with one click
tn-review
Code Review & Security Analysis Skill
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Code Review & Security Analysis Skill
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Comprehensive security scan for any Solidity project (Foundry, Hardhat, or bare). Orchestrates parallel agents — defensive analysis, adversarial exploit hypotheses, gas optimization, and optional deployment-script auditing — into one consolidated report. Trigger on: "solidity security scan", "audit solidity", "scan contracts", "full solidity review".
Trace code flow as an indented-outline document where indentation marks logic forks. Produces a flow doc with an overview, a coupling/wiring table (channels, shared state, events), per-flow outlines citing file:line on every node, and a goal-driven analysis section (condensation opportunities by default). Use this whenever the user wants to understand how a module/crate/subsystem flows, says code "feels loosely organized" or "hard to follow", wants to "track the flow", "outline the logic", "map the call paths", "see every branch/fork", or wants to understand code well enough to condense, simplify, or refactor it — even if they don't say the word "outline". Also trigger when the user asks for a document tracing which events cause which functions to run.
Interactive consultant that interviews the user, recommends configuration, and generates a Claude Code agent definition with hard responsibility boundaries, domain context, quality gates, and optional persistent memory. Trigger on: "create agent", "new agent", "design an agent", "build an agent", "I need an agent that", "agent for", "set up an agent". Do NOT trigger for skill creation — use skill-creator instead.
Deep combined audit using iterative Feynman + State Inconsistency analysis across 8 phases with specialized agents. Language-agnostic. Dynamically discovers domain-specific patterns via Phase -1 before the main pipeline. Spawns nemesis-orchestrator which coordinates domain discovery, recon, mapping, interrogation, state checking, feedback loop, journey tracing, verification, and reporting. Triggers on /nemesis-scan or deep combined audit.
Generate Criterion benchmarks for telcoin-network hot paths. Trigger on: "benchmark", "add bench", "performance test", "criterion", "measure latency", "throughput test"
Deep bug hunt for the telcoin-network codebase (Rust + Solidity submodule) across 9 phases with specialized agents. Bug-hunter framing — asks 'how does this fail in production?' not 'how does an attacker exploit this?'. Covers concurrency, determinism, consensus correctness, state atomicity, panic surface, fork risk, and error propagation. Produces bug tickets with repro + failure mode per finding. Triggers on /tn-bug-scan or tn bug scan or telcoin bug hunt.
| name | tn-review |
| description | Code Review & Security Analysis Skill |
Use this skill when asked to review code, audit files, analyze PRs, or perform security analysis. Trigger on: "review", "audit", "analyze", "code review", "PR review", "security check", "look at this code", "check this module", "what do you think of this". Use this skill whenever the user asks you to examine code for quality, safety, or correctness — even if they don't explicitly say "review" or "audit".
Telcoin-network is a Rust blockchain node combining Narwhal/Bullshark DAG-based BFT consensus with EVM execution via Reth. In this system, correctness equals safety: consensus bugs can halt the network, EVM state transition mismatches can lose funds, and concurrency bugs in async networking can corrupt shared state. The review categories and severity calibrations throughout this skill are tuned for this threat profile — a "Medium" finding in a typical web service may be "Critical" here if it can cause validator disagreement.
Determine the review scope from the user's request:
git diff for the relevant range. Read every changed file in full (not just the diff hunks — surrounding context catches issues the diff alone hides). Also read files that import or are imported by changed files when the change touches a public interface..rs files in the crate. Start with lib.rs or main.rs to understand the module's public surface, then read internal modules. For large crates (20+ files), read lib.rs first to understand structure, then prioritize files touching consensus, state, crypto, or networking.While reading, note the file path, line numbers, and any concerns across these categories:
Rust & Systems
unsafe blocks without safety comments, raw pointer manipulation, transmute, missing bounds checks, buffer handling, use-after-free patternsSend/Sync bound issues, missing or incorrect use of Arc/Mutex/RwLock, unbounded channel/queue growth, task cancellation safety (what happens when a tokio task is dropped mid-await?)unwrap()/expect() on fallible operations in non-test code (these panic and crash the node), _ catch-all in match arms that silently swallow new variants, error chains that lose context via .map_err(|_| ...)Consensus & Blockchain
General
const fn, type-level computation), inefficient data structures for the access patternWrite findings to report.md in the project root (or as specified by the user).
Report structure:
# Code Review: [scope description]
Date: [date]
Scope: [what was reviewed — PR number, crate name, or file list]
## Summary
[1-2 sentences on overall assessment]
| # | Title | Severity | Category | Status |
|---|-------|----------|----------|--------|
## Findings
### [N]. [Title]
- **Severity (initial)**: Critical / High / Medium / Low / Informational
- **Category**: [from list above]
- **Location**: `file_path:line_number`
- **Claim**: [standalone factual assertion — what is wrong, NO reasoning chain]
- **Key Question**: [the specific thing a verifier must answer — e.g., "Can this unwrap panic if a validator sends a malformed certificate?"]
- **Relevant Files**: [files that must be read to verify this finding]
- **Source**: tn-review
Severity guide — calibrated for a blockchain node:
unwrap() in paths that are practically safe but not provably soAfter documenting all findings in Phase 2, invoke the findings-verifier agent via the Agent tool to verify each finding independently, produce the final report, and present confirmed results.
Pass to the agent:
report.md (all documented findings in canonical schema)The findings-verifier agent handles:
report.md with verification resultsDo not present findings to the user before findings-verifier completes. Unverified findings waste time.
file_path:line_number references for every finding.unwrap() on a Some that's guaranteed by the previous line is not High.debug_assert! is not a production guard — it compiles to nothing in release builds. If correctness depends on a debug_assert!, that's a real finding.