solana-vulnerability-scanner
solana-vulnerability-scanner
Catalogue généré le 2026-05-11
En une phrase
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing.
Quand l'utiliser
- Use when auditing Solana/Anchor programs.
Comment l'invoquer
- Slash command :
/solana-vulnerability-scanner(si exposé dans ton CLI) - Phrases déclencheurs : voir la description complète ci-dessous
- Auto-invocation : sur demande explicite
Description complète
Scans Solana programs for 6 critical vulnerabilities including arbitrary CPI, improper PDA validation, missing signer/ownership checks, and sysvar spoofing. Use when auditing Solana/Anchor programs.
Pour aller plus loin
Solana Vulnerability Scanner
1. Purpose
Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model.
2. When to Use This Skill
- Auditing Solana programs (native Rust or Anchor)
- Reviewing cross-program invocation (CPI) logic
- Validating program-derived address (PDA) implementations
- Pre-launch security assessment of Solana protocols
- Reviewing account validation patterns
- Assessing instruction introspection logic
3. Platform Detection
File Extensions & Indicators
- Rust files:
.rs
Language/Framework Markers
Project Structure
programs/*/src/lib.rs- Program implementationAnchor.toml- Anchor configurationCargo.tomlwithsolana-programoranchor-lang
(extrait — voir le SKILL.md complet pour la suite)
Source
- Plugin :
trailofbits/building-secure-contracts - Nom interne :
solana-vulnerability-scanner - Fichier :
/home/thymon/.claude/plugins/cache/trailofbits/building-secure-contracts/1.0.1/skills/solana-vulnerability-scanner/SKILL.md