Skip to main content
SkillJury
Back to registry

solana-vulnerability-scanner

trailofbits/skills

Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model.

Installs884
Install command
npx skills add https://github.com/trailofbits/skills --skill solana-vulnerability-scanner
Security audits
Gen Agent Trust HubPASS
SocketPASS
SnykPASS
About this skill
Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model. When invoked, I will: I check for 6 critical vulnerability patterns unique to Solana. For detailed detection patterns, code examples, mitigations, and testing strategies, see VULNERABILITY_PATTERNS.md . For complete vulnerability patterns with code examples, see VULNERABILITY_PATTERNS.md . For each CPI: For each PDA: For each account used: Attack Scenario : Recommendation : Use Anchor's Program type: References : Before completing Solana program audit: CPI Security (CRITICAL) : PDA Security (CRITICAL) : Account Validation (HIGH) : Signer Validation (CRITICAL) : Sysvar Security (HIGH) : Instruction Introspection (MEDIUM) : Testing : - Auditing Solana programs (native Rust or Anchor) - Reviewing cross-program invocation (CPI) logic - Validating program-derived address (PDA) implementations - Pre-launch security assessment of Solana protocols - Reviewing account validation patterns - Assessing instruction introspection logic - Rust files : .rs - programs/*/src/lib.rs - Program implementation - Anchor.toml - Anchor configuration - Cargo.toml with solana-program or anchor-lang - tests/ - Program...

Source description provided by the upstream skill listing. Community reviews and install context appear in the sections below.

Community Reviews

Latest reviews

Sign in to review

No community reviews yet. Be the first to review.

Browse this skill in context
FAQ
What does solana-vulnerability-scanner do?

Systematically scan Solana programs (native and Anchor framework) for platform-specific security vulnerabilities related to cross-program invocations, account validation, and program-derived addresses. This skill encodes 6 critical vulnerability patterns unique to Solana's account model.

Is solana-vulnerability-scanner good?

solana-vulnerability-scanner does not have approved reviews yet, so SkillJury cannot publish a community verdict.

What agent does solana-vulnerability-scanner work with?

solana-vulnerability-scanner currently lists compatibility with codex, gemini-cli, opencode, cursor, github-copilot, claude-code.

What are alternatives to solana-vulnerability-scanner?

Skills in the same category include telegram-bot-builder, flutter-app-size, sharp-edges, iterative-retrieval.

How do I install solana-vulnerability-scanner?

npx skills add https://github.com/trailofbits/skills --skill solana-vulnerability-scanner

telegram-bot-builderflutter-app-sizesharp-edgesiterative-retrieval
Related skills

More from trailofbits/skills

sharp-edges

by trailofbits/skills

994

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

property-based-testing

by trailofbits/skills

976

Use this skill proactively during development when you encounter patterns where PBT provides stronger coverage than example-based tests.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

codeql

by trailofbits/skills

957

Supported languages: Python, JavaScript/TypeScript, Go, Java/Kotlin, C/C++, C#, Ruby, Swift.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

audit-context-building

by trailofbits/skills

948

This skill governs how Claude thinks during the context-building phase of an audit.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026
Related skills

Alternatives in Software Engineering

telegram-bot-builder

by sickn33/antigravity-awesome-skills

998

Source details, install context, and public review data are available on the full page.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

flutter-app-size

by flutter/skills

996

Analyzes and optimizes Flutter application size by measuring build artifacts, generating size analysis reports, utilizing Dart DevTools for component breakdown, and implementing specific size reduction strategies such as debug info splitting, resource compression, and platform-specific tree-shaking. Assumes a...

Software EngineeringFrontend and Design

sharp-edges

by trailofbits/skills

994

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

iterative-retrieval

by affaan-m/everything-claude-code

993

Solves the "context problem" in multi-agent workflows where subagents don't know what context they need until they start working.

Software EngineeringFrontend and DesignFirst seen Jan 25, 2026