What are Claude Code Skills?

Claude Code Skills are reusable prompt templates stored as markdown files in your project's .claude/skills/ directory. They let you codify best practices and common workflows into slash commands that Claude follows consistently.

How do I create a Claude Code Skill?

Create a markdown file in .claude/skills/ with instructions for Claude. The filename becomes the command name — for example, .claude/skills/code-review.md can be invoked with /code-review during a Claude Code session.

Can I share skills with my team?

Yes. Skills stored in .claude/skills/ can be committed to version control so every team member has access to the same standardized workflows. You can also organize skills into subdirectories by category.

What is the difference between project and global skills?

Project skills (.claude/skills/) are specific to the current project and are committed to git. Global skills (~/.claude/skills/) are personal skills available across all your projects.

weasel

New

25Community RegistryGeneralby slvDev · MIT

Solidity static analysis with security skills for auditing and secure development

Community PluginView Source

Overview

<h1 align="center">Weasel</h1>

Solidity static analyzer you can talk to

Ask your AI assistant to audit your contracts. Get explained results.

bash

# 1. Install weasel
curl -L https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash

# 2. Add to your AI tool:
# Claude Code (recommended - MCP + skills)
/plugin marketplace add slvDev/weasel
/plugin install weasel

# MCP only for Claude Code, Cursor, Windsurf, Codex, Gemini
weasel mcp add

Now just say weasel <command>:

"weasel analyze my contracts"

"weasel poc for this reentrancy bug"

"weasel report this finding"

"weasel explain this function"

Weasel skills activate. Your AI runs analysis, writes PoCs, formats reports, and more.

Features

•AI-Native Skills — 9 specialized skills for Claude Code (PoC writing, report formatting, gas optimization, and more)
•Blazing Fast — Parallel Rust analysis, instant MCP responses
•MCP Server — Works with Claude Code, Cursor, Windsurf, OpenAI Codex, Gemini CLI, and any MCP-compatible tool
•Extensive Detectors — Vulnerabilities, gas optimizations, and code quality checks
•Auto-Detection — Automatically configures for Foundry, Hardhat, and Truffle projects

Why Weasel?

Weasel	Other Analyzers
AI Integration	Native skills + MCP	Copy-paste output to ChatGPT
Setup	`plugin install` / `mcp add`	Manual config, scripts
Workflow	"weasel poc for this bug"	Read reports, search fixes
Context	AI knows Solidity security patterns	Context lost between tools
Speed	Parallel Rust analysis	Often single-threaded

Installation

bash

curl -L https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash

Update anytime with weaselup. Use weaselup --nightly for latest dev build.

<details> <summary>From Source</summary>

bash

git clone https://github.com/slvDev/weasel.git
cd weasel && cargo build --release

</details>

Claude Code Integration

For Claude Code users, install the Weasel plugin for intelligent skills:

bash

/plugin marketplace add slvDev/weasel
/plugin install weasel

Use weasel prefix to activate skills:

Audit:

Skill	What it does
`weasel analyze`	Security review (quick scan / manual review / full audit)
`weasel validate`	Verify if attack hypothesis is exploitable
`weasel filter`	Triage findings, filter false positives
`weasel poc`	Write exploit PoC (Foundry/Hardhat)
`weasel report`	Format findings as professional audit report
`weasel overview`	Scope project, map architecture/attack surface

Dev:

Skill	What it does
`weasel gas`	Find and implement gas optimizations
`weasel explain`	Explain code logic, patterns, and risks
`weasel simplify`	Refactor for clarity without changing behavior

Skills provide context-aware expertise — Claude knows how to analyze Solidity, write PoCs in Foundry/Hardhat, format audit reports, and more. The weasel prefix ensures skills only activate when you want them.

To update the plugin, run /plugin update weasel in Claude Code.

