Smart Contract Audit

The skill's requested actions, files, and runtime instructions are coherent with a smart-contract auditing workflow; nothing requested is disproportionate to that purpose, but you should inspect/install scripts and run audits in an isolated environment before use.

This skill appears coherent for smart-contract audits, but take these precautions before running it: - Inspect scripts/install-tools.sh and the run-* scripts to confirm they only call trusted package managers (pip/cargo/npm) or official project releases and do not curl/execute unknown binaries or contact untrusted endpoints. - Run the skill in an isolated/sandboxed environment (container or VM) because it compiles code, installs tooling, clones repos, and may run tests that execute arbitrary code from the target repository. - Do not provide private RPC endpoints, API keys, or other secrets to the skill; Foundry coverage or forked tests may request an RPC but you should supply a read-only/public endpoint or none at all. - Expect the skill to perform network access (git clone, package installs, web searches). If your policy restricts outbound network access, block or review those steps. - Review any generated PoC test code before executing it on a live network; PoCs may attempt state-changing transactions if run outside a test/fork environment. If you want extra assurance, paste the contents of scripts/install-tools.sh and scripts/run-*.sh here and I can inspect them for suspicious downloads or commands before you run the skill.