Skip to main content

solana-vulnerability-scanner

solana-vulnerability-scanner

Catalogue généré le 2026-05-11

En une phrase

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing.

Quand l'utiliser

  • Use when auditing Solana/Anchor programs.

Comment l'invoquer

  • Slash command : /solana-vulnerability-scanner (si exposé dans ton CLI)
  • Phrases déclencheurs : voir la description complète ci-dessous
  • Auto-invocation : sur demande explicite

Description complète

Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing. Use when auditing Solana/Anchor programs.

Pour aller plus loin

Solana Vulnerability Scanner

1. Purpose

Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model.

2. When to Use This Skill

  • Auditing Solana programs (native Rust or Anchor)
  • Reviewing cross-program invocation (CPI) logic
  • Validating program-derived address (PDA) implementations
  • Pre-launch security assessment of Solana protocols
  • Reviewing account validation patterns
  • Assessing instruction introspection logic

3. Platform Detection

File Extensions & Indicators

  • Rust files: .rs

Language/Framework Markers

Project Structure

  • programs/*/src/lib.rs - Program implementation
  • Anchor.toml - Anchor configuration
  • Cargo.toml with solana-program or anchor-lang

(extrait — voir le SKILL.md complet pour la suite)

Source

  • Plugin : trailofbits/building-secure-contracts
  • Nom interne : solana-vulnerability-scanner
  • Fichier : /home/thymon/.claude/plugins/cache/trailofbits/building-secure-contracts/1.0.1/skills/solana-vulnerability-scanner/SKILL.md