Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

snarkvm-review

Name: Snarkvm Review
Author: ProvableHQ

// Security-focused PR review for snarkVM codebase. WHEN: User says "review PR", "audit PR", "security review", "check PR changes", or wants thorough analysis of PR changes for bugs/vulnerabilities. WHEN NOT: Fixing review feedback (use snarkvm-fix pr), fetching context only (use snarkvm-github), or fixing issues (use snarkvm-fix).

Exécuter dans Manus

$ git log --oneline --stat

stars:1 156

forks:1 550

updated:24 février 2026 à 16:07

SKILL.md

readonly

name	snarkvm-review
description	Security-focused PR review for snarkVM codebase. WHEN: User says "review PR", "audit PR", "security review", "check PR changes", or wants thorough analysis of PR changes for bugs/vulnerabilities. WHEN NOT: Fixing review feedback (use snarkvm-fix pr), fetching context only (use snarkvm-github), or fixing issues (use snarkvm-fix).
context	fork
agent	general-purpose
model	opus
allowed-tools	Bash, Read, Write, Grep, Glob, Task
disable-model-invocation	true

Security-Focused PR Review

Mindset: Assume there is a bug. Find it. Ultrathink.

This skill runs in a forked context to keep exploration out of your main conversation.

Usage

/snarkvm-review <pr_number>

Setup

PR=$ARGUMENTS
WS=".claude/workspace"
SKILL_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../snarkvm-github" && pwd)"

1. Load Context

if [[ ! -f "$WS/state-pr-$PR.md" ]]; then
  "$SKILL_DIR/scripts/fetch-pr.sh" "$PR"
fi

Read: $WS/state-pr-$PR.md, $WS/files-pr-$PR.txt

2. Triage by Risk

Categorize changed files by risk:

CRITICAL: algorithms/ (crypto primitives), circuit/ (constraint generation), synthesizer/src/vm/ (consensus logic)
HIGH: console/ (types, serialization), synthesizer/process/ (execution), ledger/ (state management)
MEDIUM: synthesizer/program/ (instructions, logic), fields/, curves/
LOW: utilities/, test files, docs, CI config

Update $WS/state-pr-$PR.md with risk assessment.

For large PRs (30+ files): Focus CRITICAL/HIGH risk areas first. Use parallel subagents by category (crypto/circuit, synthesizer, other).

3. Understand Intent

Before diving into code:

Read PR description: jq -r .body "$WS/context-pr-$PR.json"
Check linked issues: cat "$WS/linked-issues-pr-$PR.txt"
What consensus invariants must hold?
What could go wrong?

4. Analyze Code

Small/medium PRs (< 30 files): Sequential. For each CRITICAL/HIGH risk file — read full file, trace logic, check boundaries, write findings to state file, release from memory.

Large PRs (30+ CRITICAL/HIGH files): Spawn parallel Task subagents by category (crypto/circuit, synthesizer, other). Each reads assigned files, applies AGENTS.md checklists, returns findings table.

Apply AGENTS.md Review Checklist (Correctness, Crypto-Specific, Memory & Performance, Security) to each file.

5. Validate

Validate affected crates per AGENTS.md.

6. Report

Update $WS/state-pr-$PR.md with findings:

Sev	Location	Issue	Suggested Fix

Severity: BLOCKER (must fix), BUG (should fix), ISSUE (consider), NIT (optional).

Recommendation: Approve, Request changes, or Needs discussion.

7. Handoff

If requesting changes, create handoff for /snarkvm-fix pr:

sed -e "s/{{NUM}}/$PR/g" "$SKILL_DIR/templates/handoff.md" > "$WS/handoff-pr-$PR.md"

Common Vulnerability Patterns in snarkVM

Consensus divergence: Changes that produce different outputs for same inputs across versions
Circuit/console mismatch: Circuit constraints don't match console logic, producing invalid proofs
Serialization breaking: Format changes that break backwards compatibility
Field overflow: Arithmetic on field elements without proper bounds checking
Randomness misuse: Non-cryptographic or predictable randomness in proof generation
Unchecked deserialization: Accepting malformed data that violates type invariants

related-skills.json

même dépôt

snarkvm-github.md

from "ProvableHQ/snarkVM"

Fetch GitHub context (PR or issue) into workspace for snarkVM development. WHEN: User says "fetch pr", "fetch issue", "get PR context", "load issue", mentions PR/issue numbers like "#123" or "PR 456", or needs GitHub context before reviewing/fixing. WHEN NOT: User already has fresh context loaded, or is asking about non-snarkVM repositories.

