Slither Server
FreeNot checkedEnables static analysis of Solidity smart contracts using Slither, including contract metadata, function details, inheritance, and security detectors through MC
About
Enables static analysis of Solidity smart contracts using Slither, including contract metadata, function details, inheritance, and security detectors through MCP tools.
README
Tests Python 3.11+ License: AGPL v3
A Model Context Protocol (MCP) server that provides static analysis capabilities for Solidity smart contracts using Slither.
Overview
This MCP server wraps Slither static analysis functionality, making it accessible through the Model Context Protocol. It can analyze Solidity projects (Foundry, Hardhat, etc.) and generate comprehensive metadata about contracts, functions, inheritance hierarchies, and more.
You can also use Slither MCP as an easy-to-use Slither API for other use cases.
Features
- Caching: Slither runs are cached to
{$PROJECT_PATH}/artifacts/project_facts.jsonfor faster subsequent loads - MCP Tools: Query contract and function information through MCP tools
- Security Analysis: Run Slither detectors and access results with filtering
- Comprehensive Analysis: Extracts detailed information about:
- Contract metadata (abstract, interface, library flags)
- Function signatures and modifiers
- Inheritance hierarchies
- Function call relationships (internal, external, library calls)
- Security vulnerabilities and code quality issues
- Source code locations
While this is a v1.0 release, we anticipate API changes as we receive more feedback.
Installation
This project uses UV for package management:
# Install dependencies
uv sync
# Or install in development mode
uv pip install -e .
Usage
Basic Usage
Start the Slither MCP server:
uv run slither-mcp
All tools accept a path parameter that specifies which Solidity project to analyze. Projects are automatically cached in <path>/artifacts/project_facts.json for faster subsequent queries.
Use in Claude Code
claude mcp add --transport stdio --scope user slither -- uvx --from git+https://github.com/trailofbits/slither-mcp slither-mcp
Use in Cursor
Make sure uvx is on your Cursor path using sudo ln -s ~/.local/bin/uvx /usr/local/bin/uvx
In your ~/.cursor/mcp.json:
{
"mcpServers": {
"slither-mcp": {
"command": "uvx --from git+https://github.com/trailofbits/slither-mcp slither-mcp",
}
}
}
Metrics and Privacy
Slither MCP includes opt-out metrics to help improve reliability by letting us know how often LLMs use each tool and their successful call rate. Metrics are enabled by default but can be permanently disabled.
What We Collect
- Tool call events (which tools are used)
- Success/failure status
We do not collect: tool call parameters, contract details, function names, or any project-specific information.
Disabling Metrics
To permanently opt out:
uv run slither-mcp --disable-metrics
For complete details, see METRICS.md.
MCP Tools
The server exposes tools for querying contract and function information. All tools accept a path parameter that specifies the Solidity project directory to analyze.
Query Tools
1. list_contracts - List contracts with filters
Requires: path (project directory)
Filter contracts by type (concrete, abstract, interface, library) or path pattern.
2. get_contract - Get detailed contract information
Retrieve full contract metadata including functions, inheritance, and flags.
3. get_contract_source - Get contract source code
Returns the complete source code of the Solidity file containing the specified contract.
4. get_function_source - Get function source code
Returns the source code for a specific function with line numbers. Useful for focused analysis.
5. list_functions - List functions with filters
Filter functions by contract, visibility, or modifiers.
6. function_callees - Get function call relationships
Returns internal, external, and library callees for a function, including low-level call detection.
7. function_callers - Get functions that call a target function
Returns all functions that call the specified target function, grouped by call type (internal, external, library). This is the inverse of function_callees.
8. get_inherited_contracts - Get contract inheritance
Returns a recursive tree of all contracts that a contract inherits from (parents and ancestors).
9. get_derived_contracts - Get contracts that inherit from this one
Returns a recursive tree of all contracts that inherit from a contract (children and descendants).
10. list_function_implementations - Find function implementations
Find all implementations of a function signature across contracts.
11. list_detectors - List available Slither detectors
Returns metadata about Slither detectors including names, descriptions, impact levels, and confidence ratings. Supports filtering by name or description.
12. run_detectors - Get detector results with filtering
Returns cached detector results. Filter by detector names, impact level (High, Medium, Low, Informational), or confidence level (High, Medium, Low).
All tools return responses with a success boolean and either data fields or an error_message. See individual tool implementations in slither_mcp/tools/ for detailed schemas and usage.
Client Usage
The slither-mcp package includes a typed Python client (SlitherMCPClient) for programmatically interacting with the Slither MCP server. This is useful for building tools, scripts, or agents that need to query Solidity projects.
The client provides:
- Type-safe methods for all MCP tools
- Automatic serialization/deserialization of Pydantic models
- Helper methods for common patterns
- Tool wrappers for pydantic-ai agent integration
For detailed usage examples and documentation, see CLIENT_USAGE.md.
Requirements
- Python 3.11+
- Solidity compiler setup (Foundry, Hardhat, or similar)
- Slither and its dependencies
Development
Pre-commit Hooks
Install pre-commit hooks to run linting before commits:
pre-commit install
Running Tests
uv run pytest
Installing Slither Server
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/trailofbits/slither-mcpFAQ
Is Slither Server MCP free?
Yes, Slither Server MCP is free — one-click install via Unyly at no cost.
Does Slither Server need an API key?
No, Slither Server runs without API keys or environment variables.
Is Slither Server hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Slither Server in Claude Desktop, Claude Code or Cursor?
Open Slither Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Slither Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
