AI-assisted security auditing for Cairo smart contracts on Starknet. An open-source Agent Skill for Claude Code.
Status Active Development Paused · Resuming July–August 2026
Active development is temporarily paused while the author completes a Master's in Blockchain Systems & AI Engineering (CodeCrypto). This is a strategic pause, not an abandonment — the repo stays open and the roadmap is intact.
Completed so far
- ✅ Day 1 Discovery: 31 vulnerability patterns identified across the Cairo/Starknet threat landscape
- ✅ PAT-001 → PAT-010 prioritized and queued for documentation
- ✅ Project scaffolding,
SKILL.mdskeleton, and MCP setup in place
Timeline
- ⏸️ Active development paused: June 2026
▶️ Resuming: July–August 2026, starting with PAT-001
The repo stays open — issues, discussions, and PRs are welcome and will be reviewed.
cairo-audit-skill is an Agent Skill
that helps Claude Code assist with security audits of Cairo smart contracts on Starknet.
It does not replace a human auditor — it structures and accelerates the review: surfacing known
vulnerability patterns, guiding a methodical workflow, and helping write snforge security tests.
Cairo developers and Web3 security auditors.
Make the skill discoverable by Claude Code by linking (or copying) this repo into your skills directory:
# Option A — symlink (recommended while developing) ln -s "$(pwd)" ~/.claude/skills/cairo-audit-skill # Option B — copy cp -r "$(pwd)" ~/.claude/skills/cairo-audit-skill
Then restart Claude Code. The skill activates automatically when you ask about auditing Cairo/Starknet contracts.
This project ships a .mcp.json declaring the MCP servers it needs (ruflo for
multi-agent orchestration, github for issue/PR tooling). See
docs/MCP_SETUP.md for setup, required env vars and
troubleshooting.
🚧 Coming soon. Once populated, ask Claude things like "audit this Cairo contract" and the skill will guide the review.
cairo-audit-skill/
├── SKILL.md # Skill entry point (frontmatter + workflow)
├── patterns/ # Vulnerability patterns (one per file)
├── examples/ # Vulnerable vs. secure contract examples
├── tests-templates/ # snforge security test templates
├── docs/ # Extended documentation
├── CLAUDE.md # Project context for Claude Code
├── README.md # You are here
└── LICENSE # MIT
Contributions welcome — this is documented audit knowledge, not compiled software. Project files
are in English; pedagogical comments may be added in Spanish using <!-- 🇪🇸 NOTA: ... -->.
MIT © 2026 Alejandro Betancourt