How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does solidity-security support?

solidity-security works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is solidity-security free to use?

Yes. solidity-security is free to install and use. It is available from the open explainx.ai skill registry published by wshobson.

Where can I read ratings and reviews for solidity-security?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

How do I install solidity-security?

Run `npx skills add https://github.com/wshobson/agents --skill solidity-security` in your terminal. You need to have run `npx skills init` once in your project first.

Productivity

solidity-security

Comprehensive smart contract security patterns, vulnerability prevention, and secure Solidity development practices.

wshobson/agents|Updated Apr 8, 2026

Works with

Claude CodeCursorClineWindsurfCodexGooseGitHub CopilotZed

total installs

this week

33.1K

GitHub stars

upvotes

Install Skill

Run in your terminal

$npx skills add https://github.com/wshobson/agents --skill solidity-security

installs

this week

33.1K

stars

View on GitHub

solidity security

0 commentsJoin discussion →

What it does

Covers critical vulnerabilities including reentrancy, integer overflow/underflow, access control failures, and front-running with vulnerable code examples and secure patterns
Teaches Checks-Effects-Interactions pattern, pull-over-push payment design, input validation, and emergency stop mechanisms for production-ready contracts
Includes gas optimization techniques such

Repository

wshobson/agents

Last updated

Apr 8, 2026

Installation Guide

Select your AI agent

How to use solidity-security on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your machine
›Node.js 16+ with npm — verify with node --version
›Active project directory where you want to add solidity-security

Run the install command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills add https://github.com/wshobson/agents --skill solidity-security

Fetches solidity-security from wshobson/agents and configures it for Cursor.

Select Cursor when prompted

The CLI shows a list of agents. Use arrow keys and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ────────────────

│ · Cline · Codex · Goose · Windsurf

│ ●Cursor(selected)

│ · Cursor · Aider · Continue

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/solidity-security

Restart Cursor to activate solidity-security. Access via /solidity-security in your agent's command palette.

⚠

Security Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.

›View source on GitHub ›Skills CLI docs ›About Cursor ›What are agent skills?

Documentation

Solidity Security

Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.

When to Use This Skill

Writing secure smart contracts
Auditing existing contracts for vulnerabilities
Implementing secure DeFi protocols
Preventing reentrancy, overflow, and access control issues
Optimizing gas usage while maintaining security
Preparing contracts for professional audits
Understanding common attack vectors

Critical Vulnerabilities

1. Reentrancy

Attacker calls back into your contract before state is updated.

Vulnerable Code:

// VULNERABLE TO REENTRANCY
contract VulnerableBank {
    mapping(address => uint256) public balances;

    function withdraw() public {
        uint256 amount = balances[msg.sender];

        // DANGER: External call before state update
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success);

        balances[msg.sender] = 0;  // Too late!
    }
}

Secure Pattern (Checks-Effects-Interactions):

contract SecureBank {
    mapping(address => uint256) public balances;

    function withdraw() public {
        uint256 amount = balances[msg.sender];
        require(amount > 0, "Insufficient balance");

        // EFFECTS: Update state BEFORE external call
        balances[msg.sender] = 0;

        // INTERACTIONS: External call last
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
    }
}

Alternative: ReentrancyGuard

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract SecureBank is ReentrancyGuard {
    mapping(address => uint256) public balances;

    function withdraw() public nonReentrant {
        uint256 amount = balances[msg.sender];
        require(amount > 0, "Insufficient balance");

        balances[msg.sender] = 0;

        (bool success, ) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
    }
}

2. Integer Overflow/Underflow

Vulnerable Code (Solidity < 0.8.0):

// VULNERABLE
contract VulnerableToken {
    mapping(address => uint256) public balances;

    function transfer(address to, uint256 amount) public {
        // No overflow check - can wrap around
        balances[msg.sender] -= amount;  // Can underflow!
        balances[to] += amount;          // Can overflow!
    }
}

Secure Pattern (Solidity >= 0.8.0):

// Solidity 0.8+ has built-in overflow/underflow checks
contract SecureToken {
    mapping(address => uint256) public balances;

    function transfer(address to, uint256 amount) public {
        // Automatically reverts on overflow/underflow
        balances[msg.sender] -= amount;
        balances[to] += amount;
    }
}

For Solidity < 0.8.0, use SafeMath:

import "@openzeppelin/contracts/utils/math/SafeMath.sol";

contract SecureToken {
    using SafeMath for uint256;
    mapping(address => uint256) public balances;

    function transfer(address to, uint256 amount) public {
        balances[msg.sender] = balances[msg.sender].sub(amount);
        balances[to] = balances[to].add(amount);
    }
}

3. Access Control

Vulnerable Code:

// VULNERABLE: Anyone can call critical functions
contract VulnerableContract {
    address public owner;

    function withdraw(uint256 amount) public {
        // No access control!
        payable(msg.sender).transfer(amount);
    }
}

Secure Pattern:

import "@openzeppelin/contracts/access/Ownable.sol";

contract SecureContract is Ownable {
    function withdraw(uint256 amount) public onlyOwner {
        payable(owner()).transfer(amount);
    }
}

// Or implement custom role-based access
contract RoleBasedContract {
    mapping(address => bool) public admins;

    modifier onlyAdmin() {
        require(admins[msg.sender], "Not an admin");
        _;
    }

    function criticalFunction() public onlyAdmin {
        // Protected function
    }
}

4. Front-Running

Vulnerable:

