智能合约安全开发指南顾问 | Trail of Bits 代码审计与架构分析工具

guidelines-advisor by trailofbits/skills

1,200 周安装量

3,900 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/trailofbits/skills --skill guidelines-advisor

开发区块链安全

🇨🇳中文介绍

指南顾问

目的

系统性地分析代码库，并根据 Trail of Bits 的开发指南提供指导：

生成文档和规范（通俗易懂的英文描述、架构图、代码文档）
优化链上/链下架构（仅当适用时）
审查可升级性模式（如果你的项目支持升级）
检查 delegatecall/代理实现（如果存在）
评估实现质量（函数、继承、事件）
识别常见陷阱
审查依赖项
评估测试套件并建议改进

框架 : Building Secure Contracts - Development Guidelines

工作原理

第一阶段：发现与上下文

探索代码库以了解：

项目结构和平台
合约/模块文件及其用途
现有文档
架构模式（代理、升级等）
测试设置
依赖项

第二阶段：文档生成

帮助创建：

通俗易懂的系统描述
架构图（针对 Solidity 使用 Slither printers）
代码文档建议（针对 Solidity 使用 NatSpec）

第三阶段：架构分析

分析：

链上与链下组件分布（如果适用）
可升级性方法（如果适用）
Delegatecall 代理模式（如果存在）

第四阶段：实现审查

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

第五阶段：建议

优先级的改进建议
最佳实践指导
可操作的后续步骤

我分析 11 个全面领域，涵盖智能合约开发的各个方面。有关详细标准、最佳实践和具体检查项，请参阅 ASSESSMENT_AREAS.md。

文档与规范
- 通俗易懂的系统描述
- 架构图
- NatSpec 完整性（Solidity）
- 文档缺口识别
链上与链下计算
- 复杂性分析
- Gas 优化机会
- 验证与计算模式
可升级性
- 迁移与可升级性的权衡
- 数据分离模式
- 升级过程文档
Delegatecall 代理模式
- 存储布局一致性
- 初始化模式
- 函数遮蔽风险
- Slither 可升级性检查
函数构成
- 函数大小和清晰度
- 逻辑分组
- 模块化评估
继承
- 层次深度/宽度
- 菱形继承问题风险
- 继承可视化
事件
- 关键操作覆盖范围
- 事件命名一致性
- 索引参数
常见陷阱
- 重入模式
- 整数溢出/下溢
- 访问控制问题
- 平台特定漏洞
依赖项
- 库质量评估
- 版本管理
- 依赖管理器使用情况
- 复制代码检测
测试与验证

 * 覆盖范围分析

 * 模糊测试技术
 * 形式化验证
 * CI/CD 集成

11. 平台特定指导

 * Solidity 版本建议
 * 编译器警告检查
 * 内联汇编警告
 * 平台特定工具

有关每个领域的完整详细信息，包括我将检查、分析和建议的内容，请参阅 ASSESSMENT_AREAS.md。

分析完成后，你将收到全面的指导，涵盖：

包含通俗易懂描述的系统文档
架构图和文档缺口
架构分析（链上/链下、可升级性、代理）
实现审查（函数、继承、事件、陷阱）
依赖项和测试评估
优先级建议（CRITICAL、HIGH、MEDIUM、LOW）
整体评估和生产路径

有关完整的示例分析报告，请参阅 EXAMPLE_REPORT.md。

我提供四个全面的交付成果类别：

通俗易懂的描述
架构图
文档缺口分析

链上/链下评估
可升级性审查
代理模式安全审查

函数构成分析
继承评估
事件覆盖范围
陷阱识别
依赖项评估
测试分析

CRITICAL（立即处理）
HIGH（部署前处理）
MEDIUM（为生产质量处理）
LOW（锦上添花）

有关每个交付成果的详细模板和示例，请参阅 DELIVERABLES.md。

调用时，我将：

探索代码库
- 识别所有合约/模块文件
- 查找现有文档
- 定位测试文件
- 检查代理/升级
- 识别依赖项
生成文档
- 创建通俗易懂的系统描述
- 生成架构图（如果工具可用）
- 识别文档缺口
分析架构
- 评估链上/链下分布（如果适用）
- 审查可升级性方法（如果适用）
- 审计代理模式（如果存在）
审查实现
- 分析函数、继承、事件
- 检查常见陷阱
- 评估依赖项
- 评估测试
提供建议
- 展示包含文件引用的发现
- 询问关于设计决策的澄清问题
- 建议优先级的改进
- 提供可操作的后续步骤

