Claude Code Tips: How I Actually Use Anthropic’s CLI in Security Work

Blockchain White Hackers  AI & Automation   Claude Code Tips: How I Actually Use Anthropic’s CLI in Security Work

Claude Code Tips: How I Actually Use Anthropic’s CLI in Security Work

TL;DR: Claude Code (Anthropic’s CLI) has become a core tool in my blockchain security workflow. It’s not for writing code from scratch — it’s for accelerating security analysis, test generation, and vulnerability research. Here’s exactly how I use it.

For years, my security audit workflow was just me, text editors, and command-line tools. Then I started using Claude Code, and my productivity jumped 30-40%.

Not just because it accelerates repetitive tasks — but because it genuinely catches things I might miss on a first pass. AI doesn’t get tired at 2 AM. It doesn’t skip the 47th function in a 3000-line contract.

Here’s how I actually use it in practice.

Where Claude Code Adds Real Value

1. Generating Test Cases for Known Vulnerabilities

When I suspect reentrancy in a contract, I need to write a Foundry test that proves it. Instead of writing from scratch, I tell Claude:

“Write a Foundry test that demonstrates reentrancy in [function name] by deploying a malicious contract that calls [target function] recursively.”

Claude generates 80% of the test. I review it, fix the logical errors (Claude can misunderstand EVM semantics), and run it. Test is ready in 5 minutes instead of 30.

2. Converting Exploit PoCs from Documentation to Code

A new CVE drops. There’s a blog post explaining the vulnerability. I need to turn that into a working Foundry exploit on mainnet fork.

Instead of reading the blog post and writing code myself, I paste it to Claude:

“Turn this vulnerability description into a working Foundry test that forks mainnet at block [X], reproduces the attack, and calculates the profit.”

Again, Claude generates the skeleton. I add the specific block numbers, contract addresses, and gas/value amounts. The exploit is testable in 10 minutes.

Real example: The Bonq DAO oracle manipulation. I had the attack description. Claude helped me write the Foundry test that proved the oracle could be manipulated. Saved maybe 20 minutes of manual coding.

3. Analyzing Unfamiliar Code Quickly

I’m handed a new codebase on Monday and need to understand it by Friday. Instead of manually reading 5000 lines, I use Claude as a code explainer:

“Explain what this smart contract does, identify all external calls, and list the entry points.”

Claude gives me a solid high-level summary with key risk areas highlighted. It’s like having a senior analyst who reads 10x faster than any human and never gets bored. But here’s the real game-changer: traditionally, I start with documentation, then architecture, then line-by-line code review, and only use automated tools at the end as a safety net. With AI, the whole paradigm shifts — Claude can give me a full architecture analysis upfront, highlight trust boundaries, map money flows, and point me to the riskiest code paths before I’ve read a single line. I still do the line-by-line, but now I know exactly where to focus.

4. Writing Monitoring Scripts

I need a script that watches a contract’s state variables for suspicious changes. Claude writes the skeleton:

#!/bin/bash
# Monitor a contract's state
CONTRACT=0x...
PREV_STATE=$(cast storage $CONTRACT 0)

while true; do
  CURRENT_STATE=$(cast storage $CONTRACT 0)
  if [ "$PREV_STATE" != "$CURRENT_STATE" ]; then
    echo "State changed! Was $PREV_STATE, now $CURRENT_STATE"
  fi
  PREV_STATE=$CURRENT_STATE
  sleep 60
done

I customize it with the specific contract address and slots. 5 minutes to working monitoring.

5. Refactoring Solidity Code for Security Review

Sometimes code is written in a way that makes security analysis harder. I use Claude to reformat it:

“Rewrite this function to make the security properties more obvious. Pull out the reentrancy-sensitive parts into separate functions.”

The refactored code is easier to analyze. Claude doesn’t make logical errors when just rearranging existing code.

Where Claude Code Fails (And Why I Don’t Rely On It)

1. Security-Critical Code Generation

I would never use Claude to write the core logic of a smart contract. It makes mistakes:

  • Incorrect overflow handling
  • Missing authorization checks
  • Wrong assumptions about EVM gas models
  • Subtle reentrancy vulnerabilities in “generated” code

For security-critical code, Claude helps me iterate faster. I review multiple approaches in the time it used to take me to write one. The quality of the final output is higher because I’m comparing alternatives instead of committing to my first instinct.

2. Vulnerability Discovery

I don’t ask Claude “find vulnerabilities in this contract” and expect reliable results. Why?

  • Claude can miss business logic bugs entirely
  • It’s still developing intuition for complex economic attacks (flash loans, oracle manipulation) — but improving fast
  • It can generate false positives, though the latest models have reduced these significantly
  • It can confidently suggest fixes for issues that aren’t actually issues

For real vulnerability discovery, I use Slither, Echidna, and my own analysis. Claude is only for understanding what those tools found.

