Token integration and implementation analyzer based on Trail of Bits' token integration checklist. Analyzes token implementations for ERC20/ERC721 conformity, checks for 20+ weird token patterns, assesses contract composition and owner privileges, performs on-chain scarcity analysis, and evaluates how protocols handle non-standard tokens. Context-aware for both token implementations and token integrations.
View on GitHubplugins/building-secure-contracts/skills/token-integration-analyzer/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/trailofbits/skills/blob/main/plugins/building-secure-contracts/skills/token-integration-analyzer/SKILL.md -a claude-code --skill token-integration-analyzerInstallation paths:
.claude/skills/token-integration-analyzer/# Token Integration Analyzer ## Purpose Systematically analyzes the codebase for token-related security concerns using Trail of Bits' token integration checklist: 1. **Token Implementations**: Analyze if your token follows ERC20/ERC721 standards or has non-standard behavior 2. **Token Integrations**: Analyze how your protocol handles arbitrary tokens, including weird/non-standard tokens 3. **On-chain Analysis**: Query deployed contracts for scarcity, distribution, and configuration 4. **Security Assessment**: Identify risks from 20+ known weird token patterns **Framework**: Building Secure Contracts - Token Integration Checklist + Weird ERC20 Database --- ## How This Works ### Phase 1: Context Discovery Determines analysis context: - **Token implementation**: Are you building a token contract? - **Token integration**: Does your protocol interact with external tokens? - **Platform**: Ethereum, other EVM chains, or different platform? - **Token types**: ERC20, ERC721, or both? ### Phase 2: Slither Analysis (if Solidity) For Solidity projects, I'll help run: - `slither-check-erc` - ERC conformity checks - `slither --print human-summary` - Complexity and upgrade analysis - `slither --print contract-summary` - Function analysis - `slither-prop` - Property generation for testing ### Phase 3: Code Analysis Analyzes: - Contract composition and complexity - Owner privileges and centralization risks - ERC20/ERC721 conformity - Known weird token patterns - Integration safety patterns ### Phase 4: On-chain Analysis (if deployed) If you provide a contract address, I'll query: - Token scarcity and distribution - Total supply and holder concentration - Exchange listings - On-chain configuration ### Phase 5: Risk Assessment Provides: - Identified vulnerabilities - Non-standard behaviors - Integration risks - Prioritized recommendations --- ## Assessment Categories I check 10 comprehensive categories covering all aspects of token security. For detailed criteria, patter