合理化借口（切勿跳过）

合理化借口	为何错误	必需行动
"系统简单，描述涵盖一切"	通俗易懂的描述会遗漏安全关键细节	完成所有 5 个阶段：文档、架构、实现、依赖项、建议
"未检测到升级，跳过可升级性部分"	可升级性可能是隐式的（可拥有模式、delegatecall）	在声明不适用前，搜索代理模式、delegatecall、存储冲突
未经验证的"不适用"	过早缩小范围会遗漏漏洞	在跳过任何指南部分之前，通过显式代码库搜索进行验证
"架构简单明了，无需分析"	明显的架构存在细微的信任边界	分析链上/链下分布、访问控制流、外部依赖项
"常见陷阱不适用于此代码库"	每个代码库都有常见陷阱	使用 grep/代码搜索系统性地检查所有指南陷阱
"测试存在，测试指南已满足"	测试存在 ≠ 测试质量	检查覆盖范围、基于属性的测试、集成测试、失败案例
"我可以提供通用的最佳实践"	通用建议不可操作	提供包含文件:行引用的项目特定发现
"用户从发现中知道如何改进"	没有优先级的发现 = 没有行动计划	生成包含具体后续步骤的优先级改进路线图

我只分析相关部分（如果不存在升级，不会凭空捏造）
我会适应你的平台（Solidity、Rust、Cairo 等）
我会使用可用工具（Slither 等），但如果不可用，我会在没有工具的情况下工作
我会为所有发现提供文件引用和行号
我会询问无法从代码中推断出的设计决策问题

我需要什么：

访问你的代码库
关于你项目目标的上下文
任何现有文档或规范
关于部署计划的信息

让我们分析你的代码库，并使用 Trail of Bits 的最佳实践来改进它！

🇺🇸English

Guidelines Advisor

Purpose

Systematically analyzes the codebase and provides guidance based on Trail of Bits' development guidelines:

Generate documentation and specifications (plain English descriptions, architectural diagrams, code documentation)
Optimize on-chain/off-chain architecture (only if applicable)
Review upgradeability patterns (if your project has upgrades)
Check delegatecall/proxy implementations (if present)
Assess implementation quality (functions, inheritance, events)
Identify common pitfalls
Review dependencies
Evaluate test suite and suggest improvements

Framework : Building Secure Contracts - Development Guidelines

How This Works

Phase 1: Discovery & Context

Explores the codebase to understand:

Project structure and platform
Contract/module files and their purposes
Existing documentation
Architecture patterns (proxies, upgrades, etc.)
Testing setup
Dependencies

Phase 2: Documentation Generation

Helps create:

Plain English system description
Architectural diagrams (using Slither printers for Solidity)
Code documentation recommendations (NatSpec for Solidity)

Phase 3: Architecture Analysis

Analyzes:

On-chain vs off-chain component distribution (if applicable)
Upgradeability approach (if applicable)
Delegatecall proxy patterns (if present)

Phase 4: Implementation Review

Assesses:

Function composition and clarity
Inheritance structure
Event logging practices
Common pitfalls presence
Dependencies quality
Testing coverage and techniques

Phase 5: Recommendations

Provides:

Prioritized improvement suggestions
Best practice guidance
Actionable next steps

Assessment Areas

I analyze 11 comprehensive areas covering all aspects of smart contract development. For detailed criteria, best practices, and specific checks, see ASSESSMENT_AREAS.md.

Quick Reference:

Documentation & Specifications
- Plain English system descriptions
- Architectural diagrams
- NatSpec completeness (Solidity)
- Documentation gaps identification
On-Chain vs Off-Chain Computation
- Complexity analysis
- Gas optimization opportunities
- Verification vs computation patterns
Upgradeability
- Migration vs upgradeability trade-offs
- Data separation patterns
- Upgrade procedure documentation
Delegatecall Proxy Pattern
- Storage layout consistency
- Initialization patterns
- Function shadowing risks
- Slither upgradeability checks
Function Composition
- Function size and clarity
- Logical grouping
- Modularity assessment
Inheritance
- Hierarchy depth/width
- Diamond problem risks
- Inheritance visualization
Events

 * Coverage analysis

 * Fuzzing techniques
 * Formal verification
 * CI/CD integration

11. Platform-Specific Guidance

 * Solidity version recommendations
 * Compiler warning checks
 * Inline assembly warnings
 * Platform-specific tools

For complete details on each area including what I'll check, analyze, and recommend, see ASSESSMENT_AREAS.md.

