# Send Solidity Guardian to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "solidity-guardian",
    "name": "Solidity Guardian",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/aviclaw/solidity-guardian",
    "canonicalUrl": "https://clawhub.ai/aviclaw/solidity-guardian",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/solidity-guardian",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=solidity-guardian",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "BEST_PRACTICES.md",
      "SKILL.md",
      "analyzer.js",
      "package.json",
      "slither-integration.js"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "solidity-guardian",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T17:28:45.069Z",
      "expiresAt": "2026-05-06T17:28:45.069Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=solidity-guardian",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=solidity-guardian",
        "contentDisposition": "attachment; filename=\"solidity-guardian-1.0.3.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "solidity-guardian"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/solidity-guardian"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/solidity-guardian",
    "downloadUrl": "https://openagent3.xyz/downloads/solidity-guardian",
    "agentUrl": "https://openagent3.xyz/skills/solidity-guardian/agent",
    "manifestUrl": "https://openagent3.xyz/skills/solidity-guardian/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/solidity-guardian/agent.md"
  }
}
```
## Documentation

### Solidity Guardian 🛡️

Security analysis for Solidity smart contracts. Find vulnerabilities, get fix suggestions, follow best practices.

### Quick Start

# Analyze a single contract
node skills/solidity-guardian/analyze.js contracts/MyContract.sol

# Analyze entire project
node skills/solidity-guardian/analyze.js ./contracts/

# Generate markdown report
node skills/solidity-guardian/analyze.js ./contracts/ --format markdown > AUDIT.md

### Critical (Must Fix)

IDVulnerabilityDescriptionSG-001ReentrancyExternal calls before state updatesSG-002Unprotected selfdestructMissing access control on selfdestructSG-003Delegatecall to untrustedDelegatecall with user-controlled addressSG-004Uninitialized storage pointerStorage pointer overwrites slotsSG-005Signature replayecrecover without nonce/chainIdSG-006Arbitrary jumpFunction type from user input

### High (Should Fix)

IDVulnerabilityDescriptionSG-010Missing access controlPublic functions that should be restrictedSG-011Unchecked transferERC20 transfer without return checkSG-012Integer overflowArithmetic without SafeMath (pre-0.8)SG-013tx.origin authUsing tx.origin for authenticationSG-014Weak randomnessblock.timestamp/blockhash for randomnessSG-015Unprotected withdrawalWithdrawal without ownership checkSG-016Unchecked low-level call.call() without success checkSG-017Dangerous equalityStrict balance check (manipulable)SG-018Deprecated functionssuicide, sha3, throw, callcodeSG-019Wrong constructorFunction name matches contract

### Medium (Consider Fixing)

IDVulnerabilityDescriptionSG-020Floating pragmaNon-pinned Solidity versionSG-021Missing zero checkNo validation for zero addressSG-022Timestamp dependenceLogic depends on block.timestampSG-023DoS with revertLoop with external call can revertSG-024Front-running riskPredictable state changes

### Low (Best Practice)

IDVulnerabilityDescriptionSG-030Missing eventsState changes without eventsSG-031Magic numbersHardcoded values without constantsSG-032Implicit visibilityFunctions without explicit visibilitySG-033Large contractContract exceeds size recommendationsSG-034Missing NatSpecPublic functions without documentation

### Basic Analysis

const { analyzeContract } = require('./analyzer');

const results = await analyzeContract('contracts/Token.sol');
console.log(results.findings);

### With Fix Suggestions

const results = await analyzeContract('contracts/Vault.sol', {
  includeFixes: true,
  severity: ['critical', 'high']
});

for (const finding of results.findings) {
  console.log(\`[${finding.severity}] ${finding.title}\`);
  console.log(\`  Line ${finding.line}: ${finding.description}\`);
  console.log(\`  Fix: ${finding.suggestion}\`);
}

### Generate Report

const { generateReport } = require('./reporter');

const report = await generateReport('./contracts/', {
  format: 'markdown',
  includeGas: true,
  includeBestPractices: true
});

fs.writeFileSync('SECURITY_AUDIT.md', report);

### Best Practices Checklist

When writing secure contracts, follow these guidelines:

### Access Control

Use OpenZeppelin's Ownable or AccessControl
 Apply onlyOwner or role checks to sensitive functions
 Implement two-step ownership transfer
 Consider timelocks for critical operations

### Reentrancy Prevention

Use ReentrancyGuard on all external-facing functions
 Follow checks-effects-interactions pattern
 Update state BEFORE external calls
 Use pull over push for payments

### Input Validation

Validate all external inputs
 Check for zero addresses
 Validate array lengths match
 Use SafeERC20 for token transfers

### Arithmetic Safety

Use Solidity 0.8+ or SafeMath
 Check for division by zero
 Validate percentage calculations (≤100)
 Be careful with token decimals

### Upgradeability (if applicable)

Use initializer instead of constructor
 Protect initialize from re-initialization
 Follow storage layout rules
 Test upgrade paths

### Slither Integration

Guardian can run alongside Slither for comprehensive analysis:

# Combined analysis (auto-installs Slither if missing)
node skills/solidity-guardian/slither-integration.js ./contracts/ --install-slither

# Generate combined report
node skills/solidity-guardian/slither-integration.js . --format markdown --output AUDIT.md

# Guardian only (faster, no Slither dependency)
node skills/solidity-guardian/slither-integration.js ./contracts/ --guardian-only

# Slither only
node skills/solidity-guardian/slither-integration.js ./contracts/ --slither-only

Why both?

Guardian: Fast pattern matching, custom rules, no compilation needed
Slither: Deep dataflow analysis, CFG-based detection, more comprehensive

### Hardhat

// hardhat.config.js
require('./skills/solidity-guardian/hardhat-plugin');

// Run: npx hardhat guardian

### Foundry

# Add to CI
forge build
node skills/solidity-guardian/analyze.js ./src/

### References

Trail of Bits - Building Secure Contracts
OpenZeppelin - Security Best Practices
Consensys - Smart Contract Best Practices
SWC Registry

Built by Avi 🔐 | Security-first, ship always.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: aviclaw
- Version: 1.0.3
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T17:28:45.069Z
- Expires at: 2026-05-06T17:28:45.069Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/solidity-guardian)
- [Send to Agent page](https://openagent3.xyz/skills/solidity-guardian/agent)
- [JSON manifest](https://openagent3.xyz/skills/solidity-guardian/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/solidity-guardian/agent.md)
- [Download page](https://openagent3.xyz/downloads/solidity-guardian)