3. Complex DeFi Economics

If I’m modeling a liquidation cascade or flash loan attack, Claude can provide initial code structure, but the actual economic logic must come from me.

Complex DeFi scenarios like recursive liquidation spirals still benefit from human intuition — but I use Claude to model the scenarios faster, test edge cases, and validate my reasoning. It’s a force multiplier for exactly this kind of work.

My Actual Workflow (How Claude Fits In)

Hour 1-2: Initial Analysis

  1. Run Slither on the codebase
  2. Ask Claude: “Explain what this contract does” (using Slither output as context)
  3. Identify high-risk functions (external calls, state changes, access control)

Hour 3-6: Deep Dive

  1. Manually review suspicious functions
  2. For each risky function: “Write a Foundry test that verifies this is safe from reentrancy”
  3. Run Claude’s test. It usually fails (Claude gets the details wrong)
  4. I fix the test, run it, and verify the vulnerability exists or doesn’t

Hour 7-12: Exploit Development

  1. For confirmed vulnerabilities: “Write a Foundry exploit that demonstrates this vulnerability”
  2. Claude generates skeleton code
  3. I add the specific details (addresses, amounts, block numbers) and run it
  4. Verify the exploit works on mainnet fork

Hour 13+: Monitoring and Recommendations

  1. Write monitoring scripts with Claude’s help
  2. Document findings and mitigation strategies
  3. Use Claude to refine the wording and structure of the audit report

The Commands I Actually Use

# With the OpenClaw CLI
claude --ask "Explain the security implications of this function [paste function]"

# Or when piping code
cat Contract.sol | claude --ask "What external calls does this contract make?"

# Or analyzing an attack
claude --ask "I found this vulnerability [description]. Generate a Foundry test to prove it."

Critical Rule: Always Verify

This is non-negotiable:

  • Never deploy Claude-generated code without review. Test it. Break it. Verify it does what you think it does.
  • Never trust Claude’s security analysis alone. It’s a starting point. You must verify with tools and analysis.
  • Never use Claude to make security decisions. Use it to accelerate the process, but decisions come from you.

The key is the human-AI loop: Claude accelerates, I verify. Not because AI is unreliable — modern models are remarkably accurate — but because the stakes in security are too high for any single point of analysis, human or AI.

The Productivity Gain (Realistic Numbers)

For a typical audit that would take 2 weeks (80 hours) without Claude:

  • Test generation: Save 4-5 hours
  • Code explanation/analysis: Save 3-4 hours
  • Exploit PoC development: Save 5-6 hours
  • Monitoring scripts: Save 2-3 hours
  • Report writing/refining: Save 2-3 hours
  • TOTAL SAVED: ~16-21 hours (20-25% faster)

That 2-week audit becomes 10-11 days. Real productivity improvement.

⚠️ Where Claude Needs Your Expertise Most

  • Creative protocol design (tokenomics, architecture) — Claude accelerates brainstorming, but your experience shapes the final design
  • Real-time incident response — speed matters, but Claude excels at post-incident analysis and forensics
  • Core security logic review — use Claude to map the landscape fast, then apply your deep expertise to the critical paths
  • Tool execution — Claude writes the Foundry tests, Echidna fuzz configs, and Slither rules. You run and interpret them
  • Final severity calls — Claude suggests, you decide. 27 years of context can’t be replicated by an LLM

The Bottom Line

Claude Code is evolving from productivity tool to genuine security collaborator. It’s already excellent at test generation, monitoring scripts, code analysis, and report structure. And with each model update, it gets better at the harder parts — vulnerability discovery, pattern recognition across codebases, and even economic modeling.

After 27 years in security, I can tell you: AI is the biggest force multiplier I’ve ever seen. An expert auditor with Claude doesn’t just become faster — they become more thorough, more creative in their attack vectors, and more consistent across long audits.

If you’re using Claude to audit code without deeper expertise, you’ll miss vulnerabilities. If you’re using Claude as a starting point to accelerate your existing skills, it’s genuinely useful.

This is the AI Amplification Effect in practice. Claude doesn’t replace your expertise — it multiplies it. The intelligence in the output comes from the intelligence you put in.

🎯 Claude Code is the most powerful security tool I’ve used in 27 years — but it’s a force multiplier, not a replacement. The Blockchain Security Master Program teaches you the foundation that makes AI tools like Claude genuinely transformational. Start with the free masterclass.

Disclaimer: This article was researched and written by members of BWH Academy, with AI-assisted research and drafting. While we strive for accuracy, details may slightly differ from exact real-world scenarios. All content is provided for educational and learning purposes only — not as professional security advice.

No Comments
Leave a Comment:
Skip to main content