Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

$pwd:

cadence-audit

Name: Cadence Audit
Author: onflow

// Comprehensive audit and review skill for Cadence smart contracts on the Flow blockchain. Identifies security vulnerabilities, bugs, code quality issues, and optimization opportunities. Produces severity-rated findings (Critical/High/Medium/Low) with actionable fixes. TRIGGER when: auditing, reviewing, or improving Cadence code, checking for security issues, performing code review on .cdc files, looking for anti-patterns or vulnerabilities, optimizing smart contract code, "review cadence", "audit cadence", "check cadence security", "validate cadence contract", "review my .cdc file", "security review", "code review", "find vulnerabilities", "check this contract", "is this code secure", "audit my project". DO NOT TRIGGER when: writing new contracts from scratch (use cadence-scaffold), asking about Cadence syntax or patterns (use cadence-lang), building token contracts (use cadence-tokens).

Ejecutar en Manus

$ git log --oneline --stat

stars:5

forks:1

updated:20 de abril de 2026, 21:42

Explorador de archivos

3 archivos

SKILL.md

readonly

name

cadence-audit

description

Comprehensive audit and review skill for Cadence smart contracts on the Flow blockchain. Identifies security vulnerabilities, bugs, code quality issues, and optimization opportunities. Produces severity-rated findings (Critical/High/Medium/Low) with actionable fixes. TRIGGER when: auditing, reviewing, or improving Cadence code, checking for security issues, performing code review on .cdc files, looking for anti-patterns or vulnerabilities, optimizing smart contract code, "review cadence", "audit cadence", "check cadence security", "validate cadence contract", "review my .cdc file", "security review", "code review", "find vulnerabilities", "check this contract", "is this code secure", "audit my project". DO NOT TRIGGER when: writing new contracts from scratch (use cadence-scaffold), asking about Cadence syntax or patterns (use cadence-lang), building token contracts (use cadence-tokens).

Cadence Smart Contract Audit

Conduct comprehensive security, quality, and performance reviews of Cadence smart contracts.

Audit Modes

Single File Review

When reviewing a specific file or code snippet, analyze it across four dimensions and produce a structured report.

Project-Wide Audit

When auditing a full project:

Discover all .cdc files: cadence/contracts/*.cdc, cadence/transactions/*.cdc, cadence/scripts/*.cdc
If none found, search recursively from project root for *.cdc
Systematically audit each file using the checklist
Produce a project-level summary with file-by-file findings

Review Dimensions

Security — Vulnerabilities, access control, resource safety, capability management
Bugs — Nil dereferences, resource loss, type confusion, infinite loops
Code Quality — Readability, naming, documentation, patterns compliance
Optimization — Unnecessary copies, storage inefficiencies, gas usage

Quick Per-Function Checklist

Can the field be let instead of var?
Can the function be view?
Can access be more restrictive (access(self), entitled)?
Are inputs validated with pre-conditions?
Are results verified with post-conditions?
Are error messages descriptive with interpolated values?

Navigation

Reference	Content
audit-checklist.md	Full security, bugs, quality, DeFi, optimization checklists
review-format.md	Structured output format, severity levels, verdict criteria

Companion Skills

cadence-lang — Essential during audits. Consult for access control rules, entitlement patterns, resource safety, anti-patterns, and design patterns. Every audit finding should reference the specific Cadence rule being violated.
cadence-tokens — Consult when auditing NFT/FT contracts for standard compliance (NonFungibleToken interface, MetadataViews requirements).
cadence-testing — Use to follow up on audit findings like "missing test coverage" or "edge case not tested" with concrete test-writing guidance.

related-skills.json

mismo repositorio

cadence-lang.md

from "onflow/flow-ai-tools"

