slither-mcp
by trailofbits·★ 89·Score 48
An MCP server wrapping Slither for static analysis of Solidity smart contracts.
Overview
The Slither MCP server provides comprehensive static analysis capabilities for Solidity smart contracts through the Model Context Protocol. It wraps the Slither analysis tool to expose contract metadata, function signatures, inheritance hierarchies, and security vulnerabilities as MCP tools. The server includes caching for faster subsequent analysis and offers both query tools for examining code structure and security analysis tools for detecting vulnerabilities. It appears to be actively maintained by Trail of Bits, a well-known security firm specializing in blockchain security.
Try asking AI
After installing, here are 7 things you can ask your AI assistant:
When to choose this
Choose this when you need to integrate static security analysis of Solidity contracts into your AI workflows or development process.
When NOT to choose this
Don't choose this if you need real-time analysis or working with non-Solidity smart contract languages.
Tools this server exposes
12 tools extracted from the READMElist_contractsList contracts with filters by type or path pattern
get_contractGet detailed contract information including functions and inheritance
get_contract_sourceGet the complete source code of a contract's Solidity file
get_function_sourceGet source code for a specific function with line numbers
list_functionsList functions with filters by contract, visibility, or modifiers
function_calleesGet function call relationships including internal, external, and library calls
function_callersGet all functions that call a target function grouped by call type
get_inherited_contractsGet a recursive tree of all contracts that a contract inherits from
get_derived_contractsGet a recursive tree of all contracts that inherit from a contract
list_function_implementationsFind all implementations of a function signature across contracts
list_detectorsList available Slither detectors with metadata
run_detectorsGet detector results with filtering by name, impact, or confidence
Comparable tools
Installation
Installation
This project uses UV for package management:
# Install dependencies
uv sync
# Or install in development mode
uv pip install -e .Usage
Basic Usage
Start the Slither MCP server:
uv run slither-mcpClaude Desktop Configuration
Add to claude_desktop_config.json:
{
"mcpServers": {
"slither-mcp": {
"command": "uvx",
"args": ["--from", "git+https://github.com/trailofbits/slither-mcp", "slither-mcp"]
}
}
}FAQ
- What metrics does Slither MCP collect?
- Slither MCP collects tool call events (which tools are used) and success/failure status. It does NOT collect tool call parameters, contract details, function names, or any project-specific information. Metrics are enabled by default but can be disabled with the --disable-metrics flag.
- What Solidity project setups are supported?
- The server supports any Solidity project that can be analyzed by Slither, including Foundry, Hardhat, and other popular development frameworks. Projects are automatically cached in <path>/artifacts/project_facts.json for faster subsequent queries.
- Can I use Slither MCP as a regular API?
- Yes, the package includes a typed Python client (SlitherMCPClient) for programmatically interacting with the Slither MCP server. This can be used to build tools, scripts, or agents that need to query Solidity projects outside of an MCP context.
Compare slither-mcp with
Last updated · Auto-generated from public README + GitHub signals.