I Built an Open-Source Move Auditor Skill for Claude Code

3,000+ lines of vulnerability patterns for Sui & Aptos — plugged directly into your AI workflow.

0xTheBlackPanther 📅 March 2026 ⏱ 8 min read 🏷 Move, Security, Claude Code, Open Source

2 weeks ago I open-sourced my generic audit prompts and workflow. Those were chain-agnostic — they worked for Solidity, Rust, Move, whatever. The feedback was great, but one thing kept nagging me: generic prompts produce generic results.

When I started doing more Move audits — both Sui and Aptos — I realized the attack surface is fundamentally different from EVM. Object ownership models, capability patterns, hot potatoes, witness abuse, PTB reentrancy, acquires annotations, resource account escalation. None of this exists in Solidity. My generic prompts weren't catching these.

So I built something specific.

1. What is move-auditor?

It's a Claude Code skill — not a standalone tool, not a CLI binary. You install it once, and it turns Claude Code into a Move-specialized security auditor. It auto-activates when you open .move files.

# Install
git clone https://github.com/pantheraudits/move-auditor.git
mkdir -p ~/.claude/commands
cp -r move-auditor ~/.claude/commands/move-auditor

# Usage (inside Claude Code session)
/move-auditor              # Full audit of all .move files
/move-auditor sources/pool.move  # Audit specific file

That's it. No config files, no API keys, no setup beyond a cp.

2. Why a Skill Instead of Just Better Prompts?

My previous repo was a collection of prompts you copy-paste into your workflow. It worked. But there were problems:

Context fragmentation — you'd paste one prompt, get results, paste another, lose context from the first pass
No structured workflow — the order you run checks matters. Access control before DeFi vectors, codebase mapping before vulnerability scanning
Generic coverage — a prompt that says "check for reentrancy" doesn't know that Sui reentrancy looks nothing like EVM reentrancy

A Claude Code skill solves all three. It's a structured, multi-phase audit workflow that loads chain-specific patterns on demand and produces a consistent report format every time.

3. The 5-Phase Audit Workflow

The skill doesn't just dump a checklist. It runs a structured 5-phase process:

Phase 1 → Initial Assessment Detect chain (Sui vs Aptos), map modules, entry functions, structs, capabilities Phase 2 → Multi-Perspective Review Think as attacker, protocol designer, and integrator — three different threat models Phase 3 → Structured Vulnerability Scan Run every check in common-move.md + chain-specific reference, log each finding Phase 4 → DeFi & Protocol-Specific Checks Oracle manipulation, flash loans, liquidity pool attacks, governance bypass Phase 5 → Report Severity table, findings with PoC scenarios, recommended fixes, clean-check list

Phase 2 is the one I think matters most. Asking the AI to think from three perspectives — attacker, designer, integrator — catches things a single-pass review misses. An attacker thinks about what they can call. A designer thinks about what invariants should hold. An integrator thinks about what happens when this module composes with others.

4. What It Actually Checks

The skill ships with 3,000+ lines of security checks across four reference files. Here's the breakdown:

Common Move Checks (chain-agnostic)

These apply to all Move code — Sui, Aptos, or any future Move chain:

Access control — missing capability gates, copy-ability on caps, hardcoded admin addresses
Arithmetic — overflow DoS, division-before-multiplication, cast truncation
Resource safety — leaks, unauthorized extraction, double-spend via phantom resources
Logic invariants — state machine violations, timestamp manipulation
Cross-module safety — reentrancy, unvalidated return values, stale state after external calls
Upgradeability — single-key authority, reinitialization, missing emergency pause

Sui-Specific Patterns (SUI-01 to SUI-22)

Sui's object-centric model creates an attack surface that doesn't exist anywhere else:

Object ownership confusion (SUI-01) — a shared object treated as owned, or vice versa. Breaks access control silently.

Witness pattern abuse (SUI-03) — one-time witness with copy ability. Supposed to be used once, now usable forever.

PTB state inconsistency (SUI-02) — Programmable Transaction Blocks let you compose calls in a single transaction. Shared objects can be mutated between calls within the same PTB.

Dynamic field injection (SUI-06) — attacker adds unexpected fields to objects they interact with.

Hot potato misuse (SUI-09) — hot potato pattern enforces "must be consumed in same transaction." If the consumption check is weak, the enforced flow is bypassable.

Aptos-Specific Patterns (APT-01 to APT-21)

Aptos's global storage model has its own class of bugs:

Missing acquires (APT-01) — forgetting the annotation means the function can't actually access the resource. Sounds harmless until it silently skips a critical check.

Resource account escalation (APT-02) — the signer capability for a resource account gets leaked or stored with copy.

Coin type confusion (APT-03) — generic type parameters let attackers pass a worthless coin type where a valuable one is expected.

