Technical & DevelopmentIntermediate

entry-point-analyzer

Identify state-changing entry points in smart contracts

Developer Setup

Setup & Installation

bash

npx skills add https://github.com/trailofbits/skills --skill entry-point-analyzer

npx skills add https://github.com/trailofbits/skills --skill entry-point-analyzer

Or paste this URL into your assistant to install:

https://github.com/trailofbits/skills/tree/main/plugins/entry-point-analyzer View on GitHub

Overview

What This Skill Does

Analyzes smart contract codebases to map all state-changing entry points for security audits. Detects externally callable functions across Solidity, Vyper, Solana/Rust, Move, TON, and CosmWasm, then categorizes them by access level: public, admin, role-restricted, or contract-only. Excludes view and pure functions to keep focus on functions that can actually modify state.

Application

When to use this Skill

Configuring integration settings for custom agent workflows.
Optimizing query execution and response latency in production.
Developing clean, standard-compliant implementations for enterprise services.
Troubleshooting connection timeouts and authentication handshakes.
Monitoring API rate limits and execution pipelines programmatically.

Documentation

Show Skills.md file

Entry Point Analyzer

A Claude skill for systematically identifying state-changing entry points in smart contract codebases to guide security audits.

Purpose

When auditing smart contracts, examining each file or function individually is inefficient. What auditors need is to start from entry points—the externally callable functions that represent the attack surface. This skill automates the identification and classification of state-changing entry points, excluding view/pure/read-only functions that cannot directly cause loss of funds or state corruption.

Supported Languages

Language	File Extensions	Framework Support
Solidity	`.sol`	OpenZeppelin, custom modifiers
Vyper	`.vy`	Native patterns
Solana	`.rs`	Anchor, Native
Move	`.move`	Aptos, Sui
TON	`.fc`, `.func`, `.tact`	FunC, Tact
CosmWasm	`.rs`	cw-ownable, cw-controllers

Access Classifications

The skill categorizes entry points into four levels:

Public (Unrestricted) — Callable by anyone; highest audit priority
Role-Restricted — Limited to specific roles (admin, governance, guardian, etc.)

Lines 1 - 25 of 74

Recommendations

Explore other random skills

TechnicalIntermediate

venice-billing

Balance, usage, and billing analytics endpoints

TechnicalIntermediate

venice-x402

Wallet credits and x402 payments on Base

TechnicalIntermediate

venice-api-keys

API key CRUD, rate limits, and Web3 keys

All skills My patterns