| name | starknet-skills |
|---|---|
| description | Cairo/Starknet skills for AI coding agents with router and module links. |
-fe315d){kind=icon}
All 30+ compatible tools
Built on the Agent Skills open standard — works with any tool that reads markdown.
Cairo/Starknet skills for AI coding agents
Security + reasoning knowledge layer for any agent that reads markdown. Built on the Agent Skills open standard — works with 30+ tools. For operational tooling, see starknet-agentic.
/plugin marketplace add keep-starknet-strange/starknet-skills
/plugin install starknet-skillsThen try:
Audit src/contract.cairo using the cairo-auditor skill
Clone the repo:
git clone https://github.com/keep-starknet-strange/starknet-skills.gitOption 1: add the cloned repo as a context directory in Cursor settings.
Option 2: copy the rule file and selected skills into your project.
Run the following from your project root and replace /path/to/starknet-skills with your clone path:
cd /path/to/your/project
mkdir -p .cursor/rules .cursor/skills
cp /path/to/starknet-skills/.cursor/rules/starknet-skills.md .cursor/rules/
cp -r /path/to/starknet-skills/cairo-auditor .cursor/skills/cairo-auditor
cp -r /path/to/starknet-skills/cairo-testing .cursor/skills/cairo-testing
cp -r /path/to/starknet-skills/cairo-contract-authoring .cursor/skills/cairo-contract-authoringThen try:
Write an ERC20 token contract following the cairo-contract-authoring skill
Paste the router URL into Gemini CLI chat as context:
https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/SKILL.md
Clone the repo into your workspace, then provide the router URL in Copilot chat via @workspace (or add it as custom context in VS Code settings):
git clone https://github.com/keep-starknet-strange/starknet-skills.githttps://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/SKILL.md
Auto-discovered via AGENTS.md at the repo root. Clone and open — Codex reads agent instructions automatically.
Clone the repo into your project, then paste the router URL in Junie chat/context:
git clone https://github.com/keep-starknet-strange/starknet-skills.githttps://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/SKILL.md
Paste this URL into your agent's chat or config — it auto-routes to the right skill:
https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/SKILL.md
Or load a specific skill directly:
https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/cairo-auditor/SKILL.md
https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/cairo-contract-authoring/SKILL.md
https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/cairo-testing/SKILL.md
https://raw.githubusercontent.com/keep-starknet-strange/starknet-skills/main/cairo-optimization/SKILL.md
Machine-readable index: llms.txt
After installing, try these in any agent:
| What you want | What to type |
|---|---|
| Audit a contract | Audit src/vault.cairo for security issues using cairo-auditor |
| Write a new contract | Write an upgradeable ERC721 with Ownable using cairo-contract-authoring |
| Add tests | Add unit and fuzz tests for src/vault.cairo using cairo-testing |
| Optimize gas | Profile and optimize the transfer function using cairo-optimization |
| Full pipeline | Write a staking contract, test it, then audit it |
The agent reads the skill, follows its orchestration steps, and produces structured output (findings report, test suite, optimized code, etc.).
python scripts/quality/audit_local_repo.py \
--repo-root /path/to/your/cairo-repo \
--scan-id local-auditOptional Sierra confirmation (trusted repos only):
python scripts/quality/audit_local_repo.py \
--repo-root /path/to/your/cairo-repo \
--scan-id local-audit-sierra \
--sierra-confirm \
--allow-buildWarning: --allow-build may execute repository build steps/tooling.
Use build mode only on trusted code, or run in an isolated environment.
Reports are written under <repo-root>/evals/reports/local/ by default (.md, .json).
Add --write-findings-jsonl to emit .findings.jsonl.
If a target filename already exists, the script appends -N to avoid overwrite.
| Module | What LLMs Commonly Miss |
|---|---|
| cairo-auditor | Misses Starknet upgrade/account edge cases and weak FP gates |
| cairo-contract-authoring | Applies Solidity structure directly to Cairo components |
| cairo-testing | Stops at unit tests and skips invariants/adversarial regression coverage |
| cairo-optimization | Optimizes wrong paths without trace/Sierra context |
| cairo-toolchain | Uses stale Scarb/snforge/sncast workflows |
| account-abstraction | Misses session-key/self-call and validation-flow pitfalls |
| starknet-network-facts | Hallucinates network semantics and fee/timing assumptions |
Recommended sequence for new contracts: cairo-contract-authoring -> cairo-testing -> cairo-auditor.
ingest -> segment -> normalize -> distill -> skillize
24 26 217 9 7
audits corpora findings assets skills
Snapshot counts are maintainer-updated. When normalized findings change, update this table and badge labels together.
- Ingest manifest:
datasets/manifests/audits.jsonl - Normalized findings:
datasets/normalized/findings/ - Distilled assets:
datasets/distilled/ - Router skill index:
SKILL.md
Deterministic benchmarks are smoke/regression gates, not final proof of auditor quality.
- Deterministic smoke:
- Human-labeled external triage:
- Manual gold recall:
- Contract-skill benchmark:
- KPI publication gate:
Skills are authored from audit-backed source material, then checked with deterministic gates and held-out evaluation policy before landing. The goal is reusable, high-signal corrections for common Cairo/Starknet failure modes, not generic documentation.
Current workflow:
quality.ymlis the required per-PR gate.full-evals.ymlruns on schedule/workflow dispatch and auto-triggers onpull_requestevents (opened,synchronize,reopened,ready_for_review) when touched paths matchSKILL.md,**/SKILL.md,**/references/**,evals/**,scripts/quality/**, or.github/workflows/**.- Build-side generation eval tracks contract authoring quality (
prompt -> generated code -> build/test/static checks) as informational telemetry infull-evals.yml. - External triage trends live under
evals/scorecards/. Evaluation policy: evals/README.md
- Site: starkskills.org
- Source: website/
- Generator: scripts/site/build_site.py
See CONTRIBUTING.md, SECURITY.md, and THIRD_PARTY.md.
Core local gates:
python3 scripts/quality/validate_skills.pypython3 scripts/quality/validate_marketplace.pypython3 scripts/quality/parity_check.py
MIT