ワンクリックで
lab-notebook
Use after every NSS scan, investigation, or triage. Write lab notebook entry comparing this run to prior runs.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Use after every NSS scan, investigation, or triage. Write lab notebook entry comparing this run to prior runs.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Practitioner-elevated asset tracing patterns from SlowMist Crypto-Asset-Tracing-Handbook. Provides canonical property tables for obfuscation patterns (peel chains, mixers, bridge hops), address behavior clustering/risk profiling, cross-chain reconstruction workflows. Hard-first on behavioral + flow invariants. Integrates with codegraph-x-ray, deep-dive-handoff, and bounty forensics. Includes reference implementation for mixer deposit/withdrawal clustering. Trigger: alpha-miner on tracing handbook or similar.
Drop-in skill adapted from Glider query engine for static analysis, taint tracking, CFG/DFG traversal in bug bounty. Supports lazy reference loading, creativity layer for audited targets, integrates with bounty-loop. EVM priority with Solana compatibility.
Use for mining validator/runtime/cache/storage-key coherence bugs in blockchain clients, VMs, program loaders, bridge runtimes, and execution harnesses. Hard-first on stale cache, recycled identifier, partial flush, epoch/generation drift, mempool/order-dependent runtime state, and storage-key confusion. Trigger on runtime cache invariant, stale cache bug, VM storage confusion, client cache coherence, Aptos-style hijack, validator-local state, epoch-boundary bug, or when alpha-miner extracts runtime/client exploit engineering.
Cross-references a graphified target codebase (codegraph-x-ray output) against the local AuditVault corpus to surface structurally analogous historical vulnerabilities. Run after codegraph-x-ray has completed and produced invariants.md and property_candidates.md. Produces ranked pattern-match hits with per-finding graph anchor evidence. Pattern matches are advisory signals only — never evidence of exploitability and never a substitute for live reproduction or submission-gate validation.
Combines structured codegraph intelligence with rigorous invariant synthesis. Enforces high-quality usage of codegraph to identify the Primary Target Subsystem, then applies ordered structural invariant discovery with strict verification gates. Produces categorized invariants and high-quality property candidates ready for ultrafuzz-discovery. Trigger on codegraph-x-ray, x-ray with codegraph, invariant synthesis, primary subsystem invariants.
Optional accelerator and scaffolder for ultrafuzz-discovery. Brings parallel specialized invariant discovery agents, automated harness/handler scaffolding, coverage-driven refinement loops, property tagging, and reproducible test generation helpers from high-quality EVM fuzz patterns. Designed to speed up property fan-in and executable attempts phases while preserving NSS rigor, fresh-context pass@k, adjudication, and Crucible usage. Trigger on fuzz-scaffolder, accelerate invariant discovery, generate fuzz harness, scaffold handlers.
| name | lab-notebook |
| description | Use after every NSS scan, investigation, or triage. Write lab notebook entry comparing this run to prior runs. |
Hermes is the lab notebook. The Python pipeline is the instrument; you record what was tried, what differed, and what it means.
Mandatory after:
nss-hipif-chain (primary daily cron) / nss-hipif-chain-run.py deterministic chainnss-bounty-loop tick inside HIPIF depth/hunt subgoalsbounty loop, investigate, or run sessions worth keepingUse the memory tool to append to MEMORY.md in this profile. Update sections: Active campaigns, Lessons/Gotchas, Open questions.
Write a dated entry:
data/security_results/lab_notebook/YYYY-MM-DD-<slug-or-scan>.md
# Lab entry — YYYY-MM-DD
## Trigger
cron: nss-hipif-chain | nss-bounty-loop | manual | ...
## Scan queue (dry-run top 3)
- slug: grade, scan_grade3_plus, submittable_candidate, analogue
## Investigated
- [slug]: config path, proposals file, campaign_id
## Delegate proposals vs last run
- New templates/params: ...
- Repeated (same as last): ...
- Rejected by validate_hypothesis: ...
## Engine outcome
- Findings: N | max grade: G | novel vs catalogue: ...
- findings_store campaign stats (if available): ...
## Same vs different
Explicit: did we probe differently, or rerun the same assay?
## Night Shift handoff (Day Shift sessions)
- Cron OK to run: ...
- Cron skip / deprioritize: ... (avoid duplicate assays Day Shift already completed)
- Open questions for Kate: ...
## Next action
One concrete step.
## Skill/recon updates
- Gotcha to add: ...
- recon.json change: ...
Before writing, read when available:
lab_notebook/*.md for same slugdata/security_results/hermes_proposals/ (last 2 JSON files)knowledge --campaign <id> --statsbounty_scan/latest.json or immunefi_scan/latest.json (scan-only entries)loop/state.json (saturated slugs, RSI: cooldown, refinement queue)knowledge/improvement_ledger.jsonl (RSI actions)