a second rewrite pass.
--file-output is explicitly requested.bash scripts/write-audit-report.sh --repo-root . and pass the finished markdown through stdin or --input.assets/findings/{project-name}-pashov-ai-audit-report-{timestamp}.md.Below Confidence Threshold separator row in the findings summary table.Fix section for findings below the confidence threshold.If no findings survive the reporting gate, state that no reportable findings were found.
assets/docs/ contains relevant local markdown or text files, read the ones that help explain the current module before auditing.assets/docs/ as manual operator notes only. Do not assume automatic fetching.assets/findings/ as an archive and output directory. Re-verify prior findings only when the user explicitly wants a historical comparison or carry-forward review.bash scripts/check-version.sh --check-remote only when that extra check is worth the latency.templates/audit-report-template.md as the final markdown contract and docs/usage.md as the quick reference.docs/redesign-notes.md when you need the rationale behind the serial deep mode or the manual asset-directory behaviors.2500 lines of Solidity, prefer reviewing module-by-module over one giant pass.deep mode improves coverage, but it does not replace a human audit.