Slither Audit
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign local Slither scanner, with minor setup and documentation notes users should review before installing.
This skill is reasonable for local Solidity scanning. Before installing, verify the slither-analyzer package/version you install, run it only on intended local contract files, and be aware that the included detect.md AI prompt appears inconsistent with the documented Slither-only behavior but is not used by the provided script.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency may pull whatever current package version is available from PyPI.
The skill depends on an external PyPI package installed by the user, but the registry has no install spec and no required binary declaration. This is expected for a Slither wrapper, but the dependency is unpinned.
pip install slither-analyzer
Install in a trusted environment and consider pinning or verifying the slither-analyzer version before use.
Running the skill will execute the installed Slither analyzer over the selected contract file or directory.
The script executes the local Slither command on a user-provided path. This is central to the stated purpose and does not use a shell, but it is still local command execution.
subprocess.run(["slither", contract_path, "--json", "-"], capture_output=True, text=True, timeout=60)
Run it only on intended local contract paths and with a Slither installation you trust.
Users may be unclear whether the skill is purely a local Slither wrapper or also intended to perform AI review of contract source.
This included prompt template suggests AI-based source analysis, while SKILL.md says the skill does not perform AI analysis. The provided Python script does not reference this file, so this appears to be an unused or inconsistent artifact rather than active behavior.
You are an expert smart contract security auditor. Analyze the following Solidity contract for vulnerabilities.
Treat the Python Slither wrapper as the active behavior shown here; maintainers should remove the unused prompt or document when it is used.