2026-02-241.2k

snarkvm-fix.md

from "ProvableHQ/snarkVM"

Fix GitHub issues or PR review feedback in snarkVM using TDD workflow. WHEN: User says "fix issue", "fix #123", "fix pr", "fix PR feedback", "address review comments", "resolve review threads", or wants to fix a bug/feature request from GitHub issues or address reviewer requests. WHEN NOT: Doing security review (use snarkvm-review), fetching context only (use snarkvm-github), or working on non-snarkVM code.

2026-02-191.2k

package.json

"author": "ProvableHQ"

"repository": "ProvableHQ/snarkVM"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Analystes en assurance qualité des logiciels et testeursProfessions informatiques et mathématiques15-1253L4

name	snarkvm-review
description	Security-focused PR review for snarkVM codebase. WHEN: User says "review PR", "audit PR", "security review", "check PR changes", or wants thorough analysis of PR changes for bugs/vulnerabilities. WHEN NOT: Fixing review feedback (use snarkvm-fix pr), fetching context only (use snarkvm-github), or fixing issues (use snarkvm-fix).
context	fork
agent	general-purpose
model	opus
allowed-tools	Bash, Read, Write, Grep, Glob, Task
disable-model-invocation	true

Security-Focused PR Review

Mindset: Assume there is a bug. Find it. Ultrathink.

This skill runs in a forked context to keep exploration out of your main conversation.

Usage

/snarkvm-review <pr_number>

Setup

PR=$ARGUMENTS
WS=".claude/workspace"
SKILL_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../snarkvm-github" && pwd)"

1. Load Context

if [[ ! -f "$WS/state-pr-$PR.md" ]]; then
  "$SKILL_DIR/scripts/fetch-pr.sh" "$PR"
fi

Read: $WS/state-pr-$PR.md, $WS/files-pr-$PR.txt

2. Triage by Risk

Categorize changed files by risk:

CRITICAL: algorithms/ (crypto primitives), circuit/ (constraint generation), synthesizer/src/vm/ (consensus logic)
HIGH: console/ (types, serialization), synthesizer/process/ (execution), ledger/ (state management)
MEDIUM: synthesizer/program/ (instructions, logic), fields/, curves/
LOW: utilities/, test files, docs, CI config

Update $WS/state-pr-$PR.md with risk assessment.

For large PRs (30+ files): Focus CRITICAL/HIGH risk areas first. Use parallel subagents by category (crypto/circuit, synthesizer, other).

3. Understand Intent

Before diving into code:

Read PR description: jq -r .body "$WS/context-pr-$PR.json"
Check linked issues: cat "$WS/linked-issues-pr-$PR.txt"
What consensus invariants must hold?
What could go wrong?

4. Analyze Code

Small/medium PRs (< 30 files): Sequential. For each CRITICAL/HIGH risk file — read full file, trace logic, check boundaries, write findings to state file, release from memory.

Apply AGENTS.md Review Checklist (Correctness, Crypto-Specific, Memory & Performance, Security) to each file.

5. Validate

Validate affected crates per AGENTS.md.

6. Report

Update $WS/state-pr-$PR.md with findings:

Sev	Location	Issue	Suggested Fix

Severity: BLOCKER (must fix), BUG (should fix), ISSUE (consider), NIT (optional).

Recommendation: Approve, Request changes, or Needs discussion.

7. Handoff

If requesting changes, create handoff for /snarkvm-fix pr:

sed -e "s/{{NUM}}/$PR/g" "$SKILL_DIR/templates/handoff.md" > "$WS/handoff-pr-$PR.md"

Common Vulnerability Patterns in snarkVM

Consensus divergence: Changes that produce different outputs for same inputs across versions
Circuit/console mismatch: Circuit constraints don't match console logic, producing invalid proofs
Serialization breaking: Format changes that break backwards compatibility
Field overflow: Arithmetic on field elements without proper bounds checking
Randomness misuse: Non-cryptographic or predictable randomness in proof generation
Unchecked deserialization: Accepting malformed data that violates type invariants

snarkvm-review

Security-Focused PR Review

Usage

Setup

1. Load Context

2. Triage by Risk

3. Understand Intent

4. Analyze Code

5. Validate

6. Report

7. Handoff

Common Vulnerability Patterns in snarkVM

Plus depuis ce dépôt

Security-Focused PR Review

Usage

Setup

1. Load Context

2. Triage by Risk

3. Understand Intent

4. Analyze Code

5. Validate

6. Report

7. Handoff

Common Vulnerability Patterns in snarkVM

Plus depuis ce dépôt