For conceptual questions ("How does Ownable work?"), explain without generating code. For implementation requests, proceed with the workflow below.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versiondevelop-secure-contractsExecute the skills CLI command in your project's root directory to begin installation:
Fetches develop-secure-contracts from openzeppelin/openzeppelin-skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate develop-secure-contracts. Access via /develop-secure-contracts in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
160
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
160
stars
For conceptual questions ("How does Ownable work?"), explain without generating code. For implementation requests, proceed with the workflow below.
Before generating code or suggesting changes:
Glob for **/*.sol, **/*.cairo, **/*.rs, etc.)If a file cannot be read, surface the failure explicitly — report the path attempted and the reason. Ask whether the path is correct. Never silently fall back to a generic response as if the file does not exist.
Before writing ANY logic, search the OpenZeppelin library for an existing component:
NEVER copy or embed library source code into the user's contract. Always import from the dependency so the project receives security updates. Never hand-write what the library already provides:
paused modifier when Pausable or ERC20Pausable existsrequire(msg.sender == owner) when Ownable existsThe primary workflow is pattern discovery from library source code:
See Pattern Discovery and Integration below for the full step-by-step procedure.
If MCP generator tools are available at runtime, use them to accelerate pattern discovery: generate a baseline, generate with a feature enabled, compare the diff, and apply the changes to the user's code. This replaces the manual source-reading step but follows the same principle — discover patterns, then integrate them.
See MCP Generators (Optional) for details on checking availability and using the generate-compare-apply shortcut.
If no MCP tool exists for what's needed, use the generic pattern discovery methodology from Pattern Discovery and Integration. The absence of an MCP tool does not mean the library lacks support — it only means there is no generator.
Procedural guide for discovering and applying OpenZeppelin contract integration patterns by reading dependency source code. Works for any ecosystem and any library version.
Prerequisite: Always follow the library-first decision tree above (prefer library components over custom code, never copy/embed source).
Glob for **/*.sol, **/*.cairo, **/*.rs,
or the relevant extension from the lookup table below.node_modules/@openzeppelin/contracts/ (Hardhat/npm) or
lib/openzeppelin-contracts/ (Foundry/forge)Scarb.toml dependencies — source cached by ScarbCargo.toml — source in target/ or the cargo registry cache
(~/.cargo/registry/src/)Cargo.toml — same cargo cache locations as StylusGlob
patterns against the installed source (e.g., node_modules/@openzeppelin/contracts/**/*.sol).
Do not assume knowledge of the library's contents — always verify by listing directories.///, /** */) in Solidity,
doc comments (///) in Rust and Cairo, and README files in the component's directory.test/, tests/, examples/, or mocks/ directories.From Step 2, construct the minimal set of changes needed:
If the contract is upgradeable, any of the above may affect storage compatibility. Consult the relevant upgrade skill before applying.
Do not include anything beyond what the dependency requires. This is the minimal diff between "contract without the feature" and "contract with the feature."
Edit tool. Do not replace the entire file —
integrate into existing code.| Ecosystem | Repository | Documentation | File Extension | Dependency Location |
|---|---|---|---|---|
| Solidity | openzeppelin-contracts | docs.openzeppelin.com/contracts | .sol |
node_modules/@openzeppelin/contracts/ or lib/openzeppelin-contracts/ |
| Cairo | cairo-contracts | docs.openzeppelin.com/contracts-cairo | .cairo |
Scarb cache (resolve from Scarb.toml) |
| Stylus | rust-contracts-stylus | docs.openzeppelin.com/contracts-stylus | .rs |
Cargo cache (~/.cargo/registry/src/) |
| Stellar | stellar-contracts (Architecture) | docs.openzeppelin.com/stellar-contracts | .rs |
Cargo cache (~/.cargo/registry/src/) |
Where to find components within each repository:
| Category | Solidity | Cairo | Stylus | Stellar |
|---|---|---|---|---|
| Tokens | contracts/token/{ERC20,ERC721,ERC1155}/ |
packages/token/ |
contracts/src/token/ |
packages/tokens/ |
| Access control | contracts/access/ |
packages/access/ |
contracts/src/access/ |
packages/access/ |
| Governance | contracts/governance/ |
packages/governance/ |
— | packages/governance/ |
| Proxies / Upgrades | contracts/proxy/ |
packages/upgrades/ |
contracts/src/proxy/ |
packages/contract-utils/ |
| Utilities / Security | contracts/utils/ |
packages/utils/, packages/security/ |
contracts/src/utils/ |
packages/contract-utils/ |
| Accounts | contracts/account/ |
packages/account/ |
— | packages/accounts/ |
Browse these paths first when searching for a component.
Do not assume override points from prior knowledge — always verify by reading the installed source. Functions that were virtual in an older version may no longer be in the current one, making them non-overridable. The source NatSpec will indicate the correct override point (e.g., NOTE: This function is not virtual, {X} should be overridden instead).
A known example: the Solidity ERC-20 transfer hook changed between v4 and v5. Read the installed ERC20.sol to confirm which function is virtual before recommending an override.
MCP generators are template/scaffolding tools that produce OpenZeppelin contract boilerplate. They are not required — they accelerate pattern discovery when available.
Discover MCP tools dynamically at runtime. Look for tools with names matching patterns like solidity-erc20, cairo-erc721, stellar-fungible, etc. Server names follow patterns like OpenZeppelinSolidityContracts, OpenZeppelinCairoContracts, or OpenZeppelinContracts.
MCP tool schemas are self-describing. To learn what a generator supports, inspect its parameter list — each boolean parameter (e.g., pausable, mintable, upgradeable) corresponds to a feature toggle. Do not rely on prior knowledge of what parameters exist; read the schema each time, since tools are updated independently of this skill.
When an MCP generator exists for the contract type:
For interacting features (e.g., access control + upgradeability), generate a combined variant as well.
The absence of an MCP tool does NOT mean the library lacks support. It only means there is no generator for that contract type. Always fall back to the generic pattern discovery methodology in Pattern Discovery and Integration.
Similarly, when an MCP tool exists but does not expose a parameter for a specific feature, do not stop there. Fall back to pattern discovery for that feature: read the installed library source to find the relevant component, extract the integration requirements, and apply them to the user's contract.
Make data-driven prioritization decisions faster
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Prerequisites
Time Estimate
30-60 minutes to see productivity improvements
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
mattpocock/skills
parcadei/continuous-claude-v3
cursor/plugins
ailabs-393/ai-labs-claude-skills
pproenca/dot-skills
mattpocock/skills
Useful defaults in develop-secure-contracts — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
develop-secure-contracts is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
I recommend develop-secure-contracts for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
develop-secure-contracts fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
Registry listing for develop-secure-contracts matched our evaluation — installs cleanly and behaves as described in the markdown.
Keeps context tight: develop-secure-contracts is the kind of skill you can hand to a new teammate without a long onboarding doc.
Keeps context tight: develop-secure-contracts is the kind of skill you can hand to a new teammate without a long onboarding doc.
develop-secure-contracts has been reliable in day-to-day use. Documentation quality is above average for community skills.
develop-secure-contracts reduced setup friction for our internal harness; good balance of opinion and flexibility.
Solid pick for teams standardizing on skills: develop-secure-contracts is focused, and the summary matches what you get after install.
showing 1-10 of 61