Skill Gallery
Back to list
trailofbits

guidelines-advisor

by trailofbits

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

1,725🍴 140📅 Jan 23, 2026
agent-skillsutility-developmenttool-buildingproductivity-enhancementworkflow-improvementintegration-support
View on GitHubRun in Manus

Use Cases

Work Efficiency

Streamline daily tasks and improve productivity.

📋

Project Management

Assist with task management and project tracking.

👥

Team Collaboration

Improve team communication and collaboration.

SKILL.md

name: guidelines-advisor description: Comprehensive smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations. (project, gitignored)

Guidelines Advisor

Purpose

I will systematically analyze your codebase and provide comprehensive guidance based on Trail of Bits' development guidelines. I'll help you:

  1. Generate documentation and specifications (plain English descriptions, architectural diagrams, code documentation)
  2. Optimize on-chain/off-chain architecture (only if applicable)
  3. Review upgradeability patterns (if your project has upgrades)
  4. Check delegatecall/proxy implementations (if present)
  5. Assess implementation quality (functions, inheritance, events)
  6. Identify common pitfalls
  7. Review dependencies
  8. Evaluate test suite and suggest improvements

Framework: Building Secure Contracts - Development Guidelines

How This Works

Phase 1: Discovery & Context

I'll explore the codebase to understand:

  • Project structure and platform
  • Contract/module files and their purposes
  • Existing documentation
  • Architecture patterns (proxies, upgrades, etc.)
  • Testing setup
  • Dependencies

Phase 2: Documentation Generation

I'll help create:

  • Plain English system description
  • Architectural diagrams (using Slither printers for Solidity)
  • Code documentation recommendations (NatSpec for Solidity)

Phase 3: Architecture Analysis

I'll analyze:

  • On-chain vs off-chain component distribution (if applicable)
  • Upgradeability approach (if applicable)
  • Delegatecall proxy patterns (if present)

Phase 4: Implementation Review

I'll assess:

  • Function composition and clarity
  • Inheritance structure
  • Event logging practices
  • Common pitfalls presence
  • Dependencies quality
  • Testing coverage and techniques

Phase 5: Recommendations

I'll provide:

  • Prioritized improvement suggestions
  • Best practice guidance
  • Actionable next steps

Assessment Areas

I analyze 11 comprehensive areas covering all aspects of smart contract development. For detailed criteria, best practices, and specific checks, see ASSESSMENT_AREAS.md.

Quick Reference:

  1. Documentation & Specifications

    • Plain English system descriptions
    • Architectural diagrams
    • NatSpec completeness (Solidity)
    • Documentation gaps identification

  2. On-Chain vs Off-Chain Computation

    • Complexity analysis
    • Gas optimization opportunities
    • Verification vs computation patterns

  3. Upgradeability

    • Migration vs upgradeability trade-offs
    • Data separation patterns
    • Upgrade procedure documentation

  4. Delegatecall Proxy Pattern

    • Storage layout consistency
    • Initialization patterns
    • Function shadowing risks
    • Slither upgradeability checks

  5. Function Composition

    • Function size and clarity
    • Logical grouping
    • Modularity assessment

  6. Inheritance

    • Hierarchy depth/width
    • Diamond problem risks
    • Inheritance visualization

  7. Events

    • Critical operation coverage
    • Event naming consistency
    • Indexed parameters

  8. Common Pitfalls

    • Reentrancy patterns
    • Integer overflow/underflow
    • Access control issues
    • Platform-specific vulnerabilities

  9. Dependencies

    • Library quality assessment
    • Version management
    • Dependency manager usage
    • Copied code detection

  10. Testing & Verification

    • Coverage analysis
    • Fuzzing techniques
    • Formal verification
    • CI/CD integration

  11. Platform-Specific Guidance

    • Solidity version recommendations
    • Compiler warning checks
    • Inline assembly warnings
    • Platform-specific tools

For complete details on each area including what I'll check, analyze, and recommend, see ASSESSMENT_AREAS.md.

