Skip to main content
Glama
trailofbits

Slither MCP Server

Official
by trailofbits

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{
  "tasks": {
    "list": {},
    "cancel": {},
    "requests": {
      "tools": {
        "call": {}
      },
      "prompts": {
        "get": {}
      },
      "resources": {
        "read": {}
      }
    }
  }
}

Tools

Functions exposed to the LLM to take actions

NameDescription
list_contractsA

Lists all contracts in a Solidity project with optional filtering by type and path. Use this when discovering contracts in an unfamiliar codebase, filtering out test/library dependencies, or finding specific contract types like interfaces or abstracts. Returns contract metadata including name, path, type flags (is_abstract, is_interface, is_library), and direct inheritance list. Does not include function details; use get_contract for full contract data. Supports pagination via offset/limit parameters.

get_contractA

Gets detailed metadata for a specific contract including inheritance hierarchy, declared and inherited functions, state variables, and events. Use this when you need complete information about a contract after finding it with list_contracts or search_contracts. Returns the full ContractModel with all relationships. For source code, use get_contract_source instead.

get_contract_sourceA

Retrieves the source code of a contract from the original Solidity file. Use this when you need to read the actual implementation after finding a contract with list_contracts. Returns the source code as a string with optional line range filtering via start_line and max_lines parameters. Only returns the contract's portion of the file; for the full file, read it directly.

get_function_sourceA

Retrieves the source code of a specific function. Use this when you need to read the implementation details after finding a function with list_functions or search_functions. Returns the function body with line numbers. Requires the function's contract_key and full signature to uniquely identify the function.

list_functionsA

Lists functions across the project or filtered by contract, visibility, and modifier usage. Use this when searching for functions with specific characteristics like external entry points, functions with modifiers, or private helpers. Returns function signatures, visibility, modifiers, arguments, and return types. Does not include function source code; use get_function_source for that. Supports pagination and sorting.

get_function_calleesA

Gets all functions called by a specific function (outgoing edges in the call graph). Use this when tracing what a function does internally, finding dependencies, or understanding control flow. Returns categorized callees: internal (same contract), external (other contracts), and library calls, plus a flag for low-level calls (call/delegatecall). Does not recurse; call repeatedly to trace deeper.

get_inherited_contractsA

Gets the inheritance tree of parent contracts (upward traversal). Use this when understanding what a contract inherits, finding the source of inherited functions, or analyzing the inheritance hierarchy. Returns a recursive tree structure with parent contracts and their parents. Set max_depth to limit traversal depth; returns truncated flag if depth exceeded.

get_derived_contractsA

Gets all contracts that inherit from a specific contract (downward traversal). Use this when finding all implementations of a base contract, understanding the impact of changes to a parent, or discovering contract variants. Returns a recursive tree of child contracts. Set max_depth to limit; returns truncated flag if exceeded.

list_function_implementationsA

Finds all contracts that implement a specific function signature. Use this when looking for overrides of a virtual function, finding all implementations of an interface method, or understanding polymorphism in the codebase. Returns contracts with their implementation details. Matches by signature string. Supports pagination.

get_function_callersA

Gets all functions that call a specific function (incoming edges in the call graph). Use this when finding entry points to a function, understanding usage patterns, or assessing impact of changes. Returns categorized callers: internal, external, and library. Useful for dead code detection and refactoring impact analysis.

list_detectorsA

Lists all available Slither security detectors with their metadata. Use this to discover what security checks are available before running analysis, or to filter detectors by name. Returns detector name, description, impact level (High/Medium/Low/Informational), and confidence level. Does not run detection; use run_detectors for that.

run_detectorsA

Gets security findings from Slither's static analysis. Use this to find vulnerabilities, code quality issues, or informational findings in the project. Can filter by specific detectors, impact level, confidence, or exclude paths like tests. Returns findings with descriptions and source locations. Results are cached from initial analysis.

search_contractsA

Searches for contracts by name using regex pattern matching. Use this when you know part of a contract name but not its exact path or when looking for contracts following a naming convention. Returns matching contracts with full metadata. Case-insensitive by default; set case_sensitive=true for exact matching. Supports pagination.

search_functionsA

Searches for functions by name or signature using regex pattern matching. Use this when looking for functions across the codebase by name pattern or parameter types. Can search function names only or full signatures including parameters. Returns matching functions with full metadata. Supports pagination.

get_project_overviewA

Gets aggregate statistics about the entire project including contract counts by type, function counts by visibility, and security findings by impact level. Use this as a starting point when exploring an unfamiliar codebase or generating project summaries. Returns counts and distributions, not detailed data. Use list_contracts and run_detectors for details.

find_dead_codeA

Finds functions with no callers (potential dead code). Use this during code cleanup, auditing for unused code, or understanding code coverage. Can exclude known entry points (external/public functions), test framework functions, and inherited functions. Returns uncalled functions with their metadata. Some functions may be called dynamically and not detected. Supports pagination.

export_call_graphA

Exports the project's function call graph in Mermaid or DOT visualization format. Use this when you need a visual representation of function relationships or for documentation. Can filter to specific contracts or entry points only. Returns a string in the requested format suitable for rendering. May be large for big projects; use max_nodes to limit.

get_contract_dependenciesA

Maps all dependencies for a specific contract including inheritance, external calls, and library usage. Use this when understanding what a contract depends on, finding coupling issues, or detecting circular dependencies. Returns categorized dependencies with optional circular dependency detection.

analyze_state_variablesA

Analyzes state variables across the project or for a specific contract. Use this when auditing storage layout, finding public state, or understanding contract data. Can filter by visibility, include/exclude constants and immutables. Returns variable details including type, visibility, and declaration location. For storage slot layout, use get_storage_layout. Supports pagination.

get_storage_layoutA

Computes the storage slot layout for a contract showing slot numbers, byte offsets, and variable sizes. Use this for upgrade safety analysis, storage collision detection, or understanding how variables are packed. Returns ordered slot assignments following Solidity's packing rules. Excludes constants and immutables (not in storage). Can include or exclude inherited storage. Supports pagination.

analyze_eventsA

Analyzes event definitions across the project or for a specific contract. Use this when understanding what events a contract emits, finding indexed parameters, or auditing logging. Returns event names, parameters with types and indexed flags, and source locations. Does not find event emissions; search source code for that. Supports pagination.

analyze_modifiersA

Analyzes custom modifier definitions and their usage across functions. Use this when auditing access control patterns, finding modifier implementations, or understanding function guards. Returns modifier definitions with their source and a list of functions that use each modifier. Supports pagination.

analyze_low_level_callsA

Finds all functions using low-level calls (call, delegatecall, staticcall, or assembly). Use this for security auditing since low-level calls bypass Solidity's type safety and can introduce vulnerabilities. Returns functions grouped by call type with source locations. Critical for reentrancy and proxy pattern analysis. Supports pagination.

Prompts

Interactive templates invoked by user choice

NameDescription
slither_guideGet guidance on using Slither MCP tools effectively.

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/trailofbits/slither-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server