{"skill":{"slug":"atlas-vuln-scanner","displayName":"Atlas Smart Contract Vulnerability Pattern Scanner","summary":"Scan Solidity repositories for Atlas smart-contract vulnerability patterns and generate triage-ready security reports.","description":"---\nname: atlas-vuln-scanner\ndescription: Scan Solidity repositories for Atlas smart-contract vulnerability patterns and generate triage-ready security reports.\nversion: 0.1.0\ncategory: security\ntags:\n  - solidity\n  - smart-contracts\n  - defi\n  - security\n  - bug-bounty\nmetadata:\n  openclaw:\n    emoji: \"🛡️\"\n    os:\n      - linux\n      - macos\n    requires:\n      bins:\n        - python3\n    install: \"No install required beyond Python 3; run scripts/atlas_vuln_scanner.py locally.\"\n    homepage: \"https://atlasagentsuite.com\"\n---\n\n# Atlas Smart Contract Vulnerability Pattern Scanner\n\nAtlas Vuln Scanner is an OpenClaw/Hermes-ready security skill that turns a Solidity repository into a structured first-pass vulnerability triage report.\n\nIt is designed for:\n- Solo auditors and bounty hunters doing first-pass repo review\n- DeFi teams preparing for audit or launch\n- Agent builders who want a reusable smart-contract review workflow\n\n## Value proposition\n\nRun an Atlas-pattern scan against a Solidity repo and get:\n- File/line-linked vulnerability flags\n- Confidence labels: High / Medium / Low\n- Pattern categories: reentrancy, oracle risk, access control, unchecked calls, accounting drift, pause gaps, initialization issues, unsafe casts, gas griefing\n- Founder-readable executive summary\n- Bounty-style finding candidate template\n\n## Important guardrail\n\nThis is a **heuristic triage skill**, not a full audit and not a guaranteed vulnerability detector.\n\nEvery output must distinguish:\n- **Static heuristic flag** — pattern matched, manual validation required\n- **Finding candidate** — evidence is strong enough for deeper review\n- **Verified finding** — only after a human or PoC confirms exploitability\n\nDo not submit findings, send protocol messages, publish exploit details, or claim verified severity without explicit human approval.\n\n## Quick start\n\n```bash\npython3 scripts/atlas_vuln_scanner.py --target /path/to/solidity/repo --output ./scan-results\n```\n\nRun bundled demo:\n\n```bash\npython3 scripts/atlas_vuln_scanner.py --target demo/contracts --output demo/results\n```\n\nOutputs:\n- `scan-report.md` — full pattern scan report\n- `finding-candidates.md` — prioritized candidate writeups\n- `exec-summary.md` — protocol-founder readable summary\n- `scanner-log.json` — machine-readable raw results\n\n## Agent workflow\n\nWhen using this skill as an agent:\n\n1. Ask for a local path or public GitHub repo URL.\n2. Clone/fetch repo if needed.\n3. Run the scanner script against Solidity files.\n4. Read `scanner-log.json` and `scan-report.md`.\n5. Reduce noise: remove obvious mocks/tests/interfaces unless user asked to include them.\n6. Write top 3–5 finding candidates with confidence labels.\n7. Tell the user what requires manual validation before disclosure.\n\n## Suggested prompt\n\n```text\nUse atlas-vuln-scanner on this Solidity repo: <repo/path>. Produce a concise triage report, top candidate findings, and founder-facing summary. Do not submit or disclose anything externally.\n```\n\n## ClawHub licensing / monetization note\n\nPublic ClawHub docs currently describe ClawHub as a free/open skill registry, not a paid marketplace. Published ClawHub skills are MIT-0 and ClawHub does **not** support native paid skills, per-skill pricing, paywalls, revenue sharing, seller onboarding, Stripe, payouts, or KYC.\n\nRecommended monetization path:\n- Publish this skill as a free defensive triage tool on ClawHub for discovery.\n- Keep proprietary premium pattern packs, paid report templates, and private/pro scanner workflows external to ClawHub.\n- Use the CTA to route interested users to Atlas for the paid Atlas Security Skill Pack, robust scans, and audit prep.\n\nCTA:\n> This free ClawHub skill is the elementary Atlas scanner. For deeper DeFi pattern coverage, polished audit-prep reports, and paid validation workflows, get the Atlas Security Skill Pack at https://atlasagentsuite.com.\n\n## Source/caveat notes\n\nPattern selection is based on Atlas/OpenClaw bounty and audit workflow knowledge plus common DeFi bug classes. Scanner output should be treated as a prioritization layer for human review, not final proof.\n","tags":{"latest":"0.1.0","security":"0.1.0","smart-contracts":"0.1.0"},"stats":{"comments":0,"downloads":360,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777732826404,"updatedAt":1778492830283},"latestVersion":{"version":"0.1.0","createdAt":1777732826404,"changelog":"Initial release","license":"MIT-0"},"metadata":{"setup":[],"os":["linux","macos"],"systems":null},"owner":{"handle":"n8gendegen","userId":"s178kk8n3h54fa7qzx3gsf72md85y3vm","displayName":"n8gendegen","image":"https://avatars.githubusercontent.com/u/264058056?v=4"},"moderation":null}