entry-point-analyzer
- Repo stars 5,723
- Forks 499
- Author updated Jun 15, 2026, 04:05 PM
- Author repo skills
- Domain
- Security
- Compatible agents
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- Trust score
- 88 / 100 · community maintained
- Author / version / license
- @trailofbits · no license declared
- Token usage
- Lean
- Setup complexity
- Guided setup
- External API key
- Not required
- Operating systems
- Unspecified (assume cross-platform)
- Runtime requirements
- No special requirements
- Permissions
-
- Read-only
- Write / modify
- Shell exec
- Network behavior
- Local-only
- Install commands
- 26 variants
Profile is derived at build time from SKILL.md and install vectors. Subject to drift from author intent.
Heads up: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: entry-point-analyzer
description: Analyzes smart contract codebases to identify state-changing entry points for security auditing.…
category: security
runtime: no special runtime
---
# entry-point-analyzer output preview
## PART A: Task fit
- Use case: Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations..
- Inputs: target material, constraints, expected output, and acceptance criteria.
- Evidence boundary: follow “When to Use / When NOT to Use / Scope: State-Changing Functions Only” and do not present inference as author intent.
## PART B: Execution result
- **01** The card summarizes the use case; runtime output centers on “Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally callable functions that modify state, categorizes them by access level (public, admin, role-restricted, contract-only), and generates structured audit reports. Excludes view/pure/read-only functions. Use when auditing smart contracts (Solidity, Vyper, Solana/Rust, Move, TON, CosmWasm) or when asked to find entry points, audit flows, external functions, access control patterns, or privileged operations.”.
- **02** When the source has headings, the agent prioritizes “When to Use / When NOT to Use / Scope: State-Changing Functions Only” so the result follows the author’s structure.
- **03** Typical output includes task judgment, concrete steps, required commands or file edits, validation, and follow-up options.
- **04** Risk context follows the fingerprint: read files, write/modify files, run shell commands; mostly runs locally; usually needs no extra API key.
## Running Rules
- read files, write/modify files, run shell commands; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding scope.
- Return the result, validation criteria, and next iteration options. The source does not require a stable slash command. After installation, invoke the skill by name and describe the task.
Name target files or source material, expected output, forbidden changes, and whether network or shell access is allowed. Permission fingerprint: read files, write/modify files, run shell commands.
Start with a small task and check whether the result follows “When to Use / When NOT to Use / Scope: State-Changing Functions Only”. Inspect diffs, logs, previews, or tests before expanding scope.
Confirm the final output includes a concrete result, evidence, and next action. If it stays generic, tighten inputs, boundaries, and acceptance criteria.
---
name: entry-point-analyzer
description: Analyzes smart contract codebases to identify state-changing entry points for security auditing.…
category: security
source: trailofbits/skills
---
# entry-point-analyzer
## When to use
- Analyzes smart contract codebases to identify state-changing entry points for security auditing. Detects externally ca…
- Use it when the task has clear inputs, repeatable steps, and validation criteria.
## What to provide
- Target material, scope, expected result, and forbidden changes.
- Whether network, commands, file writes, or external services are allowed.
## Execution rules
- Organize steps around “When to Use / When NOT to Use / Scope: State-Changing Functions Only” and keep inference separate from source facts.
- read files, write/modify files, run shell commands; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding the task.
## Output requirements
- Return the deliverable, key evidence, validation method, and next action.
- Mark missing information as unknown; do not invent commands, platforms, or dependencies. The author source anchors workflow facts; repository files anchor sources and commands; Fluxly only adds fit, limitations, and quality judgment.
skill "entry-point-analyzer" {
input -> user goal + target files + boundaries + acceptance criteria
context -> When to Use / When NOT to Use / Scope: State-Changing Functions Only
rules -> SKILL.md triggers / order / output contract
runtime -> no special runtime | read files, write/modify files, run shell commands | mostly runs locally
guardrails -> usually needs no extra API key + small-sample validation + diff/log review
output -> copyable result + checklist + next iteration
} Entry Point Analyzer
Systematically identify all state-changing entry points in a smart contract codebase to guide security audits.
