Ethereum Solidity Security Foundry Skill
Build and harden Ethereum smart contracts with Foundry, invariant testing, and battle-tested OpenZeppelin security patterns.
Open the source and read safety notes before installing.
Prerequisites
- Solidity project initialized with Foundry
- Clear protocol/token specification
- Target chain and deployment constraints
Schema details
- Install type
- package
- Reading time
- 8 min
- Difficulty score
- 86
- Troubleshooting
- Yes
- Breaking changes
- No
- Package verified
- Yes
- SHA-256
- 658d185c8a7a5c7981f9d4c0d5bb046f425a567016a35bbd8c8aaaf83284db5e
- Skill type
- general
- Skill level
- advanced
- Verification
- draft
- Verified at
- 2026-04-10
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
Full copyable content
# Trigger
"Apply the Ethereum Solidity security Foundry skill to this contract."
# Required output
1) Threat model and asset flow
2) Contract architecture with security controls
3) Test/fuzz/invariant plan
4) Deployment and verification checklistAbout this resource
Overview
This skill gives AI agents a security-first operating model for Ethereum smart contracts. It combines pragmatic architecture guidance with strict testing discipline and deployment safeguards.
Compatibility
Native
- Claude Code / Claude: native skill usage via
SKILL.md. - Codex/OpenAI workflows: compatible with Agent Skills-style
SKILL.mdcontent as reusable workflow instructions.
Manual Adaptation
- Gemini CLI: native skill usage via
.gemini/skills/<skill-name>/SKILL.mdor.agents/skills/<skill-name>/SKILL.mdwhere supported. - Cursor: use the generated
.cursor/rules/*.mdcadapter for project rules. - OpenClaw and similar agents: use the same skill content as a reusable prompt/workflow file when native skill import is unavailable.
Prerequisites
- Contract requirements and threat boundaries
- Access controls and upgrade policy decisions
- Testnet deployment pipeline
What This Skill Delivers
- Security-centric contract design review
- Foundry unit, fuzz, and invariant test strategy
- Common exploit class defenses (reentrancy, auth, oracle, rounding, griefing)
- Pre-deploy and post-deploy operational checklist
How to Use This Skill
- Define assets, actors, and privileged operations.
- Build minimal contract surface area with explicit invariants.
- Implement and test against adversarial cases.
- Run static/dynamic checks before deployment.
- Deploy progressively with monitoring and pause controls.
Troubleshooting
Issue: Tests pass but invariants fail under fuzzing
Fix: Revisit state transitions and assumptions around edge-case ordering.
Issue: Access control too broad
Fix: Replace role overreach with least-privilege split roles and delayed admin ops.
Issue: Upgrades create storage breakage
Fix: Add storage layout checks and upgrade simulation in CI before release.
Knowledge Freshness
Treat tooling details as time-sensitive. Re-validate APIs, limits, pricing, auth models, and deployment flags immediately before implementation. If docs conflict with prior memory, follow current official docs and release notes.
Retrieval Sources
Output Contract
- Return a concrete plan with implementation order.
- Provide production-ready commands/config/code snippets (not placeholders).
- Include explicit assumptions and unresolved risks.
- Include a verification checklist with pass/fail criteria.
Quality Gates
- All commands are copy/paste ready.
- Security-sensitive steps call out secret handling and least privilege.
- Version-sensitive guidance cites current docs used.
- Rollback path is included for risky changes.
- Final output includes quick validation commands/tests.
Source citations
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.