slither

The Slither MCP Server provides static analysis capabilities for Solidity projects by wrapping Slither’s analysis functionality as MCP tools. It exposes tools to query contract metadata, function details, inheritances, call relationships, and to run Slither detectors. All tools accept a path to a Solidity project (e.g., Foundry or Hardhat projects) and cache results to speed up repeated queries. You can use the server to retrieve rich metadata such as contract types (abstract, interface, library), function signatures, visibility, and relationships between contracts, as well as security and quality detector results.

To get started, run the Slither MCP server with the MCP runtime. Once the server is up, you can call tools such as list_contracts, get_contract, list_functions, function_callees, function_callers, get_inherited_contracts, get_derived_contracts, list_function_implementations, list_detectors, and run_detectors. Each tool returns a standardized response with a success flag and relevant data, enabling integration with clients, editors, or automation workflows. The server also provides a typed Python client (SlitherMCPClient) for convenient, type-safe access to all tools.

Prerequisites:

• Python 3.11+ (recommended)
• uv (UV) package manager installed (e.g., via your Python environment)
• Git or a method to fetch the repository

Installation steps (from project root):

1. Create and activate a Python environment (optional but recommended):

   • python -m venv env
   • source env/bin/activate # on Unix or macOS
   • .\env\Scripts\activate # on Windows

2. Install UV and project in editable/development mode (as per the project README):

   • uv sync
   • uv pip install -e .

3. Run the MCP server (from the project root):

   • uv run slither-mcp

4. (Optional) Run tests to verify installation:

   • uv run pytest

Notes:

• The server caches analysis results under <path>/artifacts/project_facts.json to speed up repeated analyses.
• If you are integrating with Claude Code or Cursor, you can follow the usage examples in the README to wire up the MCP server with the appropriate transport and tooling.

Tips and common considerations:

• Metrics: Slither MCP collects opt-out metrics by default. You can disable metrics by running the server with --disable-metrics.
• Caching: Ensure your Solidity project is properly configured so that Slither can locate dependencies; results are cached to speed up subsequent queries.
• Detector usage: Use list_detectors to discover available detectors and run_detectors to fetch results with filters for detector names, impact levels, and confidence.
• Environment: If running in restricted environments, ensure the UV runtime has permission to read your project directory and write to the artifacts cache path.
• Client usage: The included SlitherMCPClient provides typed access to all tools, simplifying integration with agents and automation scripts.