When to Use
Use this skill when:
- Starting a smart contract security audit to map the attack surface
- Asked to find entry points, external functions, or audit flows
- Analyzing access control patterns across a codebase
- Identifying privileged operations and role-restricted functions
- Building an understanding of which functions can modify contract state
When NOT to Use
Do NOT use this skill for:
- Vulnerability detection (use audit-context-building or domain-specific-audits)
- Writing exploit POCs (use solidity-poc-builder)
- Code quality or gas optimization analysis
- Non-smart-contract codebases
- Analyzing read-only functions (this skill excludes them)
Scope: State-Changing Functions Only
This skill focuses exclusively on functions that can modify state. Excluded:
| Language | Excluded Patterns |
|---|---|
| Solidity | view, pure functions |
| Vyper | @view, @pure functions |
| Solana | Functions without mut account references |
| Move | Non-entry public fun (module-callable only) |
| TON | get methods (FunC), read-only receivers (Tact) |
| CosmWasm | query entry point and its handlers |
Why exclude read-only functions? They cannot directly cause loss of funds or state corruption. While they may leak information, the primary audit focus is on functions that can change state.
Workflow
- Detect Language - Identify contract language(s) from file extensions and syntax
- Use Tooling (if available) - For Solidity, check if Slither is available and use it
- Locate Contracts - Find all contract/module files (apply directory filter if specified)
- Extract Entry Points - Parse each file for externally callable, state-changing functions
- Classify Access - Categorize each function by access level
- Generate Report - Output structured markdown report
Slither Integration (Solidity)
For Solidity codebases, Slither can automatically extract entry points. Before manual analysis:
1. Check if Slither is Available
which slither
2. If Slither is Detected, Run Entry Points Printer
slither . --print entry-points
This outputs a table of all state-changing entry points with:
- Contract name
- Function name
- Visibility
- Modifiers applied
3. Use Slither Output as Foundation
- Parse the Slither output table to populate your analysis
- Cross-reference with manual inspection for access control classification
- Slither may miss some patterns (callbacks, dynamic access control)—supplement with manual review
- If Slither fails (compilation errors, unsupported features), fall back to manual analysis
4. When Slither is NOT Available
If which slither returns nothing, proceed with manual analysis using the language-specific reference files.
Language Detection
| Extension | Language | Reference |
|---|---|---|
.sol |
Solidity | {baseDir}/references/solidity.md |
.vy |
Vyper | {baseDir}/references/vyper.md |
.rs + Cargo.toml with solana-program |
Solana (Rust) | {baseDir}/references/solana.md |
.move + Move.toml with edition |
{baseDir}/references/move-sui.md | |
.move + Move.toml with Aptos |
{baseDir}/references/move-aptos.md | |
.fc, .func, .tact |
TON (FunC/Tact) | {baseDir}/references/ton.md |
.rs + Cargo.toml with cosmwasm-std |
CosmWasm | {baseDir}/references/cosmwasm.md |
Load the appropriate reference file(s) based on detected language before analysis.
Access Classification
Classify each state-changing entry point into one of these categories:
1. Public (Unrestricted)
Functions callable by anyone without restrictions.
