ReddRadar
Topic: security-audit
144 skills in this topic.
-
move-safety-core-directives
Lightweight core directives for Sui Move always-required skills — injected into every breadth agent. Full methodology lives in the dedicated Move-Safety Agent.
PlamenTSV/plamen 215
-
object-ownership
Trigger Pattern Always required for Sui Move audits -- object lifecycle and ownership model - Inject Into Breadth agents, depth-state-trace, depth-token-flow
PlamenTSV/plamen 215
-
oracle-analysis
Trigger Pattern ORACLE flag (required) - Inject Into Breadth agents, depth-external, depth-edge-case
PlamenTSV/plamen 215
-
package-version-safety
Trigger Pattern PACKAGE_UPGRADE flag (UpgradeCap detected, multiple package versions, upgrade policy references) - Inject Into Breadth agents, depth-external
PlamenTSV/plamen 215
-
ptb-composability
Trigger Pattern PTB flag (always for Sui -- Programmable Transaction Blocks are the Sui transaction model) - Inject Into Breadth agents, depth-external, depth-state-trace
PlamenTSV/plamen 215
-
semi-trusted-roles
Trigger Pattern SEMI_TRUSTED_ROLE flag (required) - Inject Into Breadth agents, depth-state-trace
PlamenTSV/plamen 215
-
share-allocation-fairness
Trigger Pattern SHARE_ALLOCATION flag detected in pattern scan - Inject Into Breadth agents, depth-edge-case
PlamenTSV/plamen 215
-
temporal-parameter-staleness
Trigger Pattern TEMPORAL flag (required) - Inject Into Breadth agents, depth-state-trace
PlamenTSV/plamen 215
-
token-flow-tracing
Trigger Pattern BALANCE_DEPENDENT flag (required) - Inject Into Depth-token-flow, breadth agents
PlamenTSV/plamen 215
-
type-safety
Trigger Pattern Always (Sui Move) -- generic type exploitation - Inject Into Breadth agents, depth-state-trace
PlamenTSV/plamen 215
-
verification-protocol
Trigger Pattern Always (used by all verifier agents) - Inject Into security-verifier agents (Phase 5)
PlamenTSV/plamen 215
-
zero-state-return
Trigger Vault/first-depositor pattern detected - Inject Into Depth-edge-case agent (extends existing ZERO_STATE_ECONOMICS)
PlamenTSV/plamen 215
-
compound
Document what you learned during this sprint. Reads artifacts, writes structured solutions to know-how/solutions/. Run after /ship or after fixing a significant bug. Triggers on /compound.
garagon/nanostack 173
-
conductor
Orchestrate parallel agent sessions through a sprint. Coordinates task claiming, dependency resolution, and artifact handoff between independent agents. Triggers on /conductor, /sprint, /parallel.
garagon/nanostack 173
-
feature
Add a feature to an existing project with a full sprint. Skips /think diagnostic, goes straight to planning. Use when the user knows what they want and the project already exists. Triggers on /feature.
garagon/nanostack 173
-
guard
Use when working near production, sensitive systems, or destructive operations. Activates on-demand safety hooks that block dangerous commands. Supports modes — careful (warn), freeze (block writes outside scope), unfreeze (remove restrictions). Triggers on /guard, /careful, /freeze, /unfreeze.
garagon/nanostack 173
-
nano-help
Quick reference for all nanostack commands. Shows available skills, what each one does, and how to use them. Triggers on /nano-help.
garagon/nanostack 173
-
nano
Use when starting non-trivial work (touching 3+ files, new features, refactors, bug investigations). Produces a scoped, actionable implementation plan before any code is written. Triggers on /nano.
garagon/nanostack 173
-
qa
Use to verify that code works correctly — browser-based testing with Playwright, native app testing with computer use, CLI testing, API testing, or root-cause debugging. Supports --quick, --standard, --thorough modes. Triggers on /qa.
garagon/nanostack 173
-
review
Use after writing code to get a thorough code review. Runs two passes — structural correctness then adversarial edge-case hunting. Scales depth by diff size. Supports --quick, --standard, --thorough modes. Triggers on /review.
garagon/nanostack 173
-
security
Use before shipping to production. Performs OWASP Top 10 audit and STRIDE threat modeling against the codebase. Supports --quick, --standard, --thorough modes. Also use when the user asks to check security, audit code, or review for vulnerabilities. Triggers on /security.
garagon/nanostack 173
-
ship
Use when code is ready to ship — creates PRs, merges, deploys, and verifies. Handles the full PR-to-production pipeline. Triggers on /ship.
garagon/nanostack 173
-
nano-run
First-time setup and guided sprint. Configures stack, permissions, and work preferences conversationally. Run once after installing nanostack. Triggers on /nano-run.
garagon/nanostack 173
-
think
Use before planning when you need strategic clarity — product discovery, scope decisions, premise validation. Applies YC-grade product thinking to challenge assumptions and find the narrowest valuable wedge. Supports --autopilot to run the full sprint automatically after approval. Triggers on /think, /office-hours, /ceo-review.
garagon/nanostack 173