ref-lifecycle
CommunityAudit Aptos Move refs with zero blind spots.
System Documentation
What problem does it solve?
This Skill helps security analysts understand and verify the lifecycle and interactions of Aptos Move reference capabilities (ConstructorRef, TransferRef, MintRef, BurnRef, DeleteRef, ExtendRef). It highlights how permanent, non-revocable Refs can create wide attack surfaces if mismanaged or leaked, and provides a structured approach to auditing their creation, storage, and usage.
Core Features & Use Cases
- Enumerate all Ref types across the codebase.
- Assess storage location, access control, and transfer implications of each Ref.
- Map possible attacker workflows and compute blast radius; propose mitigations.
- Use cases: auditing a Move module to ensure Refs are properly scoped before deployment; verifying that ExtendRef cannot introduce unsafe signer capabilities.
Quick Start
Begin by listing all Ref types across your Move modules and map their creation, storage, and usage paths to identify potential misconfigurations.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ref-lifecycle Download link: https://github.com/PlamenTSV/plamen/archive/main.zip#ref-lifecycle Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.