mit einem Klick
night-shift-security
night-shift-security enthält 30 gesammelte Skills von tradewife, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.
Skills in diesem Repository
Practitioner-elevated asset tracing patterns from SlowMist Crypto-Asset-Tracing-Handbook. Provides canonical property tables for obfuscation patterns (peel chains, mixers, bridge hops), address behavior clustering/risk profiling, cross-chain reconstruction workflows. Hard-first on behavioral + flow invariants. Integrates with codegraph-x-ray, deep-dive-handoff, and bounty forensics. Includes reference implementation for mixer deposit/withdrawal clustering. Trigger: alpha-miner on tracing handbook or similar.
Drop-in skill adapted from Glider query engine for static analysis, taint tracking, CFG/DFG traversal in bug bounty. Supports lazy reference loading, creativity layer for audited targets, integrates with bounty-loop. EVM priority with Solana compatibility.
Use for mining validator/runtime/cache/storage-key coherence bugs in blockchain clients, VMs, program loaders, bridge runtimes, and execution harnesses. Hard-first on stale cache, recycled identifier, partial flush, epoch/generation drift, mempool/order-dependent runtime state, and storage-key confusion. Trigger on runtime cache invariant, stale cache bug, VM storage confusion, client cache coherence, Aptos-style hijack, validator-local state, epoch-boundary bug, or when alpha-miner extracts runtime/client exploit engineering.
Cross-references a graphified target codebase (codegraph-x-ray output) against the local AuditVault corpus to surface structurally analogous historical vulnerabilities. Run after codegraph-x-ray has completed and produced invariants.md and property_candidates.md. Produces ranked pattern-match hits with per-finding graph anchor evidence. Pattern matches are advisory signals only — never evidence of exploitability and never a substitute for live reproduction or submission-gate validation.
Combines structured codegraph intelligence with rigorous invariant synthesis. Enforces high-quality usage of codegraph to identify the Primary Target Subsystem, then applies ordered structural invariant discovery with strict verification gates. Produces categorized invariants and high-quality property candidates ready for ultrafuzz-discovery. Trigger on codegraph-x-ray, x-ray with codegraph, invariant synthesis, primary subsystem invariants.
Optional accelerator and scaffolder for ultrafuzz-discovery. Brings parallel specialized invariant discovery agents, automated harness/handler scaffolding, coverage-driven refinement loops, property tagging, and reproducible test generation helpers from high-quality EVM fuzz patterns. Designed to speed up property fan-in and executable attempts phases while preserving NSS rigor, fresh-context pass@k, adjudication, and Crucible usage. Trigger on fuzz-scaffolder, accelerate invariant discovery, generate fuzz harness, scaffold handlers.
Use when turning a target surface into executable, repeated fuzz/invariant discovery. Applies the Monad Ultrafuzz lessons: property fan-in, strategy fan-out, fresh-context pass@k attempts, preserved failures, strict adjudication, and gate discipline.
Autonomous generation of high-signal strategies and property variants. Strongly enforces Hard-First philosophy. Combines structural analysis (codegraph), corpus patterns (AuditVault/Solodit), and runtime failure feedback to propose strategies focused on the most complex, highest blast-radius subsystems first.
Use after the deterministic NSS HIPIF chain to mine the local Auditware AuditVault corpus (Obsidian-style markdown) for atlas-axis metadata, severity-ranked protocol coverage, and refinement-queue anchors. Use when wiring advisory audit data into Hermes proposals or surfacing cross-protocol axis gaps. AuditVault is informational only — never a substitute for live reproduction, fork validation, deployment viability, or any submission gate.
Autonomous Immunefi + Cantina hunt loop until a novel finding hits submit_now. Human gate for external post.
Use when running multi-mission Kamino (or campaign) research via the deterministic coordinator — plan, delegate, cycle, journal.
Hierarchical Planning and Information Folding — one consecutive Night Shift v4.2 chain (scan, Solodit corpus, semantic recon, self-interrogation, Wormhole depth, KLend depth, hunt, RSI, refine, journal). Use for nss-hipif-chain cron, manual night runs, or when the user asks for HIPIF / all-in-one loop.
Use when expanding NSS attack hypotheses via Hermes delegate_task before a pipeline run. Writes hermes_proposals JSON for external provider ingestion.
Use when querying NSS findings store campaign stats and lineage survival analytics.
Use after every NSS scan, investigation, or triage. Write lab notebook entry comparing this run to prior runs.
Use when summarizing NSS novel vector catalog exports from pipeline Stage 5f outputs.
Persist operator state before context rollover or session end during mid-investigation hunts.
Phase C exploit execution — Foundry/Slither MCP, Anvil sandbox, PoC iteration.
Discovery alpha — file triage, git patch mining, recon invariant tests before deep analysis.
Phase D impact triage — oracle vs DEX divergence, TVS sibling sweep, submission readiness.
Deterministic RSI pass — findings store signals → loop state mutations, refinement hints, improvement ledger.
Use when exporting zero-RPC shoestring Immunefi submission pack from pipeline findings JSON.
Use after the deterministic NSS HIPIF chain to mine Cyfrin Solodit findings and local Solodit pattern artifacts for untrusted, target-pinned Hermes proposal JSON. Use when creating Solodit-informed attack hypotheses, analogue research digests, or next-run proposal files from data/security_results/knowledge/solodit_patterns.jsonl.
Human-grade bounty submission report assembly after a validated finding, including eligibility, deployed-binary proof, PoC packaging, screenshots, and caveats.
Use at Day Shift session open and close — read plan, execute blocks, verify, self-audit, hand off to Night Shift, write next session plan.
Use when turning a target surface into executable, repeated fuzz/invariant discovery. Applies the Monad Ultrafuzz lessons: property fan-in, strategy fan-out, fresh-context pass@k attempts, preserved failures, strict adjudication, and gate discipline.
Use when running the full NSS security pipeline with Hermes expansion, triage, and optional git push after pytest.
Use when scanning curated Immunefi Solana programs with NSS zero-RPC engine. Reads latest scan report.
Pre-submit checklist before external Immunefi/Cantina post — scope, PoC, KYC, deposit, duplicates.
Use after Immunefi scan to deep-dive top-ranked programs. Reads latest.json and runs full NSS pipeline per target.