/docs/commands
Slash commands.
All 45 Rugproof commands, generated from source.
Which command?
I want to… ├─ audit my whole repo ............... /audit (deep: /audit-deep, paranoid: /audit-strict) ├─ quick pre-commit check ............ /quick-scan ├─ audit a deployed contract ......... /audit-live <chain> <addr> ├─ audit only my git changes ......... /audit-changes ├─ check dependency versions ......... /audit-deps ├─ compare a contract across chains .. /audit-multi-chain <addr> <chains> ├─ know if a token can rug me ........ /rug-check ├─ prove a property formally ......... /prover ├─ turn a finding into a PoC ......... /exploit <id> (live: /exploit-live) ├─ generate a patch .................. /remediate <id> ├─ produce a shareable report ........ /report (card only: /card) └─ pre-launch go/no-go ............... /pre-deploy
All commands
| Command | Arguments | What it does |
|---|---|---|
/audit | [file-or-dir] (omit to audit entire repo per .rugproof.yml) | Full security audit of a Solidity/Vyper/Rust contract or directory. Runs the entire vuln-skills library and dispatches DeFi specialist subagents based on detected protocol type. |
/audit-changes | [base-branch] (default: main) | Audit only the git diff vs main (or specified base). Optimized for PR review. |
/audit-deep | [file-or-dir] | Deep audit — same as /audit but spawns more parallel subagents, runs multi-pass review, and chases exploit chains across files. |
/audit-deps | [file-or-dir] | Audit third-party dependencies — resolve installed versions, cross-reference known-vulnerable releases, and flag vendored code that has diverged from upstream. |
/audit-diff | <old-report.json> <new-report.json> | Diff two Rugproof audit reports (before vs after) to track regressions — what's new, what's fixed, and whether the grade moved. |
/audit-history | <address-or-protocol-name> | Pull past public audits (Code4rena, Sherlock, Spearbit, etc.) for a deployed contract or known protocol. |
/audit-live | <address> [--chain ethereum] [--block latest] | Audit a deployed contract on a live chain. Pulls verified source from the block explorer, optionally forks the chain for live-state simulation. |
/audit-multi-chain | <address> <chain1,chain2,...> | Diff the on-chain configuration of one contract deployed across multiple chains — owner, oracle, fees, timelock, pause state, proxy impl — and flag the chain that drifted. |
/audit-strict | [file-or-dir] | Multi-pass consensus audit — runs the audit twice with different prompts, only reports consensus findings. Aggressively cuts false positives. |
/bounty | <finding-id> [--target immunefi|protocol|seal911] | Generate a responsible-disclosure bounty submission from a confirmed finding — Immunefi / protocol bounty / SEAL 911 formats. |
/bounty-submit | <finding-id> [--platform immunefi|cantina|protocol] | Submit a finding to a bug-bounty platform (Immunefi, Cantina) automatically. |
/card | [--out <path>] [--style classic|bear|hacker|minimal] | Generate a shareable PNG audit card from the latest /audit. Optimized for social media. |
/coverage | — | Run forge coverage, identify untested branches, generate tests to close gaps. |
/demo | [reentrancy|oracle|flash-loan|inflation|replay|vyper|all] | Run Rugproof against the bundled vulnerable example contracts — first-run "wow moment". |
/diff-audit | <file> --reference <openzeppelin|solady|uniswap-v3|...> | Diff the contract against a canonical reference implementation (OZ, Solady, Uniswap V3, etc.) and flag suspicious deltas. |
/dismiss | <finding-id> <reason> | Mark a finding as a false positive (or accepted risk). Future audits won't re-report it. |
/explain | <finding-id> [--audience=beginner|engineer|exec] | Explain a finding in plain English, with examples. Optionally tailored to a beginner audience. |
/exploit | <finding-id> [--framework foundry|hardhat] [--story] | Generate a working Foundry PoC that exploits a specific finding. Compiles and passes. |