IDE Integration (MCP)

For Cursor, Windsurf, Codex, Gemini, or Claude Code without skills:

bash

weasel mcp add                      # auto-detect all installed IDEs
weasel mcp add --target cursor      # Cursor only
weasel mcp add --target windsurf    # Windsurf only
weasel mcp add --target claude      # Claude Code only
weasel mcp add --target codex       # OpenAI Codex only
weasel mcp add --target gemini      # Gemini CLI only

IDE	MCP Tools	Skills
Claude Code	yes	yes (via `/plugin install`)
Cursor	yes	no
Windsurf	yes	no
OpenAI Codex	yes	no
Gemini CLI	yes	no

MCP tools (weasel_analyze, weasel_finding_details, weasel_detectors) work in all IDEs. Skills (PoC writing, report formatting, etc.) are Claude Code exclusive.

What It Detects

Severity	What	Examples
High	Critical vulnerabilities	Reentrancy, unchecked calls, delegatecall risks
Medium	Security concerns	Missing access control, oracle manipulation
Low	Best practices	Unlocked pragma, zero-address checks
Gas	Optimizations	Storage reads, loop efficiency, packing
NC	Code quality	Naming, style, documentation

Run weasel detectors to see all checks, or ask your AI: _"what can weasel detect?"_

How It Works

Your AI calls Weasel via MCP, gets structured findings, and explains them to you.

MCP Command	What It Does
`weasel_analyze`	Scan contracts, get compact summary
`weasel_finding_details`	Deep dive into specific issues
`weasel_detectors`	List all available checks

Standalone Usage

No AI? Weasel works great from the terminal.

bash

weasel run                              # analyze ./src
weasel run -s ./contracts               # specify path
weasel run -e ./test -e ./mocks         # exclude paths
weasel run -m High                      # only critical
weasel run -o report.md                 # save report
weasel run -o report -f json            # JSON format
weasel run -o report -f sarif           # SARIF format (for GitHub Code Scanning)

Detectors

bash

weasel detectors                # list all
weasel detectors -s High        # filter by severity
weasel detectors -d <id>        # details for one

Configuration

Create weasel.toml with weasel init:

toml

scope = ["src", "contracts"]
exclude = ["test", "script"]
min_severity = "Low"
format = "md"
remappings = ["@openzeppelin/=lib/openzeppelin-contracts/"]
exclude_detectors = ["floating-pragma", "line-length"]

[protocol]
uses_fot_tokens = true       # Fee-on-transfer token detectors
uses_weird_erc20 = true      # Non-standard ERC20 detectors
uses_native_token = true     # Native ETH handling detectors
uses_l2 = true               # L2-specific detectors (Arbitrum, Optimism)
uses_nft = true              # NFT-related detectors

Option	Short	Default
`--scope`	`-s`	`["src"]`
`--exclude`	`-e`	`["lib", "test"]`
`--min-severity`	`-m`	`NC`
`--format`	`-f`	`md`
`--output`	`-o`	stdout
`--remappings`	`-r`	auto
`--exclude-detectors`	`-x`	none

Priority: CLI flags > config file > auto-detection

GitHub Actions

Run Weasel in your CI/CD pipeline:

yaml

- uses: slvDev/weasel@main

Example Workflow

yaml

name: Security

on: [push, pull_request]

jobs:
  weasel:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: slvDev/weasel@main
        with:
          path: ./src
          fail-on: High
          exclude: test,mocks

Nightly Builds

Use the latest development version:

yaml

- uses: slvDev/weasel@main
  with:
    version: nightly

GitHub Code Scanning

Enable inline findings in PR diffs and the Security tab:

yaml

- uses: slvDev/weasel@main
  with:
    sarif: true
    upload-sarif: true

Requires security-events: write permission.

AI-Powered Review (Experimental)

Combine Weasel with Claude, OpenAI, or Gemini for intelligent security review:

yaml

- uses: anthropics/claude-code-action@v1
  with:
    anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
    claude_args: |
      --mcp-config '{"mcpServers":{"weasel":{"command":"weasel","args":["mcp","serve"]}}}'

AI can analyze findings, filter false positives, and suggest fixes.

