القائمة
Starknet account abstraction correctness and security guidance for validate/execute paths, nonces, signatures, and session policies.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Routes Starknet agent, wallet, DeFi, identity, SDK, and Cairo contract work to the smallest focused skill module.
SNIP-36 virtual block proving on Starknet. Trigger on "virtual block", "SNIP-36", "off-chain proof", "anonymous vote", "heavy computation off-chain", "prove a transaction". Covers Cairo virtual contract, proof server, starknet.js integration, and on-chain verification.
Security audit of Cairo/Starknet code. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), deep (+ adversarial reasoning), or specific filenames.
Create an anonymous Starknet wallet via Typhoon and interact with Starknet contracts. Privacy-focused wallet creation for agents requiring anonymity.
Reference for integrating or maintaining applications built with keep-starknet-strange/starkzap, including StarkSDK setup, onboarding, wallet lifecycle, sponsored transactions, ERC20 flows, staking, and transaction builder usage.
Simple P2P payments on Starknet. Generate QR codes, payment links, invoices, and transfer ETH/STRK/USDC. Like Lightning, but native.
| name | account-abstraction |
| description | Starknet account abstraction correctness and security guidance for validate/execute paths, nonces, signatures, and session policies. |
| license | Apache-2.0 |
| metadata | {"author":"starknet-agentic","version":"0.1.1","org":"keep-starknet-strange","source":"starknet-agentic"} |
| keywords | ["starknet","account-abstraction","signatures","nonces","session-keys","policy"] |
| allowed-tools | ["Bash","Read","Write","Glob","Grep","Task"] |
| user-invocable | true |
__validate__ enforces lightweight, bounded checks.__execute__ enforces policy and selector boundaries.cairo-auditor for final AA/security pass before merge.__validate__ constraints and DoS resistance.__execute__ policy enforcement correctness.import { Account, CallData, RpcProvider } from "starknet";
const provider = new RpcProvider({ nodeUrl: process.env.STARKNET_RPC! });
const account = new Account(provider, process.env.ACCOUNT_ADDRESS!, process.env.PRIVATE_KEY!);
// Validate preview (debug-only): inspect __validate__ behavior with the current nonce.
const nonce = await account.getNonce();
const call = { contractAddress: process.env.TARGET!, entrypoint: "set_limit", calldata: CallData.compile({ value: 7 }) };
await provider.callContract({
contractAddress: account.address,
entrypoint: "__validate__",
calldata: CallData.compile({ calls: [call], nonce }),
});
// Execute path: real transaction that triggers __execute__ and nonce checks.
const tx = await account.execute([call]);
await provider.waitForTransaction(tx.transaction_hash);
| Code | Condition | Recovery |
|---|---|---|
AA-001 | __validate__ is too expensive or stateful | Remove heavy logic from validation; add a test that caps validation steps. |
AA-002 | __execute__ allows blocked selectors/self-calls | Enforce selector filters and self-call checks; add authorized/unauthorized regression tests. |
AA-003 | Nonce or domain mismatch causes replay risk | Normalize nonce source/hash domain; add replay and cross-domain tests. |
AA-999 | Unexpected runtime panic | Capture calldata + caller context, reproduce in unit tests, then escalate to cairo-auditor. |