curl -fsSL https://raw.githubusercontent.com/forefy/.context/main/install.sh | bash- The installer will prompt for your agent harness and install location:
- Global - skills installed to
~/.claude/skills/ - Current project - skills installed to
.claude/skills/
- Global - skills installed to
- Next time you are auditing with an AI agent, the agent harness will automatically know when to read the skill files and invoke its magic
You can also use npx skills add forefy/.context but vercel's skills registry is less optimal
Security auditing skills for AI agents, adhering to the Agent Skills Format.
.context is one of the oldest efforts by security researchers to share auditing knowledge directly to your AI agent, and is built gradually over time. at the most simple form, you type "audit this contract" and end up with a multi-agent triaged AI report.
↓
↓
Skills are auto-installed to .claude/skills/ (or .agents/skills/) and invoked via textual inference when you request to audit a codebase, for example:
> Audit this codebase with the scope of @file.sol
Skills are auto-installed to .claude/skills/ and referenced by name:
@smart-contract-security-audit
Custom slash commands are auto-installed to .github/prompts/:
/generate_audit_report_generic
Comprehensive audit skills
Skills are meant to run in specific invokations and be context-budgeted as much as possible. However, skills aren't good in sharing memory, hence a single flow (at the 5,000 token cap recommendation by anthropic) can be powerful for a comprehensive AI audit experience.
smart-contract-security-audit- Full smart contract audit framework with multi-expert analysis for Solidity, Anchor, and Vyper. Includes language-specific checks and vulnerability pattern references.
infrastructure-security-audit- Infrastructure security audit framework for IaC, Docker, Kubernetes, and cloud configurations.
Workflow skills
Workflow skills are designed to be picked up naturally as you pick through a codebase in your auditing process, and fill strategically concised context into a specific task.
auditor-quiz- Quick skill to get yourself engaged with the codebase from a security auditor perspective (but also from protocol dev perspective) and test how well you memorized it by quizing yourself.
Skills follow the Agent Skills open standard - compatible with both GitHub Copilot and Claude Code.
Each skill is a directory with:
SKILL.md- Main framework and instructions- Language-specific reference files (loaded as needed for token efficiency)
reference/- Vulnerability patterns organized by language, protocol etc. Skills automatically reference these patterns during audits using progressive disclosure for token efficiency.
Audits generate numbered folders in .context/outputs/:
audit-report.md- Security findingsaudit-context.md- Scope and assumptionsaudit-debug.md- Technical analysis log
forefy |
Your research knowledge is the only skill required to contribute, whether its a methodology, specific knowledge on a protocol or language or even corrections - everything's highly welcome! help secure and improve the community!