Checks whether a Solidity codebase is ready for an external security audit. Runs 6 automated checks and produces a readiness scorecard.
An auditor's time should be spent finding real vulnerabilities, not cleaning up TODOs, missing tests, and uncommented code.
Point your AI agent at a local Solidity project and say any of:
run:audit-prep- "am I ready for an audit?"
- "check audit readiness"
- "pre-audit checklist"
If no path is provided, the agent will ask for one. Works with Foundry, Hardhat, or plain Solidity projects.
| # | Check | Passes When |
|---|---|---|
| 1 | No TODOs / placeholders | 0 unfinished markers in source files |
| 2 | Test coverage | Branch coverage > 80% across all contracts |
| 3 | Test types | Unit + at least one of: fuzz, invariant, integration |
| 4 | Mock vs fork | External integrations are fork-tested, not just mocked |
| 5 | Internal review | Team has done a security review before seeking external audit |
| 6 | NatSpec & comments | Public functions documented, no uncommented assembly/unchecked |
A scorecard with PASS / WARN / FAIL per check, an overall verdict, prioritized action items, and an estimated time to fix. Optionally saved as audit-prep-report.md in the project root.
Overall verdicts:
- All PASS → Audit Ready
- 1–2 WARN, no FAIL → Nearly Ready
- Any FAIL → Not Ready — fix before engaging an auditor
audit-prep/
├── SKILL.md # Agent instructions (full workflow)
├── skill.yaml # Metadata and trigger phrases
└── references/
└── checklist-detail.md # Scoring thresholds, detection patterns, examples
Copy this folder to your agent skills directory and ensure your AI agent is configured to load skills from that location.