Comprehensive guide for writing correct, secure, and idiomatic Cadence smart contract code on the Flow blockchain. Covers language fundamentals (resources, contracts, transactions, interfaces, accounts, references, imports), access control and entitlements, capabilities, pre/post conditions, security best practices, anti-patterns to avoid, and proven design patterns. TRIGGER when: writing or debugging Cadence code, asking about Cadence syntax, access(self), access(all), entitlements, resources, move operator (<-), capabilities, references, pre/post conditions, storage paths, "how do I write cadence", "cadence error", "compile error in .cdc", "what does access(self) mean", "how do resources work", "capability-based security". DO NOT TRIGGER when: building NFT/FT token contracts (use cadence-tokens), setting up flow.json or FCL (use flow-project-setup), reviewing existing code for vulnerabilities (use cadence-audit), generating new contracts from scratch (use cadence-scaffold).

2026-05-065

cadence-scaffold.md

from "onflow/flow-ai-tools"

Generate production-ready Cadence smart contracts, transactions, and DeFi transactions from scratch following security-first standards. Scaffolds secure code with proper access control, entitlements, events, storage paths, and phase discipline. TRIGGER when: creating new Cadence contracts, generating transactions, scaffolding DeFi transactions, building smart contracts from scratch, "generate contract", "create transaction", "scaffold", "new contract", "new transaction", "build a contract for", "write me a contract", "help me create a", "template for", "boilerplate", "starter contract", "create an NFT contract", "generate a transfer transaction". DO NOT TRIGGER when: reviewing or auditing existing code (use cadence-audit), asking about Cadence syntax or language rules (use cadence-lang), configuring flow.json (use flow-project-setup).

2026-05-065

cadence-testing.md

from "onflow/flow-ai-tools"

Guide for writing, running, and debugging unit tests for Cadence smart contracts using the built-in Cadence Testing Framework and `flow test`. Covers test file structure (_test.cdc, setup/beforeEach/tearDown), assertions and matchers, blockchain emulation (accounts, deployments, events, time manipulation), coverage reports, CI integration, and testing patterns. TRIGGER when: writing Cadence unit tests, debugging failing tests, using Test.assert / Test.expect / Test.assertEqual / Test.expectFailure, matchers (Test.equal, Test.beGreaterThan, etc.), Test.createAccount / Test.deployContract / Test.executeTransaction / Test.executeScript in tests, Test.moveTime, Test.eventsOfType in tests, Test.reset, `flow test`, `flow test --cover`, coverage reports, `_test.cdc`, "how do I test this contract", "test is flaky", "mock a capability in a test". DO NOT TRIGGER when: writing contract or transaction code itself (use cadence-lang), generating new contracts/transactions from scratch (use cadence-scaffold), auditing non-t

2026-04-235

cadence-tokens.md

from "onflow/flow-ai-tools"

Guide for developing NFT and Fungible Token contracts on the Flow blockchain using Cadence. Covers NonFungibleToken and FungibleToken interface conformance, MetadataViews integration for marketplace compatibility, collection patterns, minting, standard paths, event emission, and modular NFT architectures for complex traits and evolution. TRIGGER when: building NFT contracts, FT token contracts, implementing NonFungibleToken or FungibleToken interfaces, working with MetadataViews, creating collections, minting tokens, "create an NFT", "build a token contract", "mint NFT", "NFT collection", "fungible token vault", "royalties", "MetadataViews.Display", "NonFungibleToken.Collection", "token standards", "FungibleToken.Vault". DO NOT TRIGGER when: asking about general Cadence syntax or patterns (use cadence-lang), setting up flow.json or deploying (use flow-project-setup), auditing code (use cadence-audit).