Example Output

When the analysis is complete, you'll receive comprehensive guidance covering:

System documentation with plain English descriptions
Architectural diagrams and documentation gaps
Architecture analysis (on-chain/off-chain, upgradeability, proxies)
Implementation review (functions, inheritance, events, pitfalls)
Dependencies and testing evaluation
Prioritized recommendations (CRITICAL, HIGH, MEDIUM, LOW)
Overall assessment and path to production

For a complete example analysis report, see EXAMPLE_REPORT.md.

Deliverables

I provide four comprehensive deliverable categories:

1. System Documentation

Plain English descriptions
Architectural diagrams
Documentation gaps analysis

2. Architecture Analysis

On-chain/off-chain assessment
Upgradeability review
Proxy pattern security review

3. Implementation Review

Function composition analysis
Inheritance assessment
Events coverage
Pitfall identification
Dependencies evaluation
Testing analysis

4. Prioritized Recommendations

CRITICAL (address immediately)
HIGH (address before deployment)
MEDIUM (address for production quality)
LOW (nice to have)

For detailed templates and examples of each deliverable, see DELIVERABLES.md.

Assessment Process

When invoked, I will:

Explore the codebase
- Identify all contract/module files
- Find existing documentation
- Locate test files
- Check for proxies/upgrades
- Identify dependencies
Generate documentation
- Create plain English system description
- Generate architectural diagrams (if tools available)
- Identify documentation gaps
Analyze architecture
- Assess on-chain/off-chain distribution (if applicable)
- Review upgradeability approach (if applicable)
- Audit proxy patterns (if present)
Review implementation
- Analyze functions, inheritance, events
- Check for common pitfalls
- Assess dependencies
- Evaluate testing
Provide recommendations
- Present findings with file references
- Ask clarifying questions about design decisions
- Suggest prioritized improvements
- Offer actionable next steps

Rationalizations (Do Not Skip)

Rationalization	Why It's Wrong	Required Action
"System is simple, description covers everything"	Plain English descriptions miss security-critical details	Complete all 5 phases: documentation, architecture, implementation, dependencies, recommendations
"No upgrades detected, skip upgradeability section"	Upgradeability can be implicit (ownable patterns, delegatecall)	Search for proxy patterns, delegatecall, storage collisions before declaring N/A
"Not applicable" without verification	Premature scope reduction misses vulnerabilities	Verify with explicit codebase search before skipping any guideline section
"Architecture is straightforward, no analysis needed"	Obvious architectures have subtle trust boundaries	Analyze on-chain/off-chain distribution, access control flow, external dependencies
"Common pitfalls don't apply to this codebase"	Every codebase has common pitfalls	Systematically check all guideline pitfalls with grep/code search
"Tests exist, testing guideline is satisfied"	Test existence ≠ test quality	Check coverage, property-based tests, integration tests, failure cases
"I can provide generic best practices"

Notes

I'll only analyze relevant sections (won't hallucinate about upgrades if not present)
I'll adapt to your platform (Solidity, Rust, Cairo, etc.)
I'll use available tools (Slither, etc.) but work without them if unavailable
I'll provide file references and line numbers for all findings
I'll ask questions about design decisions I can't infer from code

Ready to Begin

What I'll need :

Access to your codebase
Context about your project goals
Any existing documentation or specifications
Information about deployment plans

Let's analyze your codebase and improve it using Trail of Bits' best practices!

Weekly Installs

1.2K

Repository

trailofbits/skills

GitHub Stars

3.9K

First Seen

Jan 19, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

claude-code1.1K

codex988

opencode934

gemini-cli918

cursor887

github-copilot853

React 组合模式指南：Vercel 组件架构最佳实践，提升代码可维护性

102,200 周安装

Critical operation coverage

Event naming consistency

Common Pitfalls

Reentrancy patterns
Integer overflow/underflow
Access control issues
Platform-specific vulnerabilities

Dependencies

Library quality assessment
Version management
Dependency manager usage
Copied code detection

Testing & Verification