← 返回 Skills 市场

Slither Audit

Name: Slither Audit
Author: aviclaw

作者 aviclaw · GitHub ↗ · v0.4.0

cross-platform ⚠ suspicious

631

总下载

当前安装

版本数

在 OpenClaw 中安装

/install slither-audit

功能描述

Run slither static analysis on Solidity contracts. Fast, lightweight security scanner for EVM smart contracts.

安全使用建议

This skill appears to do what it claims: run Slither on local Solidity sources and produce a report. Before installing/using it: (1) install the Slither CLI (SKILL.md suggests 'pip install slither-analyzer') from a trusted source and confirm the correct package name and version; (2) be aware the script invokes the 'slither' subprocess on files you provide — running analysis on untrusted code carries the usual risks of executing third-party tools; (3) the skill's metadata does not declare the required 'slither' binary, so ensure the binary is available on PATH; (4) review the pip package and Slither project's repository for reputation and updates. If you need an explicit install in a controlled environment, prefer installing Slither in a virtualenv or sandbox before running this skill.

功能分析

Type: OpenClaw Skill Name: slither-audit Version: 0.4.0 The `slither-audit.py` script executes the `slither` command using `subprocess.run` with a user-provided `contract_path`. While `subprocess.run` with a list of arguments mitigates direct shell injection, passing user-controlled input directly to an external command introduces a potential command/argument injection vulnerability, which could lead to Remote Code Execution (RCE) if the `slither` tool or the underlying system is exploitable. This is a significant vulnerability, but there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or explicit harmful instructions), thus classifying it as 'suspicious' rather than 'malicious'.

能力评估

ℹ Purpose & Capability

The name/description (Slither static analysis) matches the included script and prompts. Minor inconsistency: the skill metadata lists no required binaries, but both SKILL.md and slither-audit.py expect a local 'slither' CLI to be installed (SKILL.md suggests 'pip install slither-analyzer'). This is expected for the stated purpose but the binary requirement is not declared in the metadata.

✓ Instruction Scope

SKILL.md and detect.md clearly limit operations to local Solidity files and local analysis. The Python script only validates that the target path exists and runs the Slither binary; it does not read or transmit other system files, environment variables, or external endpoints. detect.md is an analysis prompt and does not introduce network calls.

ℹ Install Mechanism

There is no formal install spec in the registry (instruction-only). SKILL.md instructs the user to run 'pip install slither-analyzer' and then run the included script. That is a normal, low-risk approach but means installation of third-party packages happens outside the skill's manifest; users should verify the pip package source and version before installing.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. The script does not access secrets or unrelated environment state. The lack of credential requests is proportionate to a local static-analysis tool.

✓ Persistence & Privilege

The skill does not request always: true, does not modify other skill configs, and has no persistent agent privileges. It runs only when invoked and performs local analysis.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install slither-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /slither-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.4.0

- Updated slither-audit.py with new features or improvements. - No changes to documentation or requirements. - Maintains focus on running Slither static analysis on local Solidity contracts.

v0.3.0

- Clarified and shortened the documentation for easier reading. - Updated feature list and limitations for accuracy. - Improved instructions with concise quick start and usage examples. - Removed deprecated/incomplete options and streamlined descriptions. - Added evmbench reference for AI-powered analysis.

v0.2.0

- Removed Etherscan API and AI-powered analysis support; now audits only local Solidity files. - Environment variables and API keys are no longer required. - Updated documentation to clarify current capabilities (static analysis of local contracts with Slither) and removed references to external chain or AI features. - Usage instructions simplified to focus on local runs via slither-analyzer. - Clarified limitations due to Etherscan V1 deprecation and removed all remote contract loading functionality.

v0.1.0

Initial release of slither-audit v0.1.0: - Enables static security scanning for Solidity/EVM contracts using Slither. - Supports fetching source from Etherscan or analyzing local files. - Optional AI-powered audit for logic vulnerability detection. - Outputs report in JSON or Markdown format. - Provides command-line interface for fast, lightweight auditing. - Supports multiple EVM chains and custom environment variable configuration.

元数据

Slug slither-audit

版本 0.4.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 4

常见问题

Slither Audit 是什么？

Run slither static analysis on Solidity contracts. Fast, lightweight security scanner for EVM smart contracts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 631 次。

如何安装 Slither Audit？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install slither-audit」即可一键安装，无需额外配置。

Slither Audit 是免费的吗？

是的，Slither Audit 完全免费（开源免费），可自由下载、安装和使用。

Slither Audit 支持哪些平台？

Slither Audit 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Slither Audit？

由 aviclaw（@aviclaw）开发并维护，当前版本 v0.4.0。