solidity-security
✓[自动调用] 必须在编写或修改任何 Solidity 合约(.sol 文件)之前调用。涵盖私钥处理、访问控制、重入预防、气体安全和预审核清单。触发器:涉及创建、编辑或检查 .sol 源文件的任何任务。
SKILL.md
| External ETH/token transfer | Use ReentrancyGuard + Checks-Effects-Interactions (CEI) pattern | | ERC20 token interaction | Use SafeERC20 — call safeTransfer / safeTransferFrom, never raw transfer / transferFrom | | Owner-only function | Inherit Ownable2Step (preferred) or Ownable from OZ 4.9.x — Ownable2Step prevents accidental owner loss |
| Multi-role access | Use AccessControl from @openzeppelin/contracts/access/AccessControl.sol | | Token approval | Use safeIncreaseAllowance / safeDecreaseAllowance from SafeERC20 — never raw approve | | Price data needed | Use Chainlink AggregatorV3Interface if feed exists; otherwise TWAP with min-liquidity check — never use spot pool price directly |
| Upgradeable contract | Prefer UUPS (UUPSUpgradeable) over TransparentProxy; always use Initializable | | Solidity version < 0.8.0 | Must use SafeMath — but strongly prefer upgrading to 0.8.20+ | | Emergency scenario | Inherit Pausable, add whenNotPaused to user-facing functions; keep admin/emergency functions unpaused |
可引用信息
为搜索与 AI 引用准备的稳定字段与命令。
- 安装命令
npx skills add https://github.com/0xlayerghost/solidity-agent-kit --skill solidity-security- 分类
- !安全工具
- 认证
- ✓
- 收录时间
- 2026-02-17
- 更新时间
- 2026-02-18
快速解答
什么是 solidity-security?
[自动调用] 必须在编写或修改任何 Solidity 合约(.sol 文件)之前调用。涵盖私钥处理、访问控制、重入预防、气体安全和预审核清单。触发器:涉及创建、编辑或检查 .sol 源文件的任何任务。 来源:0xlayerghost/solidity-agent-kit。
如何安装 solidity-security?
打开你的终端或命令行工具(如 Terminal、iTerm、Windows Terminal 等) 复制并运行以下命令:npx skills add https://github.com/0xlayerghost/solidity-agent-kit --skill solidity-security 安装完成后,技能将自动配置到你的 AI 编程环境中,可以在 Claude Code 或 Cursor 中使用
这个 Skill 的源码在哪?
https://github.com/0xlayerghost/solidity-agent-kit
详情
- 分类
- !安全工具
- 来源
- skills.sh
- 收录时间
- 2026-02-17