
from crypto-project-security-skill30
Run a structured risk analysis of a DeFi protocol covering smart contracts, governance/admin keys, oracle design, economic mechanisms, and incident history.
Performs a structured risk analysis for DeFi protocols: triage using on-chain data and DeFiLlama, token/contract checks (GoPlus), governance and multisig reviews, oracle and economic modelling checks, and targeted source-code / audit drift checks. Outputs a quantified triage score, confidence score, and a detailed report with remediation recommendations.
Use when you need a rapid but thorough risk summary of a protocol before interacting with it (depositing funds, listing as collateral, integrating tooling), or when you want a periodic security posture snapshot for monitoring. Ideal for security researchers, integrations teams, and due-diligence reviewers.
Designed to run in agent contexts with web-fetch and bash/curl support (Claude Code, OpenClaw/agent shells, Copilot-style automation).
Comprehensive DeFi risk analysis skill with 3 well-structured helper scripts (GoPlus token/address security checks, LayerZero DVN configuration checks, and on-chain verification for Safe/Etherscan/Solana). The SKILL.md is exceptionally detailed at ~55K chars, covering 8 analysis steps with quantitative scoring rubrics, data confidence scores, and a complete report template. Scripts failed to run in dry-run mode because they require protocol-specific arguments (contract addresses, chain IDs) — this is expected and correct behavior, not a defect. All network calls go to legitimate public APIs (GoPlus, DeFiLlama, Etherscan, Safe Transaction Service, Solana RPC). Input validation is solid with regex patterns for EVM and Solana addresses. No security issues found.
web3 (Python package for layerzero-dvn-check.py)This is a high-quality, specialized skill for DeFi protocol risk analysis. The 8-step workflow with quantitative scoring rubrics (Quick Triage Score, Data Confidence Score, Audit Coverage Score) is well-designed and thorough. The scripts are production-quality with proper error handling, input validation, retry logic, and formatted output with risk assessments. The skill correctly distinguishes between different chains (EVM vs Solana) with appropriate fallback checks. The only notable concern is the SKILL.md length — at ~55K chars it's quite heavy, but the content is substantive rather than padded. Scripts failed in dry-run because they need target protocol arguments, which is correct design behavior.