slither-analysis
Expert integration with Slither static analyzer for smart contract vulnerability detection, code quality analysis, and security reporting. Supports all Slither detectors and custom analysis configurations.
Best use case
slither-analysis is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Expert integration with Slither static analyzer for smart contract vulnerability detection, code quality analysis, and security reporting. Supports all Slither detectors and custom analysis configurations.
Teams using slither-analysis should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/slither-analysis/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How slither-analysis Compares
| Feature / Agent | slither-analysis | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Expert integration with Slither static analyzer for smart contract vulnerability detection, code quality analysis, and security reporting. Supports all Slither detectors and custom analysis configurations.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Slither Static Analysis Skill
Expert-level integration with Slither, the leading static analysis framework for Solidity smart contracts.
## Capabilities
- **Full Detector Suite**: Execute Slither with all built-in detectors
- **Custom Configurations**: Configure analysis parameters and exclusions
- **Severity Classification**: Interpret and classify finding severity
- **False Positive Filtering**: Context-aware false positive identification
- **Visual Analysis**: Generate call graphs and inheritance diagrams
- **Custom Detectors**: Run and develop custom Slither detectors
- **Reporting**: Produce comprehensive security reports
## Installation
```bash
# Install via pip
pip install slither-analyzer
# Or via pipx for isolation
pipx install slither-analyzer
# Verify installation
slither --version
```
## Basic Usage
### Run Analysis
```bash
# Analyze single file
slither Contract.sol
# Analyze Foundry project
slither . --foundry-compile-all
# Analyze Hardhat project
slither . --hardhat-compile-all
```
### Output Formats
```bash
# Human readable (default)
slither .
# JSON output for processing
slither . --json output.json
# Markdown report
slither . --checklist
# SARIF for CI integration
slither . --sarif output.sarif
```
## Detector Categories
### High Severity Detectors
| Detector | Description |
|----------|-------------|
| `reentrancy-eth` | Reentrancy with ETH transfer |
| `reentrancy-no-eth` | Reentrancy without ETH |
| `arbitrary-send-eth` | Arbitrary ETH send |
| `controlled-delegatecall` | Controlled delegatecall |
| `suicidal` | Functions allowing anyone to destruct |
| `uninitialized-storage` | Uninitialized storage variables |
### Medium Severity Detectors
| Detector | Description |
|----------|-------------|
| `reentrancy-benign` | Benign reentrancy |
| `incorrect-equality` | Dangerous strict equality |
| `locked-ether` | Contracts that lock ether |
| `missing-zero-check` | Missing zero address validation |
| `unchecked-transfer` | Unchecked token transfers |
### Low Severity Detectors
| Detector | Description |
|----------|-------------|
| `naming-convention` | Naming convention violations |
| `external-function` | Functions that could be external |
| `constable-states` | State variables that could be constant |
| `immutable-states` | State variables that could be immutable |
## Configuration
### slither.config.json
```json
{
"detectors_to_run": "all",
"exclude_informational": false,
"exclude_low": false,
"exclude_medium": false,
"exclude_high": false,
"exclude_optimization": false,
"fail_on": "high,medium",
"filter_paths": [
"node_modules",
"lib",
"test"
],
"exclude_dependencies": true,
"legacy_ast": false
}
```
### CLI Configuration
```bash
# Run specific detectors
slither . --detect reentrancy-eth,uninitialized-storage
# Exclude detectors
slither . --exclude naming-convention,external-function
# Filter by severity
slither . --exclude-informational --exclude-low
# Exclude specific paths
slither . --filter-paths "test|lib|node_modules"
```
## Advanced Features
### Call Graph Generation
```bash
# Generate call graph
slither . --print call-graph
# Generate inheritance graph
slither . --print inheritance-graph
# Generate contract summary
slither . --print contract-summary
```
### Function Analysis
```bash
# Print function summaries
slither . --print function-summary
# Print variable order (storage layout)
slither . --print variable-order
# Print data dependency
slither . --print data-dependency
```
### Custom Detectors
```python
# custom_detector.py
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
class MyCustomDetector(AbstractDetector):
ARGUMENT = "my-detector"
HELP = "Detect my custom issue"
IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.HIGH
WIKI = "https://example.com/my-detector"
WIKI_TITLE = "My Custom Detector"
WIKI_DESCRIPTION = "Detects..."