2026-04-205

flow-cli.md

from "onflow/flow-ai-tools"

Complete reference for the Flow CLI — the command-line tool for developing, testing, and deploying on the Flow blockchain. Covers project initialization, account management, contract deployment, transaction sending, script execution, dependency management, key generation, scheduled transactions, and emulator usage. TRIGGER when: using the Flow CLI, running flow commands, "flow accounts get", "flow accounts create", "flow init", "flow project deploy", "flow scripts execute", "flow transactions send", "flow test", "flow emulator", "flow keys generate", "flow dependencies install", "flow accounts fund", "deploy contract to testnet", "how to create a Flow account", "check account balance on Flow", "run cadence script", "send a transaction", "flow accounts add-contract", "flow accounts staking-info". DO NOT TRIGGER when: writing Cadence contract code (use cadence-lang), building React frontends (use flow-react-sdk), auditing code (use cadence-audit).

2026-04-205

flow-defi.md

from "onflow/flow-ai-tools"

Architecture guide for building DeFi protocols on the Flow blockchain. Covers Flow's DeFi-specific advantages (MEV-free EVM, cross-VM atomic transactions, on-chain automation), core DeFi primitives (lending health factors, interest rate kink models, AMM type selection), liquidity bootstrapping strategy (veFLOW, Merkl, CL ranges, bootstrapping benchmarks), and the current Flow DeFi ecosystem map (existing protocols, missing primitives, opportunity analysis). TRIGGER when: designing a lending protocol on Flow, choosing AMM type for a DEX, liquidity bootstrapping strategy, veFLOW mechanics, "how does Flow DeFi work", "AMM types on Flow", "liquidity bootstrapping", "Flow DeFi ecosystem", "cross-VM composability for DeFi", "health factors", "interest rate curves", "collateral design", "DEX TVL", "Merkl integration", "missing DeFi primitives on Flow", "perp DEX on Flow", "launchpad on Flow", "COA pattern", "MEV-free EVM". DO NOT TRIGGER when: designing token economics (use flow-tokenomics), asking about Cadence syn

2026-04-205

package.json

"author": "onflow"

"repository": "onflow/flow-ai-tools"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas15-1212L4

name

cadence-audit

description

Cadence Smart Contract Audit

Conduct comprehensive security, quality, and performance reviews of Cadence smart contracts.

Audit Modes

Single File Review

When reviewing a specific file or code snippet, analyze it across four dimensions and produce a structured report.

Project-Wide Audit

When auditing a full project:

Discover all .cdc files: cadence/contracts/*.cdc, cadence/transactions/*.cdc, cadence/scripts/*.cdc
If none found, search recursively from project root for *.cdc
Systematically audit each file using the checklist
Produce a project-level summary with file-by-file findings

Review Dimensions

Security — Vulnerabilities, access control, resource safety, capability management
Bugs — Nil dereferences, resource loss, type confusion, infinite loops
Code Quality — Readability, naming, documentation, patterns compliance
Optimization — Unnecessary copies, storage inefficiencies, gas usage

Quick Per-Function Checklist

Can the field be let instead of var?
Can the function be view?
Can access be more restrictive (access(self), entitled)?
Are inputs validated with pre-conditions?
Are results verified with post-conditions?
Are error messages descriptive with interpolated values?

Navigation

Reference	Content
audit-checklist.md	Full security, bugs, quality, DeFi, optimization checklists
review-format.md	Structured output format, severity levels, verdict criteria

Companion Skills

cadence-lang — Essential during audits. Consult for access control rules, entitlement patterns, resource safety, anti-patterns, and design patterns. Every audit finding should reference the specific Cadence rule being violated.
cadence-tokens — Consult when auditing NFT/FT contracts for standard compliance (NonFungibleToken interface, MetadataViews requirements).
cadence-testing — Use to follow up on audit findings like "missing test coverage" or "edge case not tested" with concrete test-writing guidance.

cadence-audit

Cadence Smart Contract Audit

Audit Modes

Single File Review

Project-Wide Audit

Review Dimensions

Quick Per-Function Checklist

Navigation

Companion Skills

Más de este repositorio

Más de este repositorio

Cadence Smart Contract Audit

Audit Modes

Single File Review

Project-Wide Audit

Review Dimensions

Quick Per-Function Checklist

Navigation

Companion Skills