solidit-mcp-server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@solidit-mcp-serverSearch for reentrancy vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
solidit-mcp-server
Give AI assistants instant access to Solodit's 49,000+ blockchain vulnerability database.
An MCP server that connects Claude (and other MCP clients) to the Solodit audit findings API -- search vulnerabilities, browse recent discoveries, and look up specific findings directly from your AI workflow.
Runs via npx solidit-mcp-server with zero global installation required.
Quick Start
Get an API key at solodit.cyfrin.io (Profile > API Keys)
Add the MCP config (see Claude Code or Claude Desktop below)
Start using it -- ask Claude something like:
"Search for reentrancy vulnerabilities in DeFi protocols"
Related MCP server: Elytra Security MCP Server
Claude Code
Add to your .mcp.json (project-level) or ~/.claude/mcp.json (global):
{
"mcpServers": {
"solodit": {
"command": "npx",
"args": ["-y", "solidit-mcp-server"],
"env": { "SOLODIT_API_KEY": "your-api-key-here" }
}
}
}Claude Desktop
Add to your Claude Desktop config file:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"solodit": {
"command": "npx",
"args": ["-y", "solidit-mcp-server"],
"env": { "SOLODIT_API_KEY": "your-api-key-here" }
}
}
}Docker
Build and run locally:
docker build -t solidit-mcp-server .
docker run -i -e SOLODIT_API_KEY=your-api-key-here solidit-mcp-serverOr use docker-compose with a .env file:
# .env
SOLODIT_API_KEY=your-api-key-heredocker compose upTools
search_findings
Full-featured search across Solodit's database with 14+ filters. All parameters are optional -- a bare call returns recent findings.
Parameter | Type | Description |
| string | Free-text search across titles and content |
| string[] | Severity filter: |
| string[] | Vulnerability type: |
| string[] | Audit firm: |
| string[] | Protocol type: |
| string[] | Language: |
| string | Protocol name (partial match) |
| string | Auditor handle (partial match) |
| number | Minimum quality score (0-5) |
| number | Minimum rarity score (0-5) |
| string | Preset: |
| string | Custom date cutoff (ISO format, e.g. |
| string |
|
| string |
|
| number | Page number (default: 1) |
| number | Results per page (default: 20, max: 100) |
| number | Content preview length (default: 500, max: 5000) |
Example: "Find high-impact reentrancy findings in DeFi protocols audited by Cyfrin"
get_finding_detail
Retrieve the full content and metadata of a single finding by ID or slug. Use after seeing a result in search_findings to get the complete writeup.
Parameter | Type | Description |
| string | The finding ID (UUID) or slug from search results or Solodit URLs |
Example: "Get the full details of finding abc-123-def"
search_by_tag
Search by vulnerability tags, sorted by quality score (best examples first). Ideal for finding high-quality writeups about a specific vulnerability class.
Parameter | Type | Description |
| string[] | Required. One or more vulnerability tags |
| string[] | Severity filter: |
| string[] | Language filter |
| string[] | Protocol category filter |
| number | Page number (default: 1) |
| number | Results per page (default: 10, max: 100) |
Example: "Find the best oracle manipulation examples in Solidity"
recent_findings
Browse the latest findings from the last N days, sorted by recency (newest first).
Parameter | Type | Description |
| number | Days to look back (default: 30) |
| string[] | Severity filter: |
| string[] | Language filter |
| string[] | Protocol category filter |
| number | Page number (default: 1) |
| number | Results per page (default: 10, max: 100) |
Example: "Show me high-impact findings from the last 7 days"
API Key
This server requires a Solodit API key. Get yours at solodit.cyfrin.io under Profile > API Keys.
The key is passed via the SOLODIT_API_KEY environment variable in your MCP configuration (see setup sections above).
License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/HBlackfoxx/solidit-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server