algorand-vulnerability-scanner

Solid

Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).

Web & Frontend 5,673 stars 496 forks Updated today CC-BY-SA-4.0

Install

View on GitHub

Quality Score: 90/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Algorand Vulnerability Scanner ## 1. Purpose Systematically scan Algorand smart contracts (TEAL and PyTeal) for platform-specific security vulnerabilities documented in Trail of Bits' "Not So Smart Contracts" database. This skill encodes 11 critical vulnerability patterns unique to Algorand's transaction model. ## 2. When to Use This Skill - Auditing Algorand smart contracts (stateful applications or smart signatures) - Reviewing TEAL assembly or PyTeal code - Pre-audit security assessment of Algorand projects - Validating fixes for reported Algorand vulnerabilities - Training team on Algorand-specific security patterns ## 3. Platform Detection ### File Extensions & Indicators - **TEAL files**: `.teal` - **PyTeal files**: `.py` with PyTeal imports ### Language/Framework Markers ```python # PyTeal indicators from pyteal import * from algosdk import * # Common patterns Txn, Gtxn, Global, InnerTxnBuilder OnComplete, ApplicationCall, TxnType @router.method, @Subroutine ``` ### Project Structure - `approval_program.py` / `clear_program.py` - `contract.teal` / `signature.teal` - References to Algorand SDK or Beaker framework ### Tool Support - **Tealer**: Trail of Bits static analyzer for Algorand - Installation: `pip3 install tealer` - Usage: `tealer contract.teal --detect all` --- ## 4. How This Skill Works When invoked, I will: 1. **Search your codebase** for TEAL/PyTeal files 2. **Analyze each file** for the 11 vulnerability patterns 3. **Report findings** with ...

Details

Author: trailofbits
Repository: trailofbits/skills
Created: 4 months ago
Last Updated: today
Language: Python
License: CC-BY-SA-4.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

algorand-vulnerability-scanner

1 Updated 1 weeks ago

kevinvwong

Code & Development Listed

appsec-vulnerability-auditor

Audit application source code for security vulnerabilities with a focus on AI-generated and "vibe-coded" software. Use this skill when the user asks to "review for security", "audit for vulnerabilities", "find security bugs", "do a security review", "check for OWASP Top 10", "look for injection / XSS / SSRF / IDOR / authz issues", or pastes/uploads source code (or a repo, diff, PR) and asks whether it is safe to ship. Also trigger on requests to evaluate AI-generated code, LLM-produced patches, copy-pasted Stack Overflow snippets, or rapidly prototyped MVPs for security risks. Produces a prioritized findings report (Critical / High / Medium / Low / Informational) with reproduction notes, exploit sketches, and concrete remediation patches. Also trigger on "auditar segurança", "revisar segurança", "encontrar vulnerabilidades", "é seguro para o deploy?".

1 Updated 1 weeks ago

alboechat

AI & Automation Listed

skill-security-auditor

Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".

38 Updated yesterday

adriannoes