WIKI_EXPLOIT_SCENARIO = "..."
WIKI_RECOMMENDATION = "..."
def _detect(self):
results = []
for contract in self.compilation_unit.contracts_derived:
for function in contract.functions:
# Detection logic
if self._has_issue(function):
info = [function, " has an issue\n"]
results.append(self.generate_result(info))
return results
```
## CI/CD Integration
### GitHub Actions
```yaml
name: Slither Analysis
on: [push, pull_request]
jobs:
slither:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Install Slither
run: pip install slither-analyzer
- name: Run Slither
run: slither . --foundry-compile-all --fail-on high --sarif results.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
```
## Interpreting Results
### Result Structure
```json
{
"success": true,
"error": null,
"results": {
"detectors": [
{
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium",
"description": "Reentrancy in Contract.withdraw()...",
"elements": [...],
"first_markdown_element": "...",
"id": "abc123"
}
]
}
}
```
### Triage Workflow
1. **High/Medium Impact** - Investigate immediately
2. **Check Confidence Level** - High confidence = likely real issue
3. **Review Code Context** - Understand the actual flow
4. **Verify with Tests** - Write tests to confirm behavior
5. **Document Decisions** - Mark false positives with rationale
## Process Integration
| Process | Purpose |
|---------|---------|
| `smart-contract-security-audit.js` | Primary security analysis |
| `smart-contract-development-lifecycle.js` | Development validation |
| `formal-verification.js` | Pre-verification checks |
## Tools Reference
| Tool | Purpose |
|------|---------|
| **Slither** | Core static analyzer |
| **crytic-compile** | Compilation framework |
| **slither-doctor** | Configuration debugger |
## Best Practices
- Run Slither on every commit in CI
- Configure appropriate exclusions to reduce noise
- Review all high/medium findings manually
- Write custom detectors for project-specific patterns
- Use `--triage-database` to track false positives
## See Also
- `skills/mythril-symbolic/SKILL.md` - Symbolic execution analysis
- `skills/echidna-fuzzer/SKILL.md` - Property-based fuzzing
- `agents/solidity-auditor/AGENT.md` - Security auditor agent
- [Slither Documentation](https://github.com/crytic/slither)Related Skills
heatmap-analysis
Analyze user interaction heatmaps for attention patterns and click behavior
static-analysis-runner
Run static analysis tools including SonarQube, ESLint, and multi-language linters
Static Analysis Tools Skill
Integration with security-focused static analysis tools
Smart Contract Analysis Skill
Ethereum and blockchain smart contract security analysis
Network Protocol Analysis Skill
Network protocol capture, analysis, and fuzzing capabilities
Code Coverage Analysis
Multi-language code coverage analysis, reporting, and quality gate enforcement
memlab-analysis
Expert skill for JavaScript memory leak detection using Facebook MemLab. Configure MemLab scenarios, execute memory leak detection runs, analyze heap snapshots, identify detached DOM elements, find event listener leaks, and integrate with CI pipelines.
gpu-memory-analysis
Specialized skill for GPU memory hierarchy analysis and optimization. Analyze memory access patterns, detect bank conflicts, optimize cache utilization, profile global memory bandwidth, and generate optimized memory access code patterns.
power-analysis
FPGA power estimation and optimization skill for low-power design
cdc-analysis
Specialized skill for clock domain crossing analysis and synchronizer design in FPGA designs
misra-c-analysis
MISRA C compliance checking and static analysis integration
memory-analysis
Embedded memory analysis, optimization, and leak detection