Example Output

When the analysis is complete, you'll receive comprehensive guidance covering:

  • System documentation with plain English descriptions
  • Architectural diagrams and documentation gaps
  • Architecture analysis (on-chain/off-chain, upgradeability, proxies)
  • Implementation review (functions, inheritance, events, pitfalls)
  • Dependencies and testing evaluation
  • Prioritized recommendations (CRITICAL, HIGH, MEDIUM, LOW)
  • Overall assessment and path to production

For a complete example analysis report, see EXAMPLE_REPORT.md.

Deliverables

I provide four comprehensive deliverable categories:

1. System Documentation

  • Plain English descriptions
  • Architectural diagrams
  • Documentation gaps analysis

2. Architecture Analysis

  • On-chain/off-chain assessment
  • Upgradeability review
  • Proxy pattern security review

3. Implementation Review

  • Function composition analysis
  • Inheritance assessment
  • Events coverage
  • Pitfall identification
  • Dependencies evaluation
  • Testing analysis

4. Prioritized Recommendations

  • CRITICAL (address immediately)
  • HIGH (address before deployment)
  • MEDIUM (address for production quality)
  • LOW (nice to have)

For detailed templates and examples of each deliverable, see DELIVERABLES.md.

Assessment Process

When invoked, I will:

  1. Explore the codebase

    • Identify all contract/module files
    • Find existing documentation
    • Locate test files
    • Check for proxies/upgrades
    • Identify dependencies

  2. Generate documentation

    • Create plain English system description
    • Generate architectural diagrams (if tools available)
    • Identify documentation gaps

  3. Analyze architecture

    • Assess on-chain/off-chain distribution (if applicable)
    • Review upgradeability approach (if applicable)
    • Audit proxy patterns (if present)

  4. Review implementation

    • Analyze functions, inheritance, events
    • Check for common pitfalls
    • Assess dependencies
    • Evaluate testing

  5. Provide recommendations

    • Present findings with file references
    • Ask clarifying questions about design decisions
    • Suggest prioritized improvements
    • Offer actionable next steps

Rationalizations (Do Not Skip)

RationalizationWhy It's WrongRequired Action
"System is simple, description covers everything"Plain English descriptions miss security-critical detailsComplete all 5 phases: documentation, architecture, implementation, dependencies, recommendations
"No upgrades detected, skip upgradeability section"Upgradeability can be implicit (ownable patterns, delegatecall)Search for proxy patterns, delegatecall, storage collisions before declaring N/A
"Not applicable" without verificationPremature scope reduction misses vulnerabilitiesVerify with explicit codebase search before skipping any guideline section
"Architecture is straightforward, no analysis needed"Obvious architectures have subtle trust boundariesAnalyze on-chain/off-chain distribution, access control flow, external dependencies
"Common pitfalls don't apply to this codebase"Every codebase has common pitfallsSystematically check all guideline pitfalls with grep/code search
"Tests exist, testing guideline is satisfied"Test existence ≠ test qualityCheck coverage, property-based tests, integration tests, failure cases
"I can provide generic best practices"Generic advice isn't actionableProvide project-specific findings with file:line references
"User knows what to improve from findings"Findings without prioritization = no action planGenerate prioritized improvement roadmap with specific next steps

Notes

  • I'll only analyze relevant sections (won't hallucinate about upgrades if not present)
  • I'll adapt to your platform (Solidity, Rust, Cairo, etc.)
  • I'll use available tools (Slither, etc.) but work without them if unavailable
  • I'll provide file references and line numbers for all findings
  • I'll ask questions about design decisions I can't infer from code

Ready to Begin

What I'll need:

  • Access to your codebase
  • Context about your project goals
  • Any existing documentation or specifications
  • Information about deployment plans

Let's analyze your codebase and improve it using Trail of Bits' best practices!

Score

Total Score

95/100

Based on repository quality metrics

SKILL.md

SKILL.mdファイルが含まれている

+20
LICENSE

ライセンスが設定されている

+10
説明文

100文字以上の説明がある

+10
人気

GitHub Stars 1000以上

+15
最近の活動

1ヶ月以内に更新

+10
フォーク

10回以上フォークされている

+5
Issue管理

オープンIssueが50未満

+5
言語

プログラミング言語が設定されている

+5
タグ

1つ以上のタグが設定されている

+5

Reviews

💬

Reviews coming soon