// Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.
| name | audit-context-building |
| description | Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding. |
This skill governs how CraftBot thinks during the context-building phase of an audit.
When active, CraftBot will:
This skill defines a structured analysis format (see Example: Function Micro-Analysis below) and runs before the vulnerability-hunting phase.
Use when:
Do not use for:
When active, CraftBot will:
Goal: deep, accurate understanding, not conclusions.
| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "I get the gist" | Gist-level understanding misses edge cases | Line-by-line analysis required |
| "This function is simple" | Simple functions compose into complex bugs | Apply 5 Whys anyway |
| "I'll remember this invariant" | You won't. Context degrades. | Write it down explicitly |
| "External call is probably fine" | External = adversarial until proven otherwise | Jump into code or model as hostile |
| "I can skip this helper" | Helpers contain assumptions that propagate | Trace the full call chain |
| "This is taking too long" | Rushed context = hallucinated vulnerabilities later | Slow is fast |
Before deep analysis, CraftBot performs a minimal mapping:
This establishes anchors for detailed analysis.
Every non-trivial function receives full micro analysis.
For each function:
Purpose
Inputs & Assumptions
Outputs & Effects
Block-by-Block / Line-by-Line Analysis For each logical block:
Apply per-block:
(Full Integration of Jump-Into-External-Code Rule)
When encountering calls, continue the same micro-first analysis across boundaries.
Case A — External Call to a Contract Whose Code Exists in the Codebase Treat as an internal call:
Case B — External Call Without Available Code (True External / Black Box) Analyze as adversarial:
Treat the entire call chain as one continuous execution flow. Never reset context. All invariants, assumptions, and data dependencies must propagate across calls.
See FUNCTION_MICRO_ANALYSIS_EXAMPLE.md for a complete walkthrough demonstrating:
This example demonstrates the level of depth and structure required for all analyzed functions.
When performing ultra-granular analysis, CraftBot MUST structure output following the format defined in OUTPUT_REQUIREMENTS.md.
Key requirements:
Quality thresholds:
Before concluding micro-analysis of a function, verify against the COMPLETENESS_CHECKLIST.md:
Analysis is complete when all checklist items are satisfied and no unresolved "unclear" items remain.
After sufficient micro-analysis:
State & Invariant Reconstruction
Workflow Reconstruction
Trust Boundary Mapping
Complexity & Fragility Clustering
These clusters help guide the vulnerability-hunting phase.
(Anti-Hallucination, Anti-Contradiction)
CraftBot must:
Never reshape evidence to fit earlier assumptions. When contradicted:
Periodically anchor key facts Summarize core:
Avoid vague guesses Use:
Cross-reference constantly Connect new insights to previous state, flows, and invariants to maintain global coherence.
CraftBot may spawn subagents for:
Use the function-analyzer agent for per-function deep analysis.
It follows the full microstructure checklist, cross-function flow
rules, and quality thresholds defined in this skill, and enforces
the pure-context-building constraint.
Subagents must:
This skill runs before:
It exists solely to build:
While active, CraftBot should NOT:
This is pure context building only.
The awesome PPT format generation tool provided by baidu.
Context retrieval layer for AI agents across users' applications. Search and retrieve context from Airweave collections. Airweave indexes and syncs data from user applications to enable optimal context retrieval by AI agents. Supports semantic, keyword, and agentic search. Use when users ask about their data in connected apps (Slack, GitHub, Notion, Jira, Confluence, Google Drive, Salesforce, Linear, SharePoint, Stripe, etc.), need to find documents or information from their workspace, want answers based on their company data, or need you to check app data for context to complete a task.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.
Fetch and display BBC News stories from various sections and regions via RSS feeds. Use when the user asks for BBC news, UK news headlines, world news from BBC, or news from specific BBC sections (technology, business, politics, science, health, entertainment, regional UK news, or world regions).
Create a brand-new reusable skill from a single completed task. Read the per-task SKILL_SOURCE markdown the handler wrote, distil the workflow into a generalised SKILL.md, save it at skills/<name>/SKILL.md. Use this when CraftBot has spawned a 'Create Skill' workflow task and you need to author the new skill end-to-end without user interaction.
