solidityscan-mcp-server
Verified Safeby Credshields
Overview
An MCP server exposing SolidityScan for smart contract security analysis and reporting for integration with MCP-capable clients.
Installation
npx solidityscan-mcp-serverEnvironment Variables
- SOLIDITYSCAN_API_KEY
- SOLIDITYSCAN_MCP_PORT
- PORT
- SOLIDITYSCAN_TEST_API_KEY
Security Notes
The server's `scan_local_directory` tool allows scanning local file paths provided by the client. If the server is deployed in an untrusted environment and exposed to arbitrary users, this could lead to information disclosure or unintended file system access on the server's host. However, given its intended use as an 'MCP Server' for developer clients (e.g., Claude Desktop, Cursor) running locally or in a trusted setup, this functionality is likely a feature for local code analysis. There are no obvious signs of 'eval', obfuscation, or hardcoded secrets. The `request` dependency (used by the underlying SolidityScan SDK) is deprecated, which can be a minor maintenance and security risk over time due to lack of updates.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-audit
Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
UCAI
Generates Model Context Protocol (MCP) servers from smart contract ABIs, enabling AI agents to interact with blockchain protocols safely and efficiently, incorporating security scanning and contract explanations.