Scan EVM Vulnerabilities
evm_scan_vulnerabilitiesScan Solidity smart contracts for security vulnerabilities using Slither static analysis. Returns validated findings with severity, description, and code snippets.
Instructions
Run Slither static analysis on a Solidity contract and return schema-validated vulnerability findings.
Each finding includes the detector name, severity, description, source file, line numbers, and the actual code snippet extracted from the file system.
Args:
contractPath (string): Absolute path to the Solidity file or Foundry project root
severityFilter (string[], optional): Only return findings at these severities ("High" | "Medium" | "Low" | "Informational")
maxFindings (number, optional): Cap the number of findings returned (default: all)
detectors (string[], optional): Run only these Slither detector ids (e.g. ["reentrancy-eth", "arbitrary-send-eth"]) for a focused scan
Returns: JSON object: { "findings": [ { "check": string, // Slither detector id (e.g. "reentrancy-eth") "severity": string, // "High" | "Medium" | "Low" | "Informational" "description": string, // Human-readable explanation "file": string, // Relative path to the source file "lines": number[], // Affected line numbers (1-indexed) "code_snippet": string // Extracted source code from the file } ], "totalFindings": number, // Total before truncation/capping "truncated": boolean // true if findings were dropped to fit the response limit }
Examples:
"Audit src/Vault.sol for reentrancy" → contractPath = "/path/to/src/Vault.sol"
"Run security scan on my Foundry project" → contractPath = "/path/to/project"
"Only high-severity issues" → severityFilter = ["High"]
Do NOT use for gas analysis (use evm_analyze_gas_profile instead)
Error Handling:
Returns isError=true if the path does not exist or Slither is not installed/crashes
Returns empty findings array if no vulnerabilities found
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| detectors | No | Run only these Slither detector ids | |
| maxFindings | No | Cap the number of findings returned | |
| contractPath | Yes | Absolute path to the Solidity file or Foundry project root | |
| severityFilter | No | Only return findings at these severities |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| findings | Yes | ||
| truncated | Yes | ||
| totalFindings | Yes |