slither-mcp
Provides an MCP (Model Context Protocol) server that wraps Slither static analysis to analyze Solidity projects and expose contract/function metadata and Slither detector results via MCP tools. Includes caching of Slither project facts and an optional typed Python client for tool invocation.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
No authentication is documented (likely intended for local use). Tool behavior operates on local filesystem paths, which reduces network attack surface but introduces local data handling considerations. README mentions opt-out metrics and that it does not collect tool parameters or project-specific identifiers/content, but enabling metrics may still expose usage metadata. Dependency hygiene is not verifiable from provided content; Sentry is included (may log errors/telemetry depending on configuration).
⚡ Reliability
Best When
You want to programmatically interrogate Solidity projects with Slither from an LLM/agent environment using MCP tools, and you can provide a local project path for analysis.
Avoid When
You need strict authentication/authorization, multi-tenant hosting, or network-facing API access without local project access.
Use Cases
- • Automated Solidity security analysis in an agent/tooling workflow via MCP
- • Querying contract/function metadata (inheritance, call graph relationships, sources)
- • Running Slither detectors and retrieving filtered vulnerability findings
- • Integrating Slither analysis into IDEs/agents (e.g., Claude Code, Cursor) through MCP
Not For
- • Runtime/behavioral vulnerability detection (it is static analysis only)
- • Use cases requiring a public REST/HTTP service (it is an MCP/stdio style server per README)
- • Production security workflows that require formal guarantees of detector completeness or correctness
Interface
Authentication
The README does not describe any authentication mechanism. Tools accept a local `path` parameter and appear intended for local/agent-launched usage rather than remote multi-tenant access.
Pricing
No pricing information is provided; repository appears open-source.
Agent Metadata
Known Gotchas
- ⚠ All tools require a `path` parameter pointing to a Solidity project directory; incorrect paths will fail analysis.
- ⚠ First analysis may be expensive due to Slither runs; subsequent calls may be faster due to caching.
- ⚠ Detector results are described as cached; ensure filters match the cached dataset and expected detector names/levels.
- ⚠ Tool usage depends on MCP transport (e.g., stdio) as shown in README; some agent environments may require specific MCP client configuration.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for slither-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.