← Back to Skills Marketplace
631
Downloads
0
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install slither-audit
Description
Run slither static analysis on Solidity contracts. Fast, lightweight security scanner for EVM smart contracts.
Usage Guidance
This skill appears to do what it claims: run Slither on local Solidity sources and produce a report. Before installing/using it: (1) install the Slither CLI (SKILL.md suggests 'pip install slither-analyzer') from a trusted source and confirm the correct package name and version; (2) be aware the script invokes the 'slither' subprocess on files you provide — running analysis on untrusted code carries the usual risks of executing third-party tools; (3) the skill's metadata does not declare the required 'slither' binary, so ensure the binary is available on PATH; (4) review the pip package and Slither project's repository for reputation and updates. If you need an explicit install in a controlled environment, prefer installing Slither in a virtualenv or sandbox before running this skill.
Capability Analysis
Type: OpenClaw Skill
Name: slither-audit
Version: 0.4.0
The `slither-audit.py` script executes the `slither` command using `subprocess.run` with a user-provided `contract_path`. While `subprocess.run` with a list of arguments mitigates direct shell injection, passing user-controlled input directly to an external command introduces a potential command/argument injection vulnerability, which could lead to Remote Code Execution (RCE) if the `slither` tool or the underlying system is exploitable. This is a significant vulnerability, but there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or explicit harmful instructions), thus classifying it as 'suspicious' rather than 'malicious'.
Capability Assessment
Purpose & Capability
The name/description (Slither static analysis) matches the included script and prompts. Minor inconsistency: the skill metadata lists no required binaries, but both SKILL.md and slither-audit.py expect a local 'slither' CLI to be installed (SKILL.md suggests 'pip install slither-analyzer'). This is expected for the stated purpose but the binary requirement is not declared in the metadata.
Instruction Scope
SKILL.md and detect.md clearly limit operations to local Solidity files and local analysis. The Python script only validates that the target path exists and runs the Slither binary; it does not read or transmit other system files, environment variables, or external endpoints. detect.md is an analysis prompt and does not introduce network calls.
Install Mechanism
There is no formal install spec in the registry (instruction-only). SKILL.md instructs the user to run 'pip install slither-analyzer' and then run the included script. That is a normal, low-risk approach but means installation of third-party packages happens outside the skill's manifest; users should verify the pip package source and version before installing.
Credentials
The skill requests no environment variables, credentials, or config paths. The script does not access secrets or unrelated environment state. The lack of credential requests is proportionate to a local static-analysis tool.
Persistence & Privilege
The skill does not request always: true, does not modify other skill configs, and has no persistent agent privileges. It runs only when invoked and performs local analysis.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install slither-audit - After installation, invoke the skill by name or use
/slither-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.0
- Updated slither-audit.py with new features or improvements.
- No changes to documentation or requirements.
- Maintains focus on running Slither static analysis on local Solidity contracts.
v0.3.0
- Clarified and shortened the documentation for easier reading.
- Updated feature list and limitations for accuracy.
- Improved instructions with concise quick start and usage examples.
- Removed deprecated/incomplete options and streamlined descriptions.
- Added evmbench reference for AI-powered analysis.
v0.2.0
- Removed Etherscan API and AI-powered analysis support; now audits only local Solidity files.
- Environment variables and API keys are no longer required.
- Updated documentation to clarify current capabilities (static analysis of local contracts with Slither) and removed references to external chain or AI features.
- Usage instructions simplified to focus on local runs via slither-analyzer.
- Clarified limitations due to Etherscan V1 deprecation and removed all remote contract loading functionality.
v0.1.0
Initial release of slither-audit v0.1.0:
- Enables static security scanning for Solidity/EVM contracts using Slither.
- Supports fetching source from Etherscan or analyzing local files.
- Optional AI-powered audit for logic vulnerability detection.
- Outputs report in JSON or Markdown format.
- Provides command-line interface for fast, lightweight auditing.
- Supports multiple EVM chains and custom environment variable configuration.
Metadata
Frequently Asked Questions
What is Slither Audit?
Run slither static analysis on Solidity contracts. Fast, lightweight security scanner for EVM smart contracts. It is an AI Agent Skill for Claude Code / OpenClaw, with 631 downloads so far.
How do I install Slither Audit?
Run "/install slither-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Slither Audit free?
Yes, Slither Audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Slither Audit support?
Slither Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Slither Audit?
It is built and maintained by aviclaw (@aviclaw); the current version is v0.4.0.
More Skills