MCP Smart Contract Analyst

analyze-unverified-contract

Analyze unverified smart contracts on Monad testnet to understand functionality and security through decompilation.

Instructions

Analyze a unverified contract from an address on the Monad testnet.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`address`	Yes	Monad testnet address to analyze unverified contract for

Implementation Reference

src/index.ts:109-166 (handler)

Handler function that retrieves bytecode from Monad testnet, decompiles it using an external service, extracts Solidity-like source code from HTML, and formats it for analysis including functionality, logic, and security.

async ({ address }) => {
  try {
    const bytecode = await publicClient.getCode({
      address: address as `0x${string}`,
    })

    console.debug("contract bytecode:", bytecode);

    const decompileUrl = process.env.DECOMPILE_URL;
    if (!decompileUrl) {
      throw new Error("DECOMPILE_URL not set.");
    }

    const formData = new FormData();
    formData.append('bytecode', `${bytecode}`);

    const response = await fetch(decompileUrl, {
      method: 'POST',
      body: formData,
    });

    if (!response.ok) {
      throw new Error(`API request failed with status ${response.status}`);
    }

    const html = await response.text();

    const regex = /<div class="code javascript" style="border: 1px solid gray; padding: 0.5em; white-space: pre; font-family: monospace; line-height: 1.2">([\s\S]*?)<\/div>/;
    const match = html.match(regex);

    if (match) {
      const sourceCodeWithHtml = match[1];
      const sourceCode = sourceCodeWithHtml.replace(/<[^>]*>/g, '');

      return {
        content: [
          {
            type: "text",
            text: `Analyze the decompiled source code of contract ${address}, including its core functionalities, main logic flow, and security aspects:\n\`\`\`\n${sourceCode}\n\`\`\` `,
          },
        ],
      };
    } else {
      throw new Error(`Failed to retrieve source code: ${html}`);
    }
  } catch (error) {
    console.error("Error getting contract bytecode:", error);
    return {
      content: [
        {
          type: "text",
          text: `Failed to retrieve contract bytecode for address: ${address}. Error: ${error instanceof Error ? error.message : String(error)
            }`,
        },
      ],
    };
  }
}

src/index.ts:106-108 (schema)
Zod schema defining the input parameter 'address' as a string for the contract address on Monad testnet.
```
{
  address: z.string().describe("Monad testnet address to analyze unverified contract for"),
},
```

src/index.ts:103-167 (registration)

MCP server tool registration call, specifying name, description, input schema, and inline handler function.

server.tool(
  "analyze-unverified-contract",
  "Analyze a unverified contract from an address on the Monad testnet.",
  {
    address: z.string().describe("Monad testnet address to analyze unverified contract for"),
  },
  async ({ address }) => {
    try {
      const bytecode = await publicClient.getCode({
        address: address as `0x${string}`,
      })

      console.debug("contract bytecode:", bytecode);

      const decompileUrl = process.env.DECOMPILE_URL;
      if (!decompileUrl) {
        throw new Error("DECOMPILE_URL not set.");
      }

      const formData = new FormData();
      formData.append('bytecode', `${bytecode}`);

      const response = await fetch(decompileUrl, {
        method: 'POST',
        body: formData,
      });

      if (!response.ok) {
        throw new Error(`API request failed with status ${response.status}`);
      }

      const html = await response.text();

      const regex = /<div class="code javascript" style="border: 1px solid gray; padding: 0.5em; white-space: pre; font-family: monospace; line-height: 1.2">([\s\S]*?)<\/div>/;
      const match = html.match(regex);

      if (match) {
        const sourceCodeWithHtml = match[1];
        const sourceCode = sourceCodeWithHtml.replace(/<[^>]*>/g, '');

        return {
          content: [
            {
              type: "text",
              text: `Analyze the decompiled source code of contract ${address}, including its core functionalities, main logic flow, and security aspects:\n\`\`\`\n${sourceCode}\n\`\`\` `,
            },
          ],
        };
      } else {
        throw new Error(`Failed to retrieve source code: ${html}`);
      }
    } catch (error) {
      console.error("Error getting contract bytecode:", error);
      return {
        content: [
          {
            type: "text",
            text: `Failed to retrieve contract bytecode for address: ${address}. Error: ${error instanceof Error ? error.message : String(error)
              }`,
          },
        ],
      };
    }
  }
);

src/index.ts:28-28 (registration)
Server initialization declares 'analyze-unverified-contract' as one of the supported capabilities.
```
capabilities: ["analyze-verified-contract", "analyze-unverified-contract"]
```

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It states the action ('analyze') but doesn't describe what analysis entails, whether it's read-only or has side effects, what permissions or authentication might be needed, or any rate limits. For a tool with zero annotation coverage, this is a significant gap in behavioral context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that directly states the tool's purpose without unnecessary words. It's appropriately sized and front-loaded, with zero wasted text, making it easy for an agent to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of contract analysis, lack of annotations, and no output schema, the description is incomplete. It doesn't explain what 'analyze' means in practice, what information is returned, or how to interpret results. For a tool that likely involves technical blockchain operations, this leaves critical gaps for an agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds no parameter-specific information beyond what's already in the schema (which has 100% coverage). It mentions 'address' generally but doesn't elaborate on format, validation, or semantic meaning. With high schema coverage, the baseline is 3, and the description doesn't compensate with additional insights.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('analyze') and target resource ('unverified contract from an address on the Monad testnet'), providing specific verb+resource pairing. However, it doesn't explicitly differentiate from its sibling 'analyze-verified-contract' beyond the 'unverified' qualifier, which is implied but not stated as a distinguishing factor.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. The description mentions 'unverified contract' but doesn't explain what constitutes unverified vs. verified, when to choose this over 'analyze-verified-contract', or any prerequisites for usage. This leaves the agent without contextual decision-making criteria.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/RockYuan/mcp-contract-analyst'

If you have feedback or need assistance with the MCP directory API, please join our Discord server