evm-agent-toolkit
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| evm_scan_vulnerabilitiesA | Run Slither static analysis on a Solidity contract and return schema-validated vulnerability findings. Each finding includes the detector name, severity, description, source file, line numbers, and the actual code snippet extracted from the file system. Args:
Returns: JSON object: { "findings": [ { "check": string, // Slither detector id (e.g. "reentrancy-eth") "severity": string, // "High" | "Medium" | "Low" | "Informational" "description": string, // Human-readable explanation "file": string, // Relative path to the source file "lines": number[], // Affected line numbers (1-indexed) "code_snippet": string // Extracted source code from the file } ], "totalFindings": number, // Total before truncation/capping "truncated": boolean // true if findings were dropped to fit the response limit } Examples:
Error Handling:
|
| evm_analyze_gas_profileA | Run forge test --gas-report and return structured gas consumption data per contract and function. Args:
Returns: JSON object: { "contracts": [ { "name": string, // e.g. "src/Token.sol:Token" "deploymentCost": number, // Gas used for deployment "deploymentSize": number, // Bytecode size in bytes "functions": [ { "name": string, // Function name "min": number, // Minimum gas "avg": number, // Average gas "median": number, // Median gas "max": number, // Maximum gas "calls": number // Number of calls in tests } ] } ] } Examples:
Error Handling:
|
| evm_compile_and_diagnoseA | Run forge build and return structured compiler diagnostics. If compilation succeeds, returns { "success": true, "diagnostics": [] }. If compilation fails, parses the error output into a JSON array of diagnostics. Args:
Returns: { "success": boolean, // true if the project compiled cleanly "diagnostics": [ { "file": string, // e.g. "src/Token.sol" "line": number, // Line number (1-indexed) "column": number, // Column number (1-indexed) "message": string, // Compiler error message "snippet": string // Code snippet around the error } ] } Examples:
Error Handling:
|
| evm_simulate_transactionA | Execute a read-only call against an EVM node using Foundry cast and return decoded results or revert reasons. This tool does NOT submit a real transaction; it simulates via eth_call. Args:
Returns: { "success": boolean, "returnData": string, // Hex-encoded return data (on success) "revertReason": string, // Decoded revert string (on failure) "error": string // Raw error message (on execution failure) } Examples:
Error Handling:
|
| evm_inspect_storage_layoutA | Run forge inspect storage-layout and return the resolved storage slot assignment for every state variable. Essential for proxy-upgrade safety checks (storage-layout collisions) and storage-packing gas analysis. Args:
Returns: JSON object: { "entries": [ { "label": string, // State variable name "slot": number, // Storage slot index "offset": number, // Byte offset within the slot "type": string, // Human-readable type (e.g. "address", "mapping(address => uint256)") "bytes": number // Size of the variable in bytes } ] } Examples:
Error Handling:
|
| evm_trace_callA | Execute a read-only call with cast call --trace and return the structured call tree: every internal call, its gas cost, call type, return values, emitted events, and revert frames. Use this to verify exploit reachability, inspect cross-contract call flows, or debug unexpected reverts. This tool does NOT submit a real transaction. Args:
Returns: JSON object: { "reverted": boolean, // true if any frame reverted "gasUsed": number, // Total gas used (when reported) "events": [ { "depth": number, // Nesting depth in the call tree (0 = top frame) "kind": string, // "call" | "return" | "stop" | "revert" | "emit" "gas": number, // Gas for call frames "target": string, // Callee address or label "call": string, // Function + arguments "callType": string, // "staticcall" | "delegatecall" | undefined (regular call) "value": string // Return data, revert reason, or event payload } ] } Examples:
Error Handling:
|
| evm_decode_calldataA | Decode hex calldata into a function signature and typed argument values using Foundry cast. If you know the function signature, pass it for a fully offline, deterministic decode (cast calldata-decode). Without a signature, the 4-byte selector is resolved via the openchain.xyz signature database (cast 4byte-decode) — requires network access. Args:
Returns: JSON object: { "success": boolean, "signature": string, // Resolved or provided function signature "values": string[] // Decoded argument values, one per parameter } Examples:
Error Handling:
|
| evm_run_testsA | Run forge test and return structured per-suite, per-test results — including fuzz runs and the exact counterexample calldata for failing fuzz/invariant tests. Use this to verify behavior equivalence after a rewrite, run invariant suites, or drive a Generate-Repair-Execute proof-of-concept loop. Args:
Returns: JSON object: { "allPassed": boolean, "totalPassed": number, "totalFailed": number, "totalSkipped": number, "suites": [ { "name": string, // e.g. "test/Vault.t.sol:VaultTest" "passed": number, "failed": number, "skipped": number, "tests": [ { "name": string, // e.g. "testFuzz_withdraw(uint256)" "status": string, // "pass" | "fail" | "skip" "reason": string, // Failure reason (on fail) "counterexample": string, // Fuzz counterexample calldata + args (on fuzz fail) "gas": number, // Gas for unit tests "fuzzRuns": number, // Runs for fuzz/invariant tests "medianGas": number // Median gas for fuzz tests } ] } ] } Examples:
Error Handling:
|
| evm_toolchain_versionsA | Report which host toolchain binaries (slither, forge, cast) are installed and their exact versions. Call this once before an analysis session to (a) verify prerequisites and (b) record versions so findings are reproducible — Slither detector sets and forge gas accounting change between releases. Args: none Returns: JSON object: { "tools": [ { "tool": string, // "slither" | "forge" | "cast" "installed": boolean, "version": string // First line of --version output (when installed) } ] } Error Handling:
|
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| audit_contract | Severity-rated security audit of a Solidity contract following the vulnerability-scanning workflow (pattern seek → confirm reachability → report). Uses evm_scan_vulnerabilities, evm_trace_call, and evm_inspect_storage_layout. |
| optimize_gas | Measured gas-optimization pass following the gas-optimization workflow (one rewrite at a time, security + equivalence + measurement proofs). Uses evm_analyze_gas_profile, evm_scan_vulnerabilities, and evm_inspect_storage_layout. |
| analyze_arbitrage | Quantify a DeFi price dislocation net of fees, gas, slippage, and bribes following the arbitrage-analysis workflow. Analysis only — no trade execution. Uses evm_simulate_transaction, evm_trace_call, and evm_decode_calldata. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| vulnerabilities | EVM Security Vulnerability Patterns — reentrancy, access control, integer overflow, and more |
| gas_optimizations | EVM Gas Optimization Patterns — storage packing, calldata vs memory, unchecked math |
| arbitrage_patterns | EVM Arbitrage Strategies — AMM math, sandwich detection, flash-loan routes |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/0xendale/evm-agent-toolkit'
If you have feedback or need assistance with the MCP directory API, please join our Discord server