slither-mcp
Verified Safeby trailofbits
Overview
Provides static analysis for Solidity smart contracts using Slither via the Model Context Protocol (MCP), making contract metadata, inheritance, function calls, and security vulnerabilities accessible to LLMs and other tools.
Installation
uv run slither-mcpSecurity Notes
The server's core functionality relies on executing external tools (Forge, Slither) on user-provided Solidity project paths. While this is inherent to its purpose, it introduces a reliance on the integrity of the project path and the binaries being executed. Input validation is performed for tool parameters, and there are no direct code injection vulnerabilities like 'eval' or arbitrary command execution through tool requests. Opt-out metrics are implemented with explicit privacy filtering, and opt-in enhanced error reporting is clearly documented to transmit sensitive data. The primary risk lies in a user supplying a malicious Solidity project that could exploit local environment vulnerabilities, rather than a flaw in the server's request handling.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
treesitter-mcp
Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.
UCAI
Generates Model Context Protocol (MCP) servers from smart contract ABIs, enabling AI agents to interact with blockchain protocols safely and efficiently, incorporating security scanning and contract explanations.
rust-code-mcp
Semantic code search, navigation, and analysis for Rust codebases, integrating with an MCP client.