Expert integration with Slither static analyzer for smart contract vulnerability detection, code quality analysis, and security reporting. Supports all Slither detectors and custom analysis configurations.
Analyzes Solidity smart contracts for security vulnerabilities using the Slither static analysis framework.
npx claudepluginhub a5c-ai/babysitterThis skill is limited to using the following tools:
README.mdExpert-level integration with Slither, the leading static analysis framework for Solidity smart contracts.
# Install via pip
pip install slither-analyzer
# Or via pipx for isolation
pipx install slither-analyzer
# Verify installation
slither --version
# Analyze single file
slither Contract.sol
# Analyze Foundry project
slither . --foundry-compile-all
# Analyze Hardhat project
slither . --hardhat-compile-all
# Human readable (default)
slither .
# JSON output for processing
slither . --json output.json
# Markdown report
slither . --checklist
# SARIF for CI integration
slither . --sarif output.sarif
| Detector | Description |
|---|---|
reentrancy-eth | Reentrancy with ETH transfer |
reentrancy-no-eth | Reentrancy without ETH |
arbitrary-send-eth | Arbitrary ETH send |
controlled-delegatecall | Controlled delegatecall |
suicidal | Functions allowing anyone to destruct |
uninitialized-storage | Uninitialized storage variables |
| Detector | Description |
|---|---|
reentrancy-benign | Benign reentrancy |
incorrect-equality | Dangerous strict equality |
locked-ether | Contracts that lock ether |
missing-zero-check | Missing zero address validation |
unchecked-transfer | Unchecked token transfers |
| Detector | Description |
|---|---|
naming-convention | Naming convention violations |
external-function | Functions that could be external |
constable-states | State variables that could be constant |
immutable-states | State variables that could be immutable |
{
"detectors_to_run": "all",
"exclude_informational": false,
"exclude_low": false,
"exclude_medium": false,
"exclude_high": false,
"exclude_optimization": false,
"fail_on": "high,medium",
"filter_paths": [
"node_modules",
"lib",
"test"
],
"exclude_dependencies": true,
"legacy_ast": false
}
# Run specific detectors
slither . --detect reentrancy-eth,uninitialized-storage
# Exclude detectors
slither . --exclude naming-convention,external-function
# Filter by severity
slither . --exclude-informational --exclude-low
# Exclude specific paths
slither . --filter-paths "test|lib|node_modules"
# Generate call graph
slither . --print call-graph
# Generate inheritance graph
slither . --print inheritance-graph
# Generate contract summary
slither . --print contract-summary
# Print function summaries
slither . --print function-summary
# Print variable order (storage layout)
slither . --print variable-order
# Print data dependency
slither . --print data-dependency
# custom_detector.py
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
class MyCustomDetector(AbstractDetector):
ARGUMENT = "my-detector"
HELP = "Detect my custom issue"
IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.HIGH
WIKI = "https://example.com/my-detector"
WIKI_TITLE = "My Custom Detector"
WIKI_DESCRIPTION = "Detects..."
WIKI_EXPLOIT_SCENARIO = "..."
WIKI_RECOMMENDATION = "..."
def _detect(self):
results = []
for contract in self.compilation_unit.contracts_derived:
for function in contract.functions:
# Detection logic
if self._has_issue(function):
info = [function, " has an issue\n"]
results.append(self.generate_result(info))
return results
name: Slither Analysis
on: [push, pull_request]
jobs:
slither:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Install Slither
run: pip install slither-analyzer
- name: Run Slither
run: slither . --foundry-compile-all --fail-on high --sarif results.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
{
"success": true,
"error": null,
"results": {
"detectors": [
{
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium",
"description": "Reentrancy in Contract.withdraw()...",
"elements": [...],
"first_markdown_element": "...",
"id": "abc123"
}
]
}
}
| Process | Purpose |
|---|---|
smart-contract-security-audit.js | Primary security analysis |
smart-contract-development-lifecycle.js | Development validation |
formal-verification.js | Pre-verification checks |
| Tool | Purpose |
|---|---|
| Slither | Core static analyzer |
| crytic-compile | Compilation framework |
| slither-doctor | Configuration debugger |
--triage-database to track false positivesskills/mythril-symbolic/SKILL.md - Symbolic execution analysisskills/echidna-fuzzer/SKILL.md - Property-based fuzzingagents/solidity-auditor/AGENT.md - Security auditor agentActivates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.