Symbolic execution analysis using Mythril for deep vulnerability detection in smart contracts. Supports configurable transaction depth, timeout settings, and proof-of-concept exploit generation.
Analyzes smart contracts for security vulnerabilities using symbolic execution and generates proof-of-concept exploits.
npx claudepluginhub a5c-ai/babysitterThis skill is limited to using the following tools:
README.mdDeep vulnerability detection through symbolic execution using Mythril, a security analysis tool for EVM bytecode.
# Install via pip
pip install mythril
# Or use Docker (recommended)
docker pull mythril/myth
# Verify installation
myth version
# Analyze single file
myth analyze Contract.sol
# Analyze with Solidity version
myth analyze Contract.sol --solv 0.8.20
# Analyze specific contract
myth analyze Contract.sol:MyContract
# Analyze deployed contract
myth analyze -a 0x<address> --rpc <rpc_url>
# Analyze bytecode file
myth analyze --bin-runtime contract.bin
# Default depth (2)
myth analyze Contract.sol
# Increased depth for complex interactions
myth analyze Contract.sol --execution-timeout 300 -t 3
# Deep analysis (slow)
myth analyze Contract.sol --execution-timeout 600 -t 4
# Set execution timeout (seconds)
myth analyze Contract.sol --execution-timeout 300
# Set solver timeout
myth analyze Contract.sol --solver-timeout 10000
# Quick scan
myth analyze Contract.sol --execution-timeout 60 -t 2
# Run specific modules
myth analyze Contract.sol --modules ether_thief,suicide
# Available modules
# - ether_thief
# - suicide
# - integer_overflow/underflow
# - delegatecall
# - arbitrary_write
# - state_change_external_call
myth analyze Contract.sol
myth analyze Contract.sol -o json > report.json
myth analyze Contract.sol -o markdown > report.md
myth analyze Contract.sol -o jsonv2 > detailed.json
Mythril detects reentrancy by tracking:
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Low
Contract: Vulnerable
Function name: withdraw()
PC address: 1234
Estimated Gas Usage: 2500 - 10000
Type: Informational
...
==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: Token
Function name: transfer(address,uint256)
PC address: 567
Estimated Gas Usage: 3000 - 5000
A possible integer overflow exists in the function...
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: Vulnerable
Function name: kill()
Any sender can trigger self-destruction...
# Use concrete values where possible
myth analyze Contract.sol --strategy dfs --execution-timeout 300
# Analyze with constraints file
myth analyze Contract.sol --constraints constraints.json
# Limit state explosion
myth analyze Contract.sol --max-depth 30 --call-depth-limit 3
name: Mythril Analysis
on: [push]
jobs:
mythril:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Mythril
uses: docker://mythril/myth
with:
args: analyze /github/workspace/contracts/*.sol --solv 0.8.20
#!/bin/bash
for file in contracts/*.sol; do
myth analyze "$file" --solv 0.8.20 -o json > "reports/$(basename $file .sol).json"
done
| Level | Description | Action |
|---|---|---|
| High | Critical vulnerability | Fix immediately |
| Medium | Potential issue | Investigate |
| Low | Minor concern | Consider fixing |
| Informational | Code quality | Optional fix |
| SWC ID | Name | Description |
|---|---|---|
| SWC-101 | Integer Overflow | Arithmetic overflow |
| SWC-104 | Unchecked Return | Ignored return values |
| SWC-106 | Unprotected Destruct | Accessible selfdestruct |
| SWC-107 | Reentrancy | State change after call |
| SWC-110 | Assert Violation | Reachable assertion |
| SWC-116 | Timestamp Dependence | Block timestamp usage |
| Process | Purpose |
|---|---|
smart-contract-security-audit.js | Deep vulnerability analysis |
smart-contract-fuzzing.js | Complement to fuzzing |
invariant-testing.js | Property verification |
| Tool | Technique | Speed | Depth |
|---|---|---|---|
| Mythril | Symbolic Execution | Slow | Deep |
| Slither | Static Analysis | Fast | Surface |
| Echidna | Fuzzing | Medium | Medium |
| Certora | Formal Verification | Slow | Deepest |
# Increase timeout, reduce depth
myth analyze Contract.sol --execution-timeout 600 -t 2
# Increase solver timeout
myth analyze Contract.sol --solver-timeout 30000
# Specify Solidity version
myth analyze Contract.sol --solv 0.8.20
# Use specific compiler
myth analyze Contract.sol --solc-json solc.json
skills/slither-analysis/SKILL.md - Static analysisskills/echidna-fuzzer/SKILL.md - Property-based fuzzingagents/solidity-auditor/AGENT.md - Security auditorActivates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.