菜单
Starknet account abstraction correctness and security guidance for validate/execute paths, nonces, signatures, and session policies.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Routes Starknet agent, wallet, DeFi, identity, SDK, and Cairo contract work to the smallest focused skill module.
SNIP-36 virtual block proving on Starknet. Trigger on "virtual block", "SNIP-36", "off-chain proof", "anonymous vote", "heavy computation off-chain", "prove a transaction". Covers Cairo virtual contract, proof server, starknet.js integration, and on-chain verification.
Security audit of Cairo/Starknet code. Trigger on "audit", "check this contract", "review for security". Modes - default (full repo), deep (+ adversarial reasoning), or specific filenames.
Create an anonymous Starknet wallet via Typhoon and interact with Starknet contracts. Privacy-focused wallet creation for agents requiring anonymity.
Reference for integrating or maintaining applications built with keep-starknet-strange/starkzap, including StarkSDK setup, onboarding, wallet lifecycle, sponsored transactions, ERC20 flows, staking, and transaction builder usage.
Simple P2P payments on Starknet. Generate QR codes, payment links, invoices, and transfer ETH/STRK/USDC. Like Lightning, but native.
| name | account-abstraction |
| description | Starknet account abstraction correctness and security guidance for validate/execute paths, nonces, signatures, and session policies. |
| license | Apache-2.0 |
| metadata | {"author":"starknet-agentic","version":"0.1.1","org":"keep-starknet-strange","source":"starknet-agentic"} |
| keywords | ["starknet","account-abstraction","signatures","nonces","session-keys","policy"] |
| allowed-tools | ["Bash","Read","Write","Glob","Grep","Task"] |
| user-invocable | true |
__validate__ enforces lightweight, bounded checks.__execute__ enforces policy and selector boundaries.cairo-auditor for final AA/security pass before merge.__validate__ constraints and DoS resistance.__execute__ policy enforcement correctness.import { Account, CallData, RpcProvider } from "starknet";
const provider = new RpcProvider({ nodeUrl: process.env.STARKNET_RPC! });
const account = new Account(provider, process.env.ACCOUNT_ADDRESS!, process.env.PRIVATE_KEY!);
// Validate preview (debug-only): inspect __validate__ behavior with the current nonce.
const nonce = await account.getNonce();
const call = { contractAddress: process.env.TARGET!, entrypoint: "set_limit", calldata: CallData.compile({ value: 7 }) };
await provider.callContract({
contractAddress: account.address,
entrypoint: "__validate__",
calldata: CallData.compile({ calls: [call], nonce }),
});
// Execute path: real transaction that triggers __execute__ and nonce checks.
const tx = await account.execute([call]);
await provider.waitForTransaction(tx.transaction_hash);
| Code | Condition | Recovery |
|---|---|---|
AA-001 | __validate__ is too expensive or stateful | Remove heavy logic from validation; add a test that caps validation steps. |
AA-002 | __execute__ allows blocked selectors/self-calls | Enforce selector filters and self-call checks; add authorized/unauthorized regression tests. |
AA-003 | Nonce or domain mismatch causes replay risk | Normalize nonce source/hash domain; add replay and cross-domain tests. |
AA-999 | Unexpected runtime panic | Capture calldata + caller context, reproduce in unit tests, then escalate to cairo-auditor. |