access-control
Access Control
Forked from Trail of Bits Solana security skills. Original category alignment: missing signer checks. Modified by Sealevel Guard and distributed as skill text under CC BY-SA 4.0.
Solana and Anchor access-control review skill.
Purpose
Detect whether privileged behavior is exposed to the wrong signer, authority, or account path.
Focus
This skill is responsible for:
- missing signer checks,
- weak admin or authority transitions,
More from newmanxbt/sealevel-guard
cpi-risk
Detects whether the program can invoke the wrong program, propagate too much privilege, or trust unsafe callback behavior. Internal specialist module for CPI risk review.
1token-invariants
Detects whether token and vault logic can violate economic or accounting assumptions another agent would rely on. Internal specialist module for token invariant review.
1pda-integrity
Detects whether a program's PDA design allows spoofing, role confusion, or weak authority derivation. Internal specialist module for PDA integrity review.
1account-constraints
Detects whether the program trusts the wrong accounts, owners, or mutability assumptions. Internal specialist module for Anchor account validation review.
1sealevel-guard-review
Orchestrates parallelized Solana trust-gate review to determine whether a codebase or program is safe enough to ship, integrate, or allocate capital through. Use when asked to review, audit, or assess risk of a Solana program.
1governance-upgrade-risk
Detects whether governance or upgrade control is concentrated, weakly separated, or capable of undermining user or integrator trust. Internal specialist module for governance risk review.
1