2. Role-Restricted
Functions limited to specific roles. Common patterns to detect:
- Explicit role names:
admin,owner,governance,guardian,operator,manager,minter,pauser,keeper,relayer,lender,borrower - Role-checking patterns:
onlyRole,hasRole,require(msg.sender == X),assert_owner,#[access_control] - When role is ambiguous, flag as "Restricted (review required)" with the restriction pattern noted
3. Contract-Only (Internal Integration Points)
Functions callable only by other contracts, not by EOAs. Indicators:
- Callbacks:
onERC721Received,uniswapV3SwapCallback,flashLoanCallback - Interface implementations with contract-caller checks
- Functions that revert if
tx.origin == msg.sender - Cross-contract hooks
Output Format
Generate a markdown report with this structure:
# Entry Point Analysis: [Project Name]
**Analyzed**: [timestamp]
**Scope**: [directories analyzed or "full codebase"]
**Languages**: [detected languages]
**Focus**: State-changing functions only (view/pure excluded)
## Summary
| Category | Count |
|----------|-------|
| Public (Unrestricted) | X |
| Role-Restricted | X |
| Restricted (Review Required) | X |
| Contract-Only | X |
| **Total** | **X** |
---
## Public Entry Points (Unrestricted)
State-changing functions callable by anyone—prioritize for attack surface analysis.
| Function | File | Notes |
|----------|------|-------|
| `functionName(params)` | `path/to/file.sol:L42` | Brief note if relevant |
---
## Role-Restricted Entry Points
### Admin / Owner
| Function | File | Restriction |
|----------|------|-------------|
| `setFee(uint256)` | `Config.sol:L15` | `onlyOwner` |
### Governance
| Function | File | Restriction |
|----------|------|-------------|
### Guardian / Pauser
| Function | File | Restriction |
|----------|------|-------------|
### Other Roles
| Function | File | Restriction | Role |
|----------|------|-------------|------|
---
## Restricted (Review Required)
Functions with access control patterns that need manual verification.
| Function | File | Pattern | Why Review |
|----------|------|---------|------------|
| `execute(bytes)` | `Executor.sol:L88` | `require(trusted[msg.sender])` | Dynamic trust list |
---
## Contract-Only (Internal Integration Points)
Functions only callable by other contracts—useful for understanding trust boundaries.
| Function | File | Expected Caller |
|----------|------|-----------------|
| `onFlashLoan(...)` | `Vault.sol:L200` | Flash loan provider |
---
## Files Analyzed
- `path/to/file1.sol` (X state-changing entry points)
- `path/to/file2.sol` (X state-changing entry points)
Filtering
When user specifies a directory filter:
- Only analyze files within that path
- Note the filter in the report header
- Example: "Analyze only
src/core/" → scope =src/core/
Analysis Guidelines
- Be thorough: Don't skip files. Every state-changing externally callable function matters.
- Be conservative: When uncertain about access level, flag for review rather than miscategorize.
- Skip read-only: Exclude
view,pure, and equivalent read-only functions. - Note inheritance: If a function's access control comes from a parent contract, note this.
- Track modifiers: List all access-related modifiers/decorators applied to each function.
- Identify patterns: Look for common patterns like:
- Initializer functions (often unrestricted on first call)
- Upgrade functions (high-privilege)
- Emergency/pause functions (guardian-level)
- Fee/parameter setters (admin-level)
- Token transfers and approvals (often public)
Common Role Patterns by Protocol Type
| Protocol Type | Common Roles |
|---|---|
| DEX | owner, feeManager, pairCreator |
| Lending | admin, guardian, liquidator, oracle |
| Governance | proposer, executor, canceller, timelock |
| NFT | minter, admin, royaltyReceiver |
| Bridge | relayer, guardian, validator, operator |
| Vault/Yield | strategist, keeper, harvester, manager |
Rationalizations to Reject
When analyzing entry points, reject these shortcuts:
- "This function looks standard" → Still classify it; standard functions can have non-standard access control
- "The modifier name is clear" → Verify the modifier's actual implementation
- "This is obviously admin-only" → Trace the actual restriction; "obvious" assumptions miss subtle bypasses
- "I'll skip the callbacks" → Callbacks define trust boundaries; always include them
- "It doesn't modify much state" → Any state change can be exploited; include all non-view functions
Error Handling
If a file cannot be parsed:
- Note it in the report under "Analysis Warnings"
- Continue with remaining files
- Suggest manual review for unparsable files
Decide Fit First
Design Intent
How To Use It
Boundaries And Review