// VULNERABLE TO FRONT-RUNNING
contract VulnerableDEX {
    function swap(uint256 amount, uint256 minOutput) public {
        // Attacker sees this in mempool and front-runs
        uint256 output = calculateOutput(amount);
        require<

`List & Monetize Your Skill`

Submit your Claude Code skill and start earning

Get started →

`Use Cases`

`User Story & Requirements Generation`

Create detailed user stories, acceptance criteria, and feature specs

Example

Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios

✓Reduce spec writing time by 50%, ensure comprehensive coverage

`Competitive Analysis`

Research competitors, compare features, identify gaps

Example

Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities

✓Complete competitive research in 2 hours instead of 2 days

`Roadmap Prioritization`

Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs

Example

Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale

✓Make data-driven prioritization decisions faster

`Stakeholder Communication`

Draft PRDs, status updates, and stakeholder presentations

Example

Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement

✓Save 3-5 hours/week on communication overhead

`Implementation Guide`

Prerequisites

›Claude Desktop or compatible AI client
›Access to product documentation and roadmap tools (Jira, Notion, etc.)
›Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
›Stakeholder contact information and communication channels

Time Estimate

30-60 minutes to see productivity improvements

Steps

1Install product management skill
2Start with user story generation for known feature
3Progress to competitive analysis: research 2-3 competitors
4Use for roadmap prioritization: apply RICE/ICE scoring
5Draft stakeholder communications and refine based on feedback
6Build template library for recurring PM tasks
7Share effective prompts with product team

Common Pitfalls

⚠Not validating competitive research—verify facts before sharing
⚠Accepting user stories without involving engineering team
⚠Over-relying on frameworks without qualitative judgment
⚠Not customizing outputs to company culture and communication style
⚠Skipping stakeholder validation of generated requirements

`Best Practices`

✓ Do

+Validate research and competitive analysis with real data
+Collaborate with engineering when generating technical requirements
+Customize frameworks and templates to your company context
+Use skill for first drafts, refine with stakeholder input
+Document successful prompt patterns for PM tasks
+Combine AI efficiency with human judgment and intuition

✗ Don't

−Don't publish competitive analysis without fact-checking
−Don't finalize user stories without engineering review
−Don't make prioritization decisions solely on AI scoring
−Don't skip customer validation of generated requirements
−Don't ignore company-specific context and culture

💡 Pro Tips

★Provide context: company goals, constraints, customer feedback
★Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
★Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
★Use skill for 70% generation + 30% customization to company needs

`When to Use This`

✓ Use when

Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.

✗ Avoid when

Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.

`Learning Path`

1Basic: user stories, feature specs, status updates
2Intermediate: competitive analysis, prioritization frameworks, PRDs
3Advanced: product strategy, go-to-market planning, OKR setting
4Expert: product vision, market positioning, business model innovation

`Related Skills`

improve
68
shadcn/improve
codetag: securitygrill-me
391
mattpocock/skills
Productivitysame categorypremortem
197
parcadei/continuous-claude-v3
Productivitysame categorydeslop
118
cursor/plugins
Productivitysame categoryframer-motion
99
pproenca/dot-skills
Productivitysame categorywrite-a-prd
91
mattpocock/skills
Productivitysame category

`Reviews`

4.6★★★★★29 reviews

R
Ren Singh★★★★★Dec 28, 2024
solidity-security reduced setup friction for our internal harness; good balance of opinion and flexibility.
C
Chaitanya Patil★★★★★Dec 16, 2024
solidity-security reduced setup friction for our internal harness; good balance of opinion and flexibility.
H
Hana Chawla★★★★★Dec 4, 2024
solidity-security has been reliable in day-to-day use. Documentation quality is above average for community skills.
H
Hana Malhotra★★★★★Nov 23, 2024
solidity-security fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
H
Hiroshi Patel★★★★★Nov 19, 2024
I recommend solidity-security for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
P
Piyush G★★★★★Nov 7, 2024
I recommend solidity-security for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
S
Shikha Mishra★★★★★Oct 26, 2024
Useful defaults in solidity-security — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
K
Kiara Okafor★★★★★Oct 14, 2024
We added solidity-security from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
D
Diego Perez★★★★★Oct 10, 2024
Useful defaults in solidity-security — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
Y
Yash Thakker★★★★★Sep 17, 2024
solidity-security has been reliable in day-to-day use. Documentation quality is above average for community skills.

showing 1-10 of 29

1 / 3

`Discussion`

Comments — not star reviews

No comments yet — start the thread.

solidity-security

Install Skill

What it does

Category

Repository

Last updated

Installation Guide

How to use solidity-security on Cursor

Prerequisites

Run the install command

Select Cursor when prompted

Verify installation

Security Notice

Documentation

Solidity Security

When to Use This Skill

Critical Vulnerabilities

1. Reentrancy

2. Integer Overflow/Underflow

3. Access Control

4. Front-Running

List & Monetize Your Skill

Use Cases

User Story & Requirements Generation

Competitive Analysis

Roadmap Prioritization

Stakeholder Communication

Implementation Guide

Best Practices

When to Use This

Learning Path

Related Skills

improve

grill-me

premortem

deslop

framer-motion

write-a-prd

Reviews

Discussion

`List & Monetize Your Skill`

`Use Cases`

`User Story & Requirements Generation`

`Competitive Analysis`

`Roadmap Prioritization`

`Stakeholder Communication`

`Implementation Guide`

`Best Practices`

`When to Use This`

`Learning Path`

`Related Skills`

`Reviews`

`Discussion`