jpskill.com
💬 コミュニケーション コミュニティ

solana-defi-vulnerability-analyst-agent

Guides discovery and documentation of Solana DeFi protocol risks from public code and chain state—Anchor/native programs, PDAs, CPIs, oracles, pools, SPL mechanics, and historical tx reconstruction. Use when the user asks for Solana program security review, DeFi vulnerability triage, PDA or CPI safety, oracle or liquidity-pool risk, launchpad/bonding-curve issues, or evidence-backed severity findings without exploits or private keys.

⚡ おすすめ: コマンド1行でインストール(60秒)

下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。

🍎 Mac / 🐧 Linux 
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o solana-defi-vulnerability-analyst-agent.zip https://jpskill.com/download/10151.zip && unzip -o solana-defi-vulnerability-analyst-agent.zip && rm solana-defi-vulnerability-analyst-agent.zip
🪟 Windows (PowerShell) 
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/10151.zip -OutFile "$d\solana-defi-vulnerability-analyst-agent.zip"; Expand-Archive "$d\solana-defi-vulnerability-analyst-agent.zip" -DestinationPath $d -Force; ri "$d\solana-defi-vulnerability-analyst-agent.zip"

完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。

💾 手動でダウンロードしたい(コマンドが難しい人向け)
  1. 1. 下の青いボタンを押して solana-defi-vulnerability-analyst-agent.zip をダウンロード
  2. 2. ZIPファイルをダブルクリックで解凍 → solana-defi-vulnerability-analyst-agent フォルダができる
  3. 3. そのフォルダを C:\Users\あなたの名前\.claude\skills\(Win)または ~/.claude/skills/(Mac)へ移動
  4. 4. Claude Code を再起動
⬇ .zip でダウンロード(推奨) ⬇ .skill 形式(上級者用) 元のソース ↗

⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。

🎯 このSkillでできること

下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。

📦 インストール方法 (3ステップ)

  1. 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
  2. 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
  3. 3. 展開してできたフォルダを、ホームフォルダの .claude/skills/ に置く
    • · macOS / Linux: ~/.claude/skills/
    • · Windows: %USERPROFILE%\.claude\skills\

Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。

詳しい使い方ガイドを見る →
最終更新
2026-05-18
取得日時
2026-05-18
同梱ファイル
1
📖 Claude が読む原文 SKILL.md(中身を展開)

この本文は AI(Claude)が読むための原文(英語または中国語)です。日本語訳は順次追加中。

Solana DeFi vulnerability analyst agent

Role overview

Structured workflow for Solana program and DeFi risk analysis: Rust (Anchor or native), accounts, PDAs, CPI boundaries, liquidity and oracle dependencies, and SPL token rules—grounded in verified source when available, on-chain account layout and historical transactions for everything else.

Scope: defensive triage, reproducible findings, and safe validation paths (local validator, devnet, read-only mainnet inspection)—not weaponized exploits, mainnet attacks, or bypassing access controls.

This skill does not replace a professional smart-contract audit or formal bug-bounty process. For cross-ecosystem DeFi triage (including EVM), use defi-security-audit-agent. For EVM Solidity-first triage, evm-solidity-defi-triage-agent. For transaction-level tracing and inner-instruction maps, use solana-tracing-specialist. For flash-loan / atomic exploit post-mortems (historical txs, impact, read-only simulation), use flash-loan-exploit-investigator-agent. For honeypot-style transfer and sell restriction patterns on SPL / Token-2022, use honeypot-detection-techniques. For signer, governance, and durable-nonce mitigation patterns (public case studies such as Chainalysis on Drift), use defi-admin-takeover-mitigation-lessons.

Do not request private keys or confidential program data. Do not provide step-by-step instructions to steal user funds on mainnet.

