// Security audit of Cairo/Starknet code. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), deep (+ adversarial reasoning), or specific filenames.
Routes Cairo/Starknet coding and audit tasks to the smallest relevant module for focused, high-quality execution.
Cairo smart-contract authoring on Starknet. Trigger on "write a contract", "create a contract", "implement this in Cairo", "add storage/events/interface", "compose components". Guides structure, security patterns, and component wiring.
Improves Cairo performance after correctness is established. Trigger on "optimize", "gas usage", "reduce steps", "profile", "BoundedInt", "storage packing", "benchmark". Guides profiling, arithmetic optimization, and bounded-int hardening.
Cairo smart-contract testing with snforge. Trigger on "write tests", "add unit tests", "fuzz test", "integration test", "test this contract", "regression test". Guides test strategy, cheatcode usage, and coverage.
Covers Starknet build, declare, deploy, verify, and release operations with a deterministic workflow and command-level references.
Run a local security audit on a Cairo repository
| name | cairo-auditor |
| description | Security audit of Cairo/Starknet code. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), deep (+ adversarial reasoning), or specific filenames. |
| allowed-tools | ["Bash","Read","Glob","Grep","Task","Agent"] |
You are the orchestrator of a parallelized Cairo/Starknet security audit. Your job is to discover in-scope files, run deterministic preflight, spawn scanning agents, then merge and deduplicate their findings into a single report.
Exclude pattern (applies to all modes):
Skip exact directory names via find ... -prune: test, tests, mock, mocks, example, examples, preset, presets, fixture, fixtures, vendor, vendors.
Skip files matching: *_test.cairo, *Test*.cairo.
Default (no arguments): scan all .cairo files in the repo using the exclude pattern.
deep: same scope as default, but also spawns the adversarial reasoning agent (Agent 5). Use for thorough reviews. Slower and more costly.
$filename ...: scan the specified file(s) only.
Flags:
--file-output (off by default): also write the report to a markdown file. Without this flag, output goes to the terminal only.Turn 1 — Discover. Print the banner, then in the same message make parallel tool calls:
(a) Resolve and persist in-scope .cairo files to /tmp/cairo-audit-files.txt per mode selection:
find <repo-root> \
\( -type d \( -name test -o -name tests -o -name mock -o -name mocks -o -name example -o -name examples -o -name fixture -o -name fixtures -o -name vendor -o -name vendors -o -name preset -o -name presets \) -prune \) \
-o \( -type f -name "*.cairo" ! -name "*_test.cairo" ! -name "*Test*.cairo" -print \) \
| sort > /tmp/cairo-audit-files.txt
cat /tmp/cairo-audit-files.txt
For $filename ... mode, do not run find. Instead, run:
REPO_ROOT=$(python3 -c 'import os,sys; print(os.path.realpath(sys.argv[1]))' "<repo-root>")
> /tmp/cairo-audit-files.txt
for f in "$@"; do
[ -z "$f" ] && continue
ABS_PATH=$(python3 - "$REPO_ROOT" "$f" <<'PY'
import os
import sys
repo_root, arg = sys.argv[1], sys.argv[2]
candidate = arg if os.path.isabs(arg) else os.path.join(repo_root, arg)
print(os.path.realpath(candidate))
PY
)
case "$ABS_PATH" in
"$REPO_ROOT"/*) ;;
*) continue ;;
esac
[ -f "$ABS_PATH" ] || continue
case "$ABS_PATH" in
*.cairo) echo "$ABS_PATH" >> /tmp/cairo-audit-files.txt ;;
esac
done
sort -u -o /tmp/cairo-audit-files.txt /tmp/cairo-audit-files.txt
cat /tmp/cairo-audit-files.txt
(b) Glob for **/references/attack-vectors/attack-vectors-1.md and resolve:
{refs_root} = two levels up from the match (.../references){skill_root} = three levels up from the match (skill directory that contains SKILL.md, agents/, references/, VERSION)(c) If scripts/quality/audit_local_repo.py exists relative to the skill's repo root, run the deterministic preflight for full-repo modes only (default/deep). In $filename ... mode, skip preflight so the context stays scoped to the targeted files:
python3 scripts/quality/audit_local_repo.py --repo-root <repo-root> --scan-id preflight --output-dir /tmp
Print the preflight results (class counts, severity counts) as context for specialists.
Turn 2 — Prepare. In a single message, make three parallel tool calls:
(a) Read {skill_root}/agents/vector-scan.md — you will paste this full text into every agent prompt.
(b) Read {refs_root}/report-formatting.md — you will use this for the final report.
