Smart Contract Vulnerability Auditor (scv-scan)

What it does

scv-scan is a smart contract security auditing skill that guides an agent through a 4-phase audit: load a condensed vulnerability CHEATSHEET, perform a fast grep-based and structural sweep of the codebase, selectively deep-validate candidates against detailed reference files, and emit a severity-ranked report. The skill standardises evidence collection, false-positive checks, and remediation guidance so the agent can produce high-confidence findings suited for security review.

When to use it

Use scv-scan when you need a systematic, repeatable security audit of a Solidity repository—especially before deployments, audits, or pull-request gating. It is ideal for audits where pattern-based detection plus manual semantic validation are required (reentrancy, access-control, integer issues, unsafe external calls).

What's included

• Scripts: none bundled, but the skill expects a references/ directory with CHEATSHEET.md and per-vulnerability reference files for deep validation.
• References: structured vulnerability references (e.g., reentrancy.md, overflow-underflow.md) are expected and used during Phase 3.
• Instructions: detailed 4-phase workflow (cheatsheet first, grep sweep, semantic pass, selective deep validation) and a final reporting template that outputs severity, code snippets, and remediation.

Compatible agents

Works well with LLMs and agent runtimes that support file reading and structured reasoning (Claude/Claude Code, Cursor, GPT-based agents with repository access).