solidity-agent-toolkit
Advanced tools
MCP server providing Solidity smart contract security analysis tools, OWASP knowledge base, and development utilities for AI agents
MCP server + LSP server + Agent Skills providing Solidity smart contract security analysis tools, OWASP knowledge base, and development utilities for AI agents.
Built on Model Context Protocol and Language Server Protocol — works with Claude Desktop, Cursor, opencode, VSCode, IntelliJ, Neovim, and any MCP/LSP-compatible client.
# Run MCP server (no install needed)
npx solidity-agent-toolkit
# Install Agent Skills for AI coding agents
npx skills add whackur/solidity-agent-toolkit
{
"mcpServers": {
"solidity-agent-toolkit": {
"command": "npx",
"args": ["-y", "solidity-agent-toolkit@latest"]
}
}
}
See MCP Setup for client-specific instructions.
git clone --recurse-submodules https://github.com/whackur/solidity-agent-toolkit.git
# If already cloned without submodules
git submodule update --init
# Update submodule to latest remote commit
git submodule update --remote
10 MCP Tools — Security scanning (Slither, Aderyn, Solhint), AST-based vulnerability detection with regex fallback (22 SCWE IDs), OWASP SCWE knowledge search, contract structural analysis (adversarial, proxy safety, ERC compliance, access control, dependencies), compilation & inspection (Foundry), test runner, gas analysis, deployment simulation, code quality (NatSpec, style guide, formatting)
12 MCP Resources — OWASP Smart Contract Top 10, SCWE vulnerability database (156 entries), ERC standard interfaces, adversarial scenarios, Slither detectors, Solhint rules
7 MCP Prompts — Security audit, vulnerability fix, code review, best practices, gas optimization, ERC generation, adversarial analysis
LSP Server — Real-time AST + pattern diagnostics, CLI diagnostics on save, OWASP SCWE hover info, remediation code actions
7 Agent Skills — Security best practices, Foundry development, Hardhat development, gas optimization, code review methodology, ERC standards, adversarial analysis
| Document | Description |
|---|---|
| Installation | Install, update, uninstall, version pinning |
| MCP Setup | Claude Desktop, Cursor, opencode, VSCode, IntelliJ |
| LSP Setup | VSCode, IntelliJ, Neovim, Sublime Text |
| API Reference | All tools, resources, and prompts |
| Agent Skills | Skill descriptions and installation |
| Development | Prerequisites, commands, architecture |
All GitHub Issues, PRs (title/description/comments), commit messages, code comments, and documentation must be in English only.
MIT
FAQs
MCP server providing Solidity smart contract security analysis tools, OWASP knowledge base, and development utilities for AI agents
We found that solidity-agent-toolkit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentials and wallets, and enable remote access.
Security News
Microsoft has released an open source toolkit for enforcing runtime security policies on AI agents as adoption accelerates faster than governance controls.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.