[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-a3ceb8cb-1dba-4637-ab36-4577f21fc602":3,"$fAOtzgYiSf5DYVUk3IKzfAcWdJVzt-KIeP5K1h9Wjaqw":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"a3ceb8cb-1dba-4637-ab36-4577f21fc602","audit-context-building","支持超细粒度、逐行代码分析，在发现漏洞或错误之前构建深层架构上下文。","cat_coding_review","mod_coding","sickn33,coding","---\nname: audit-context-building\ndescription: Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.\nrisk: unknown\nsource: community\n---\n\n# Deep Context Builder Skill (Ultra-Granular Pure Context Mode)\n\n## 1. Purpose\n\nThis skill governs **how Claude thinks** during the context-building phase of an audit.\n\nWhen active, Claude will:\n- Perform **line-by-line \u002F block-by-block** code analysis by default.\n- Apply **First Principles**, **5 Whys**, and **5 Hows** at micro scale.\n- Continuously link insights → functions → modules → entire system.\n- Maintain a stable, explicit mental model that evolves with new evidence.\n- Identify invariants, assumptions, flows, and reasoning hazards.\n\nThis skill defines a structured analysis format (see Example: Function Micro-Analysis below) and runs **before** the vulnerability-hunting phase.\n\n---\n\n## When to Use\nUse when:\n- Deep comprehension is needed before bug or vulnerability discovery.\n- You want bottom-up understanding instead of high-level guessing.\n- Reducing hallucinations, contradictions, and context loss is critical.\n- Preparing for security auditing, architecture review, or threat modeling.\n\nDo **not** use for:\n- Vulnerability findings\n- Fix recommendations\n- Exploit reasoning\n- Severity\u002Fimpact rating\n\n---\n\n## 2. How This Skill Behaves\n\nWhen active, Claude will:\n- Default to **ultra-granular analysis** of each block and line.\n- Apply micro-level First Principles, 5 Whys, and 5 Hows.\n- Build and refine a persistent global mental model.\n- Update earlier assumptions when contradicted (\"Earlier I thought X; now Y.\").\n- Periodically anchor summaries to maintain stable context.\n- Avoid speculation; express uncertainty explicitly when needed.\n\nGoal: **deep, accurate understanding**, not conclusions.\n\n---\n\n## Rationalizations (Do Not Skip)\n\n| Rationalization | Why It's Wrong | Required Action |\n|-----------------|----------------|-----------------|\n| \"I get the gist\" | Gist-level understanding misses edge cases | Line-by-line analysis required |\n| \"This function is simple\" | Simple functions compose into complex bugs | Apply 5 Whys anyway |\n| \"I'll remember this invariant\" | You won't. Context degrades. | Write it down explicitly |\n| \"External call is probably fine\" | External = adversarial until proven otherwise | Jump into code or model as hostile |\n| \"I can skip this helper\" | Helpers contain assumptions that propagate | Trace the full call chain |\n| \"This is taking too long\" | Rushed context = hallucinated vulnerabilities later | Slow is fast |\n\n---\n\n## 3. Phase 1 — Initial Orientation (Bottom-Up Scan)\n\nBefore deep analysis, Claude performs a minimal mapping:\n\n1. Identify major modules\u002Ffiles\u002Fcontracts.\n2. Note obvious public\u002Fexternal entrypoints.\n3. Identify likely actors (users, owners, relayers, oracles, other contracts).\n4. Identify important storage variables, dicts, state structs, or cells.\n5. Build a preliminary structure without assuming behavior.\n\nThis establishes anchors for detailed analysis.\n\n---\n\n## 4. Phase 2 — Ultra-Granular Function Analysis (Default Mode)\n\nEvery non-trivial function receives full micro analysis.\n\n### 5.1 Per-Function Microstructure Checklist\n\nFor each function:\n\n1. **Purpose**\n   - Why the function exists and its role in the system.\n\n2. **Inputs & Assumptions**\n   - Parameters and implicit inputs (state, sender, env).\n   - Preconditions and constraints.\n\n3. **Outputs & Effects**\n   - Return values.\n   - State\u002Fstorage writes.\n   - Events\u002Fmessages.\n   - External interactions.\n\n4. **Block-by-Block \u002F Line-by-Line Analysis**\n   For each logical block:\n   - What it does.\n   - Why it appears here (ordering logic).\n   - What assumptions it relies on.\n   - What invariants it establishes or maintains.\n   - What later logic depends on it.\n\n   Apply per-block:\n   - **First Principles**\n   - **5 Whys**\n   - **5 Hows**\n\n---\n\n### 5.2 Cross-Function & External Flow Analysis\n*(Full Integration of Jump-Into-External-Code Rule)*\n\nWhen encountering calls, **continue the same micro-first analysis across boundaries.**\n\n#### Internal Calls\n- Jump into the callee immediately.\n- Perform block-by-block analysis of relevant code.\n- Track flow of data, assumptions, and invariants:\n  caller → callee → return → caller.\n- Note if callee logic behaves differently in this specific call context.\n\n#### External Calls — Two Cases\n\n**Case A — External Call to a Contract Whose Code Exists in the Codebase**\nTreat as an internal call:\n- Jump into the target contract\u002Ffunction.\n- Continue block-by-block micro-analysis.\n- Propagate invariants and assumptions seamlessly.\n- Consider edge cases based on the *actual* code, not a black-box guess.\n\n**Case B — External Call Without Available Code (True External \u002F Black Box)**\nAnalyze as adversarial:\n- Describe payload\u002Fvalue\u002Fgas or parameters sent.\n- Identify assumptions about the target.