slither-mcp

概述

Slither MCP 服务器通过模型上下文协议为 Solidity 智能合约提供全面的静态分析功能。它包装了 Slither 分析工具，将合约元数据、函数签名、继承层次结构和安全漏洞作为 MCP 工具暴露出来。该服务器包含缓存功能以便更快地后续分析，并提供用于检查代码结构的查询工具和用于检测漏洞的安全分析工具。它由知名的区块链安全公司 Trail of Bits 维护，似乎正在积极维护中。

试试问 AI

装完之后，这里有 7 个你可以让 AI 做的事：

• list_contracts

  List contracts with filters by type or path pattern

  试试:List all contracts in the project试试:Find all interface contracts
• get_contract

  Get detailed contract information including functions and inheritance

  试试:Get details for the MyToken contract试试:Show information about the Owned contract
• get_contract_source

  Get the complete source code of a contract's Solidity file

  试试:Show source code for the MyToken contract试试:Get the complete source for the Auction contract
• get_function_source

  Get source code for a specific function with line numbers

  试试:Show the transfer function implementation试试:Get the code for the approve function
• list_functions

  List functions with filters by contract, visibility, or modifiers

  试试:List all public functions试试:Show all functions with the 'onlyOwner' modifier
• function_callees

  Get function call relationships including internal, external, and library calls

  试试:What functions does the transfer function call?试试:Show all library calls in the approve function
• function_callers

  Get all functions that call a target function grouped by call type

  试试:Which functions call the transfer function?试试:Show all callers of the withdraw function
• get_inherited_contracts

  Get a recursive tree of all contracts that a contract inherits from

  试试:Show the inheritance hierarchy for the MyToken contract试试:What contracts does the Derived contract inherit from?
• get_derived_contracts

  Get a recursive tree of all contracts that inherit from a contract

  试试:Show all contracts that inherit from the Base contract试试:Which contracts extend the Token contract?
• list_function_implementations

  Find all implementations of a function signature across contracts

  试试:Where is the transferFrom function implemented?试试:Find all implementations of the approve function
• list_detectors

  List available Slither detectors with metadata

  试试:Show all available Slither detectors试试:List detectors related to reentrancy
• run_detectors

  Get detector results with filtering by name, impact, or confidence

  试试:Run all high-impact detectors试试:Check for reentrancy vulnerabilities试试:Show informational detectors

可对比工具

安装

# 安装依赖
uv sync

# 或者在开发模式下安装
uv pip install -e .

uv run slither-mcp

{
  "mcpServers": {
    "slither-mcp": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/trailofbits/slither-mcp", "slither-mcp"]
    }
  }
}

FAQ

Slither MCP 收集哪些指标？

Slither MCP 收集工具调用事件（使用哪些工具）和成功/失败状态。它不收集工具调用参数、合约详情、函数名称或任何项目特定信息。指标默认启用，但可以使用 --disable-metrics 标志禁用。

支持哪些 Solidity 项目设置？

该服务器支持任何可以被 Slither 分析的 Solidity 项目，包括 Foundry、Hardhat 和其他流行的开发框架。项目会自动缓存到 <path>/artifacts/project_facts.json 中以便更快后续查询。

我可以将 Slither MCP 用作常规 API 吗？

是的，该包包含一个类型化的 Python 客户端（SlitherMCPClient），用于以编程方式与 Slither MCP 服务器交互。这可用于构建需要查询 Solidity 项目的工具、脚本或代理，而无需在 MCP 环境中使用。

slither-mcp 对比