Solidity Guardian

This skill appears to implement a Solidity static scanner and optional Slither integration, but there are discrepancies you should resolve before running it: - Documentation vs code mismatches: SKILL.md examples reference analyze.js, reporter.js, and a hardhat plugin that are not present in the package (the code contains analyzer.js and slither-integration.js). Confirm which entrypoints to run and whether analyzer exports the functions the integration expects (analyzeDirectory/analyzeFile/generateMarkdownReport). Running mismatched commands will fail or behave unexpectedly. - Optional installer executes pip/pipx: slither-integration.js can auto-install Slither by running pipx/pip3/python3 -m pip via execSync. That will perform network installs and may change your system Python environment — run this only in an isolated or CI environment (container, VM) if you choose to auto-install. - Review the code yourself (or have a developer do so) before running: analyzer.js parses local Solidity files and slither-integration.js executes shell commands. There are no obvious exfiltration endpoints, but you should still audit exported functions, ensure no unexpected network calls are added, and test in a sandbox. - Practical steps before using: 1) Open analyzer.js and confirm it exports the functions the integrator and examples expect. 2) Run the tool on a small, non-sensitive sample project first. Do not use --install-slither on a host with sensitive packages; prefer pre-installing Slither in an isolated environment. 3) If you plan to integrate with CI, vendor or pin the Slither installation steps and review those commands. Given the mismatches and the installer behavior, treat this skill with caution until these inconsistencies are resolved or you run it in a controlled environment.