\n- Consider all outcomes:\n  - revert\n  - incorrect\u002Fstrange return values\n  - unexpected state changes\n  - misbehavior\n  - reentrancy (if applicable)\n\n#### Continuity Rule\nTreat the entire call chain as **one continuous execution flow**.\nNever reset context.\nAll invariants, assumptions, and data dependencies must propagate across calls.\n\n---\n\n### 5.3 Complete Analysis Example\n\nSee FUNCTION_MICRO_ANALYSIS_EXAMPLE.md for a complete walkthrough demonstrating:\n- Full micro-analysis of a DEX swap function\n- Application of First Principles, 5 Whys, and 5 Hows\n- Block-by-block analysis with invariants and assumptions\n- Cross-function dependency mapping\n- Risk analysis for external interactions\n\nThis example demonstrates the level of depth and structure required for all analyzed functions.\n\n---\n\n### 5.4 Output Requirements\n\nWhen performing ultra-granular analysis, Claude MUST structure output following the format defined in OUTPUT_REQUIREMENTS.md.\n\nKey requirements:\n- **Purpose** (2-3 sentences minimum)\n- **Inputs & Assumptions** (all parameters, preconditions, trust assumptions)\n- **Outputs & Effects** (returns, state writes, external calls, events, postconditions)\n- **Block-by-Block Analysis** (What, Why here, Assumptions, First Principles\u002F5 Whys\u002F5 Hows)\n- **Cross-Function Dependencies** (internal calls, external calls with risk analysis, shared state)\n\nQuality thresholds:\n- Minimum 3 invariants per function\n- Minimum 5 assumptions documented\n- Minimum 3 risk considerations for external interactions\n- At least 1 First Principles application\n- At least 3 combined 5 Whys\u002F5 Hows applications\n\n---\n\n### 5.5 Completeness Checklist\n\nBefore concluding micro-analysis of a function, verify against the COMPLETENESS_CHECKLIST.md:\n\n- **Structural Completeness**: All required sections present (Purpose, Inputs, Outputs, Block-by-Block, Dependencies)\n- **Content Depth**: Minimum thresholds met (invariants, assumptions, risk analysis, First Principles)\n- **Continuity & Integration**: Cross-references, propagated assumptions, invariant couplings\n- **Anti-Hallucination**: Line number citations, no vague statements, evidence-based claims\n\nAnalysis is complete when all checklist items are satisfied and no unresolved \"unclear\" items remain.\n\n---\n\n## 5. Phase 3 — Global System Understanding\n\nAfter sufficient micro-analysis:\n\n1. **State & Invariant Reconstruction**\n   - Map reads\u002Fwrites of each state variable.\n   - Derive multi-function and multi-module invariants.\n\n2. **Workflow Reconstruction**\n   - Identify end-to-end flows (deposit, withdraw, lifecycle, upgrades).\n   - Track how state transforms across these flows.\n   - Record assumptions that persist across steps.\n\n3. **Trust Boundary Mapping**\n   - Actor → entrypoint → behavior.\n   - Identify untrusted input paths.\n   - Privilege changes and implicit role expectations.\n\n4. **Complexity & Fragility Clustering**\n   - Functions with many assumptions.\n   - High branching logic.\n   - Multi-step dependencies.\n   - Coupled state changes across modules.\n\nThese clusters help guide the vulnerability-hunting phase.\n\n---\n\n## 6. Stability & Consistency Rules\n*(Anti-Hallucination, Anti-Contradiction)*\n\nClaude must:\n\n- **Never reshape evidence to fit earlier assumptions.**\n  When contradicted:\n  - Update the model.\n  - State the correction explicitly.\n\n- **Periodically anchor key facts**\n  Summarize core:\n  - invariants\n  - state relationships\n  - actor roles\n  - workflows\n\n- **Avoid vague guesses**\n  Use:\n  - \"Unclear; need to inspect X.\"\n  instead of:\n  - \"It probably…\"\n\n- **Cross-reference constantly**\n  Connect new insights to previous state, flows, and invariants to maintain global coherence.\n\n---\n\n## 7. Subagent Usage\n\nClaude may spawn subagents for:\n- Dense or complex functions.\n- Long data-flow or control-flow chains.\n- Cryptographic \u002F mathematical logic.\n- Complex state machines.\n- Multi-module workflow reconstruction.\n\nUse the **`function-analyzer`** agent for per-function deep analysis.\nIt follows the full microstructure checklist, cross-function flow\nrules, and quality thresholds defined in this skill, and enforces\nthe pure-context-building constraint.\n\nSubagents must:\n- Follow the same micro-first rules.\n- Return summaries that Claude integrates into its global model.\n\n---\n\n## 8. Relationship to Other Phases\n\nThis skill runs **before**:\n- Vulnerability discovery\n- Classification \u002F triage\n- Report writing\n- Impact modeling\n- Exploit reasoning\n\nIt exists solely to build:\n- Deep understanding\n- Stable context\n- System-level clarity\n\n---\n\n## 9. Non-Goals\n\nWhile active, Claude should NOT:\n- Identify vulnerabilities\n- Propose fixes\n- Generate proofs-of-concept\n- Model exploits\n- Assign severity or impact\n\nThis is **pure context building** only.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,70,1170,"2026-05-16 13:04:24",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"bf2f52be-98cb-4cf4-be70-f1ddb0b4d708","1.0.0","audit-context-building.zip",4383,"uploads\u002Fskills\u002Fa3ceb8cb-1dba-4637-ab36-4577f21fc602\u002Faudit-context-building.zip","ebadb362d10f47e73ed257054510a7414f2d4794fefcb76abad8ee0b9bd69c9a","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":10016}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]