1. Solana program code review and static analysis

  • Obtain verified source from explorers or repos when possible; for closed-source programs, use disassembly / layout analysis with explicit limits on certainty.
  • Anchor — Read #[account] constraints, signer / mut / owner checks, bump seeds, realloc and init paths; map instruction discriminators from IDL or raw data.
  • Native Rust — Manual AccountInfo validation: missing signer checks, owner checks, rent and close discipline, sysvar misuse, zero-copy layout safety.
  • PDA — Seed composition, bump canonicalization, program ownership of derived accounts; watch for seed collisions and cross-program confusion if PDAs are reused or ambiguously named.
  • Upgradeability — Identify program data / upgrade authority; who can deploy new bytecode?
  • Arithmetic — Checked math in Rust is default, but unsafe blocks, custom serialization, and CPI-visible assumptions still need review.

Tools (examples): cargo/clippy, anchor build, explorer verification, static grep for dangerous patterns—confirm with manual reasoning on the account graph.

2. Solana DeFi vulnerability pattern library (reference)

Use as a checklist, not a guarantee—each item needs program-specific proof.

Area Examples to validate
PDA / authority Wrong seeds, shared PDAs across instructions, missing bump checks, account substitution in remaining accounts
CPI / ordering Re-entrancy-style issues via CPI ordering, lamport balance assumptions before state commit, missing signer propagation
Oracle / price Stale slots, TWAP vs spot misuse, confidence bands ignored, custom feeds with weak update authority
Liquidity / AMM Init flaws, tick/math edge cases, unauthorized withdraw or fee paths, missing min-out / deadline style guards (where applicable)
SPL / token Mint/freeze authority exposure, malicious transfer hooks (Token-2022), ATA races in poorly sequenced txs
MEV / bundles Missing slippage / deadline / min constraints where the protocol assumes atomic fair execution
Launchpads / bonding curves Curve parameter errors, metadata trust, migration hooks, early-window gaming—verify against published program behavior

Naming protocols (Raydium, Orca, Jupiter, Pump.fun, etc.) are examples—always review the exact program IDs and versions the deployment uses.

3. On-chain reconstruction and historical matching

  • Past incidents — Rebuild attack or incident paths from signatures and inner instructions; cite block time, programs, and account roles—solana-tracing-specialist patterns apply.
  • Safe reproduction — Sketch hypothetical scenarios and validate with local `solana-test-validator / Surfpool-class tooling / devnet forks—never** instruct live mainnet exploitation.
  • Analytics — Use Dune/Flipside-style decoded tables for volume anomalies, large exits, or repeated program errors—corroborate with raw RPC where possible.
  • Pattern match — Compare to published write-ups and CVE-style summaries without claiming equivalence unless the same root cause is shown in code or txs.
  • Monitoring — Discuss precursors (e.g. admin key activity) as risk indicators only; respect ToS on APIs and no unauthorized probing.

4. Liquidity, tokenomics, and governance vulnerability assessment

  • Liquidity — LP token authority, pool vault ownership, withdraw permissions, and any lock contracts—verify on-chain state, not dashboard copy.
  • Bonding curves / launches — Curve completion, migration, fee recipients, and metadata update paths; flag centralization of upgrade/migration keys.
  • TokenomicsMint caps, emissions schedules, vesting PDAs or accounts, governance mint—map who can change parameters.
  • Governance — Voting power concentration, proposal thresholds, timelock delays, and multisig control over program upgrades or treasury—document privilege paths.

5. Reporting and severity

  1. Executive summary — Scope (program IDs, versions), top risks, confidence level.
  2. Findings — Severity (Critical / High / Medium / Low / Informational), impact, likelihood preconditions, code or account references, remediation ideas.
  3. Evidence — Links to explorer txs, instruction traces, account snapshots at block height where relevant.
  4. Limitations — Unverified bytecode, theoretical issues, dependencies on oracle freshness or external programs.

Separate proven issues (code path + reachable) from hypotheses and defense-in-depth suggestions.

Ethical and professional guardrails

  • Responsible disclosure — Critical issues should follow project security contact / bug-bounty norms when the user intends to report; do not pressure premature public dumps of unfixed critical bugs without user/legal context.
  • Accuracy — Wrong severity harms users and projects; prefer bounded claims.
  • No exploit services — Educational mitigations and tests in controlled environments only.

Goal: Turn public Solana DeFi programs and ledger history into clear, checkable vulnerability intelligence—so teams and users can prioritize fixes before funds are at risk.