/exploit-chain | <finding-id-1> <finding-id-2> [...] | Chain multiple findings into a single multi-step exploit. Produces a Foundry test that proves the chain works. |
/exploit-live | <chain> <address> <finding-id> | Generate an exploit against a *deployed* contract on a fork. Validates the exploit works on live state. |
/fuzz | <Contract.function> | Generate property-based fuzz tests for a specific function. |
/gas | <file-or-contract> | Gas profile — find expensive operations and suggest optimizations with before/after numbers. |
/invariant | <contract-or-file> | Generate Foundry invariant tests for property-based fuzzing. The high-value command for serious teams. |
/mint-cert | [--chain berachain] [--ipfs-pin] | Mint a soulbound Audit Certificate NFT on Berachain (or other supported chain) for a completed audit. |
/monitor | [address] [--chain ethereum] | Set up post-deployment monitoring — recommend which on-chain events to alert on and scan recent activity for high-severity changes. |
/mythril | [file] | Run Mythril (symbolic execution) and have Claude triage its findings — turn symbolic counter-examples into Foundry PoCs. |
/notify-discord | [--webhook-url <url>] [--severity-filter critical|high|medium] | Post the latest /audit results to a Discord channel via webhook. |
/notify-slack | [--webhook-url <url>] [--severity-filter critical|high|medium] | Post the latest /audit results to a Slack channel via incoming webhook. |
/pre-deploy | [dir] | Interactive pre-launch security checklist — walk the operational and code-safety gates and produce a final GO / NO-GO with each item PASS / FAIL / N-A. |
/prover | [contract] [property] | Formal verification entrypoint — prove a property holds for all inputs with Halmos (symbolic, offline) or Certora (CVL) using ready-made property templates. |
/quick-scan | [file-or-dir] | Fast pre-commit-grade scan. Only catches Critical and High. Optimized for hooks. |
/remediate | <finding-id>... [--apply] | Generate code patches that fix one or more findings. Outputs as a unified diff and (optionally) applies it. |
/replay-incident | <chain> <tx-hash> | Replay a historical exploit tx (by tx hash) on a fork. Explains step-by-step what the attacker did. |
/report | [--format markdown|html|pdf|json|png|all] [--out <dir>] | Render the latest audit as a deliverable report in Markdown / HTML / PDF / JSON / PNG. |
/rug-check | [file-or-address] [--chain <c>] | Fast owner-power / rugability scan — score how much unilateral control the deployer holds and return a 0-100 rug-risk verdict. |
/rugproof-init | — | 60-second onboarding — set up .rugproof.yml, choose severity profile, configure hooks, pick supported chains. |
/score | [file-or-dir] | Compute a Rugproof grade (A+ → F) for the contract or repo based on findings from /audit. |
/simulate | <chain> [<address>] [--block latest] | Multi-actor, multi-block simulation against a live fork. Stateful attack sequences across many txs. |
/slither | [file-or-dir] | Run Slither and have Claude triage its findings — separate true positives from false positives, write PoCs for real bugs. |
/symbolic | <contract-or-function> | Symbolic execution via Halmos. For paths that fuzzing cannot reach. |
/test-gen | <file-or-function> | Generate a Foundry test suite — happy path + edge cases + adversarial tests — for a contract or function. |
/tweet | [--auto] [--include-card] [--text \"custom prefix\"] | Compose a tweet from the latest audit. Either auto-posts (if Twitter API creds set) or generates a one-click intent URL. |
/upgrade-safety | <old-impl-path-or-address> <new-impl-path-or-address> | Check storage compatibility, initializer changes, and admin-function deltas between two implementations of an upgradeable contract. |
/verify-deploy | <chain> <address> | Verify deployed bytecode matches the source you have, with correct constructor args. |
/verify-finding | <finding-id> | Second-opinion mode — re-check a specific finding with deeper analysis. Triages true vs false positives. |