Ready-to-use examples in `gh-actions-examples/`:

File	Description
`weasel-basic.yml`	Basic Weasel analysis with SARIF upload
`weasel-claude.yml`	Claude filters false positives, outputs clean SARIF
`weasel-openai.yml`	OpenAI Codex filters false positives, outputs clean SARIF
`weasel-gemini.yml`	Gemini filters false positives, outputs clean SARIF
`weasel-claude-diff.yml`	Claude reviews PR diff for logic bugs
`weasel-openai-diff.yml`	OpenAI reviews PR diff for logic bugs
`weasel-gemini-diff.yml`	Gemini reviews PR diff for logic bugs

Verify Downloads

Release binaries include SHA256 checksums and build attestation:

bash

# Verify checksum
sha256sum -c checksums.txt

# Verify attestation (requires gh CLI)
gh attestation verify weasel-<target>.tar.gz --owner slvDev
# Example: gh attestation verify weasel-aarch64-apple-darwin.tar.gz --owner slvDev

Inputs

Input	Description	Default
`version`	Weasel version (`latest`, `nightly`, or specific like `0.5.0`)	`latest`
`path`	Path to analyze	`.`
`min-severity`	Minimum severity to report	`Low`
`fail-on`	Fail CI at this severity (`High`, `Medium`, `Low`, `none`)	`none`
`exclude`	Paths to exclude (comma-separated)
`config`	Path to `weasel.toml`
`sarif`	Generate SARIF output for Code Scanning	`false`
`upload-sarif`	Upload SARIF to GitHub Code Scanning	`false`

Outputs

Output	Description
`findings`	Number of issues found
`report`	Path to JSON report
`sarif-report`	Path to SARIF report (if `sarif: true`)

Project Support

Foundry — Remappings loaded in order:

Default paths (forge-std/, @openzeppelin/)
remappings.txt
foundry.toml
CLI -r flags

Hardhat / Truffle — Auto-detects config, uses node_modules/, defaults to ./contracts

FAQ

<details> <summary>AI can't find Weasel?</summary>

bash

which weasel          # should show path
weasel mcp add        # re-run setup
# restart your AI tool

</details>

<details> <summary>How do I check MCP config?</summary>

bash

cat ~/.claude.json              # Claude Code
cat ~/.cursor/mcp.json          # Cursor
cat ~/.codeium/windsurf/mcp_config.json  # Windsurf

</details>

<details> <summary>Manual MCP setup</summary>

Add to your AI tool's config:

json

{
  "mcpServers": {
    "weasel": {
      "type": "stdio",
      "command": "/path/to/weasel",
      "args": ["mcp", "serve"]
    }
  }
}

</details>

<details> <summary>How do I exclude test files?</summary>

bash

weasel run -e ./test -e ./src/mocks

</details>

<details> <summary>How do I analyze only critical issues?</summary>

bash

weasel run -m High

</details>

License

MIT — LICENSE.md

Install & Usage

Create the skills directory

mkdir -p .claude/skills

Download the skill file

mkdir -p .claude/skills && curl -o .claude/skills/weasel.md https://raw.githubusercontent.com/slvDev/weasel/main/SKILL.md

Invoke in Claude Code

/weasel

View source on GitHub

securitysolidityauditsmart-contractsstatic-analysisweb3ethereumdefi

Frequently Asked Questions

What is weasel?

Solidity static analysis with security skills for auditing and secure development

How to install weasel?

To install weasel, create the .claude/skills directory in your project, then run the curl command to download the skill file. Once installed, invoke it in Claude Code with /weasel.

What is weasel best for?

weasel is a community categorized under General. It is designed for: security, solidity, audit, smart-contracts, static-analysis, web3, ethereum, defi. Created by slvDev.