Audit Verification Pipeline
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill describes a Solidity audit verification workflow; its local test commands and GitHub CI example are disclosed and aligned with that purpose.
This skill appears safe for its stated audit-verification purpose. Before using it, make sure Foundry is intentionally installed, run tests only in the correct repository, and review any GitHub Actions workflow before committing it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the workflow may execute project build/test logic in the local repository.
The skill directs the agent/user to run local Foundry build and test commands. This is expected for Solidity audit verification, but it is still local command execution in the project environment.
forge build → fix compilation errors ... forge test → check result
Run it only in the intended audit repository, review generated PoC/test files before committing, and use an isolated development environment for untrusted projects.
If added to a repository, GitHub CI will execute these external actions when the workflow runs.
The CI example relies on third-party GitHub Actions referenced by version tags. This is common and purpose-aligned, but it introduces normal CI supply-chain considerations.
uses: actions/checkout@v4
- uses: foundry-rs/foundry-toolchain@v1Review the workflow before use, consider pinning actions to trusted versions or commit SHAs for sensitive repositories, and keep CI permissions minimal.