ReddRadar
Agent skill
slither-analysis
Expert integration with Slither static analyzer for smart contract vulnerability detection, code quality analysis, and security reporting. Supports all Slither detectors and custom analysis configurations.
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/cryptography-blockchain/skills/slither-analysis
SKILL.md
Slither Static Analysis Skill
Expert-level integration with Slither, the leading static analysis framework for Solidity smart contracts.
Capabilities
- Full Detector Suite: Execute Slither with all built-in detectors
- Custom Configurations: Configure analysis parameters and exclusions
- Severity Classification: Interpret and classify finding severity
- False Positive Filtering: Context-aware false positive identification
- Visual Analysis: Generate call graphs and inheritance diagrams
- Custom Detectors: Run and develop custom Slither detectors
- Reporting: Produce comprehensive security reports
Installation
# Install via pip
pip install slither-analyzer
# Or via pipx for isolation
pipx install slither-analyzer
# Verify installation
slither --version
Basic Usage
Run Analysis
# Analyze single file
slither Contract.sol
# Analyze Foundry project
slither . --foundry-compile-all
# Analyze Hardhat project
slither . --hardhat-compile-all
Output Formats
# Human readable (default)
slither .
# JSON output for processing
slither . --json output.json
# Markdown report
slither . --checklist
# SARIF for CI integration
slither . --sarif output.sarif
Detector Categories
High Severity Detectors
| Detector | Description |
|---|---|
reentrancy-eth |
Reentrancy with ETH transfer |
reentrancy-no-eth |
Reentrancy without ETH |
arbitrary-send-eth |
Arbitrary ETH send |
controlled-delegatecall |
Controlled delegatecall |
suicidal |
Functions allowing anyone to destruct |
uninitialized-storage |
Uninitialized storage variables |
Medium Severity Detectors
| Detector | Description |
|---|---|
reentrancy-benign |
Benign reentrancy |
incorrect-equality |
Dangerous strict equality |
locked-ether |
Contracts that lock ether |
missing-zero-check |
Missing zero address validation |
unchecked-transfer |
Unchecked token transfers |
Low Severity Detectors
| Detector | Description |
|---|---|
naming-convention |
Naming convention violations |
external-function |
Functions that could be external |
constable-states |
State variables that could be constant |
immutable-states |
State variables that could be immutable |
Configuration
slither.config.json
{
"detectors_to_run": "all",
"exclude_informational": false,
"exclude_low": false,
"exclude_medium": false,
"exclude_high": false,
"exclude_optimization": false,
"fail_on": "high,medium",
"filter_paths": [
"node_modules",
"lib",
"test"
],
"exclude_dependencies": true,
"legacy_ast": false
}
CLI Configuration
# Run specific detectors
slither . --detect reentrancy-eth,uninitialized-storage
# Exclude detectors
slither . --exclude naming-convention,external-function
# Filter by severity
slither . --exclude-informational --exclude-low
# Exclude specific paths
slither . --filter-paths "test|lib|node_modules"
Advanced Features
Call Graph Generation
# Generate call graph
slither . --print call-graph
# Generate inheritance graph
slither . --print inheritance-graph
# Generate contract summary
slither . --print contract-summary
Function Analysis
# Print function summaries
slither . --print function-summary
# Print variable order (storage layout)
slither . --print variable-order
# Print data dependency
slither . --print data-dependency
Custom Detectors
# custom_detector.py
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
class MyCustomDetector(AbstractDetector):
ARGUMENT = "my-detector"
HELP = "Detect my custom issue"
IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.HIGH
WIKI = "https://example.com/my-detector"
WIKI_TITLE = "My Custom Detector"
WIKI_DESCRIPTION = "Detects..."
WIKI_EXPLOIT_SCENARIO = "..."
WIKI_RECOMMENDATION = "..."
def _detect(self):
results = []
for contract in self.compilation_unit.contracts_derived:
for function in contract.functions:
# Detection logic
if self._has_issue(function):
info = [function, " has an issue\n"]
results.append(self.generate_result(info))
return results
CI/CD Integration
GitHub Actions
name: Slither Analysis
on: [push, pull_request]
jobs:
slither:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Install Slither
run: pip install slither-analyzer
- name: Run Slither
run: slither . --foundry-compile-all --fail-on high --sarif results.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
Interpreting Results
Result Structure
{
"success": true,
"error": null,
"results": {
"detectors": [
{
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium",
"description": "Reentrancy in Contract.withdraw()...",
"elements": [...],
"first_markdown_element": "...",
"id": "abc123"
}
]
}
}
Triage Workflow
- High/Medium Impact - Investigate immediately
- Check Confidence Level - High confidence = likely real issue
- Review Code Context - Understand the actual flow
- Verify with Tests - Write tests to confirm behavior
- Document Decisions - Mark false positives with rationale
Process Integration
| Process | Purpose |
|---|---|
smart-contract-security-audit.js |
Primary security analysis |
smart-contract-development-lifecycle.js |
Development validation |
formal-verification.js |
Pre-verification checks |
Tools Reference
| Tool | Purpose |
|---|---|
| Slither | Core static analyzer |
| crytic-compile | Compilation framework |
| slither-doctor | Configuration debugger |
Best Practices
- Run Slither on every commit in CI
- Configure appropriate exclusions to reduce noise
- Review all high/medium findings manually
- Write custom detectors for project-specific patterns
- Use
--triage-databaseto track false positives
See Also
skills/mythril-symbolic/SKILL.md- Symbolic execution analysisskills/echidna-fuzzer/SKILL.md- Property-based fuzzingagents/solidity-auditor/AGENT.md- Security auditor agent- Slither Documentation
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?