Setup & Installation
npx skills add https://github.com/trailofbits/skills --skill entry-point-analyzer
https://github.com/trailofbits/skills/tree/main/plugins/entry-point-analyzer
View on GitHubWhat This Skill Does
Analyzes smart contract codebases to map all state-changing entry points for security audits. Detects externally callable functions across Solidity, Vyper, Solana/Rust, Move, TON, and CosmWasm, then categorizes them by access level: public, admin, role-restricted, or contract-only. Excludes view and pure functions to keep focus on functions that can actually modify state.
Manually tracing entry points across a multi-file smart contract codebase is error-prone and time-consuming, and missing a single unrestricted state-changing function can mean a missed critical vulnerability.
When to use it
- Mapping the attack surface before starting a smart contract audit
- Categorizing which functions are callable by anyone vs. restricted to admins or roles
- Finding callback and hook functions that define cross-contract trust boundaries
- Running Slither-backed entry point extraction on Solidity projects with automatic fallback to manual analysis
- Auditing access control patterns across multi-contract protocols like DEXes, lending markets, or bridges