(c) Bash: create four per-agent bundle files (/tmp/cairo-audit-agent-{1,2,3,4}-bundle.md) in a single command. Each bundle concatenates:
.cairo files (with ### path headers and fenced code blocks),{refs_root}/judging.md,{refs_root}/report-formatting.md,{refs_root}/attack-vectors/attack-vectors-N.md (one per agent — only the attack-vectors file differs).Print line counts per bundle. Example command:
Before running this command, substitute placeholders ({refs_root}, {repo-root}) with the concrete paths resolved in Turn 1.
REFS="{refs_root}"
SRC="{repo-root}"
IN_SCOPE="/tmp/cairo-audit-files.txt"
set -euo pipefail
build_code_block() {
while IFS= read -r f; do
[ -z "$f" ] && continue
REL=$(echo "$f" | sed "s|$SRC/||")
echo "### $REL"
echo '```cairo'
cat "$f"
echo '```'
echo ""
done < "$IN_SCOPE"
}
CODE=$(build_code_block)
for i in 1 2 3 4; do
{
echo "$CODE"
echo "---"
cat "$REFS/judging.md"
echo "---"
cat "$REFS/report-formatting.md"
echo "---"
cat "$REFS/attack-vectors/attack-vectors-$i.md"
} > "/tmp/cairo-audit-agent-$i-bundle.md"
echo "Bundle $i: $(wc -l < /tmp/cairo-audit-agent-$i-bundle.md) lines"
done
Do NOT read or inline any file content into agent prompts — the bundle files replace that entirely.
Turn 3 — Spawn. In a single message, spawn all agents as parallel foreground Agent tool calls (do NOT use run_in_background). Always spawn Agents 1–4. Only spawn Agent 5 when the mode is deep.
Agents 1–4 (vector scanning) — spawn with model: "sonnet". Each agent prompt must contain the full text of vector-scan.md (read in Turn 2, paste into every prompt). After the instructions, add: Your bundle file is /tmp/cairo-audit-agent-N-bundle.md (XXXX lines). (substitute the real line count). Include the deterministic preflight results if available so agents have extra context.
Agent 5 (adversarial reasoning, deep mode only) — spawn with model: "opus". The prompt must instruct it to:
{skill_root}/agents/adversarial.md for its full instructions.{refs_root}/judging.md and {refs_root}/report-formatting.md./tmp/cairo-audit-files.txt to obtain in-scope paths, then read only those .cairo files directly (not via bundle).Turn 4 — Report. Merge all agent results:
If --file-output is set, write the report to {repo-root}/security-review-{timestamp}.md and print the path.
Before doing anything else, print this exactly:
██████╗ █████╗ ██╗██████╗ ██████╗ █████╗ ██╗ ██╗██████╗ ██╗████████╗ ██████╗ ██████╗
██╔════╝██╔══██╗██║██╔══██╗██╔═══██╗ ██╔══██╗██║ ██║██╔══██╗██║╚══██╔══╝██╔═══██╗██╔══██╗
██║ ███████║██║██████╔╝██║ ██║ ███████║██║ ██║██║ ██║██║ ██║ ██║ ██║██████╔╝
██║ ██╔══██║██║██╔══██╗██║ ██║ ██╔══██║██║ ██║██║ ██║██║ ██║ ██║ ██║██╔══██╗
╚██████╗██║ ██║██║██║ ██║╚██████╔╝ ██║ ██║╚██████╔╝██████╔╝██║ ██║ ╚██████╔╝██║ ██║
╚═════╝╚═╝ ╚═╝╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝
After printing the banner, run two parallel tool calls: (a) Read the local VERSION file from the same directory as this skill, (b) Bash curl -sf --connect-timeout 5 --max-time 10 https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/cairo-auditor/VERSION. If the remote fetch succeeds and the versions differ, print:
You are not using the latest version. Run
/plugin marketplace update keep-starknet-strange/starknet-skillsfor best security coverage.
Then continue normally. If the fetch fails (offline, timeout), skip silently.
Use this command for the remote check:
curl -sf --connect-timeout 5 --max-time 10 https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/cairo-auditor/VERSION
$filename ...) rather than full-repo.Each finding must include:
class_idseverity (Critical / High / Medium / Low)confidence score (0–100)entry_point (file:line)attack_path (concrete caller -> function -> state -> impact)guard_analysis (what guards exist, why they fail)recommended_fix (diff block for confidence >= 75)required_tests (regression + guard tests)references/vulnerability-db/references/attack-vectors/../datasets/normalized/findings/../datasets/distilled/vuln-cards/../evals/cases/<75 may be listed as low-confidence notes without a fix block.