ConstructorRef leaks (APT-17) — if a ConstructorRef is stored or returned, anyone can mint unlimited tokens.

Move 2.2 reentrancy (APT-21) — new dispatch patterns in Move 2.2 reintroduce reentrancy vectors that didn't exist before.

DeFi Attack Vectors (DEFI-01 to DEFI-10)

For any Move protocol touching tokens, swaps, lending, or oracles:

Oracle manipulation (spot price, TWAP staleness, circular dependencies)
Flash loan attack surface and composability risks
First-depositor attacks on liquidity pools
Liquidation mechanism abuse and reward calculation errors
Governance/timelock bypass patterns

5. Every Check Has Vulnerable + Safe Code

This is a rule I set for the repo: no check gets added without a concrete code example showing both the vulnerable pattern and the fix. Abstract descriptions are useless when you're reviewing actual code.

// SUI-03: Witness pattern abuse

// VULNERABLE — OTW has copy, can be reused
struct MY_TOKEN has copy, drop {}

fun init(witness: MY_TOKEN, ctx: &mut TxContext) {
    // witness can be copied and reused — OTW guarantee broken
}

// SAFE — OTW only has drop, enforced single-use
struct MY_TOKEN has drop {}

fun init(witness: MY_TOKEN, ctx: &mut TxContext) {
    // witness is consumed here, cannot be reused
}

Every check follows this pattern. You see the bug, you see the fix. No ambiguity.

6. The Report Format

Each finding in the output follows a consistent structure:

[HIGH-001] Witness Pattern Allows Token Supply Manipulation

Severity:  High
Location:  sources/token.move:15-18
Category:  SUI-03 (Witness Pattern Abuse)

Description:
The MY_TOKEN struct has `copy` ability, allowing the one-time
witness to be duplicated. An attacker can call init-guarded
functions multiple times.

Attack Scenario:
1. Attacker obtains MY_TOKEN witness during module publish
2. Copies the witness before passing to init()
3. Calls init() again with the copied witness
4. Creates duplicate TreasuryCap → unlimited minting

Recommended Fix:
Remove `copy` ability from the witness struct.

References:
SUI-03 in sui-patterns.md

Severity table at the top, PoC scenario for every finding, verified clean checks at the bottom. Consistent every time.

7. The Roadmap — and Why Benchmarking Matters Most

Here's what's planned:

Vulnerability database — real-world Move CVEs and audit contest findings, tagged by pattern
Protocol-specific patterns — Cetus, Aftermath, Turbos on Sui; Thala, Aries, Echelon on Aptos
Automated grep patterns — lightweight static analysis for common Move anti-patterns
Report templates — different formats for private audits vs. contest submissions
Benchmarking — the big one

On benchmarking: Right now, I know the skill finds things that generic prompts miss. But I can't prove it with numbers. The plan is to benchmark move-auditor against three baselines: (1) raw Claude with no skill, (2) Claude with my old generic prompts, and (3) manual review alone. Run all three against the same set of known-vulnerable Move contracts and measure: what gets caught, what gets missed, how many false positives.

If a tool can't beat "just reading the code carefully," it shouldn't exist. I want to know exactly where the skill adds value and where it doesn't. That data will also drive which checks get improved and which new ones get prioritized.

This is the item on the roadmap I'm most interested in. Open-sourcing code is easy. Proving it works is harder. The benchmarking results will be published alongside the skill so anyone can verify the claims.

8. What This Doesn't Replace

AI-assisted audit output must be manually verified. This skill accelerates your workflow — it does not replace deep manual review and PoC testing. Every finding the skill generates needs human confirmation before it goes into a report. The skill is a force multiplier, not an autopilot.

If you treat AI output as final, you will ship false positives and miss real bugs. The skill is designed to surface candidates faster — you still need to verify, test, and think.

9. How to Contribute

The repo is MIT licensed and contributions are welcome:

New common checks go in common-move.md
Sui-specific checks go in sui-patterns.md — numbered SUI-XX
Aptos-specific checks go in aptos-patterns.md — numbered APT-XX
DeFi vectors go in defi-vectors.md — numbered DEFI-XX

Every new check must include a code example showing both the vulnerable and safe pattern. No exceptions.

# Quick start
git clone https://github.com/pantheraudits/move-auditor.git
mkdir -p ~/.claude/commands
cp -r move-auditor ~/.claude/commands/move-auditor

# Open any Move project in Claude Code and run:
/move-auditor

The skill is at github.com/pantheraudits/move-auditor. If you audit Move contracts, try it on your next review and tell me what it catches that you wouldn't have found otherwise. That's the only metric that matters.

— Panther · GitHub · Telegram

Disclaimer: The Move language and the Sui/Aptos ecosystems evolve fast. APIs change, new patterns emerge, and security considerations shift with each upgrade. If you find anything in this post that is outdated or inaccurate, please reach out to me so I can update it.