{"id":40122560,"url":"https://github.com/slvdev/weasel","last_synced_at":"2026-01-19T13:00:53.912Z","repository":{"id":331610766,"uuid":"1092210611","full_name":"slvDev/weasel","owner":"slvDev","description":"Solidity static analyzer you can talk to. MCP integration for Claude Code, Cursor, and Windsurf.","archived":false,"fork":false,"pushed_at":"2026-01-10T11:36:26.000Z","size":817,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-11T03:21:55.568Z","etag":null,"topics":["auditing","ethereum","mcp","rust","security","smart-contracts","solidity","static-analysis"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/slvDev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-08T07:43:13.000Z","updated_at":"2026-01-10T16:56:36.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/slvDev/weasel","commit_stats":null,"previous_names":["slvdev/weasel"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/slvDev/weasel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slvDev%2Fweasel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slvDev%2Fweasel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slvDev%2Fweasel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slvDev%2Fweasel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/slvDev","download_url":"https://codeload.github.com/slvDev/weasel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slvDev%2Fweasel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28568833,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T12:50:50.164Z","status":"ssl_error","status_checked_at":"2026-01-19T12:50:42.704Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditing","ethereum","mcp","rust","security","smart-contracts","solidity","static-analysis"],"created_at":"2026-01-19T13:00:47.199Z","updated_at":"2026-01-19T13:00:53.905Z","avatar_url":"https://github.com/slvDev.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eWeasel\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eSolidity static analyzer you can talk to\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  Ask your AI assistant to audit your contracts. Get explained results.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-MIT-blue.svg\" alt=\"License: MIT\"\u003e\u003c/a\u003e\n  \u003ca href=\"#installation\"\u003e\u003cimg src=\"https://img.shields.io/badge/install-weaselup-green.svg\" alt=\"Install\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/⚡-Blazing_Fast-orange\" alt=\"Blazing Fast\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/demo.gif\" alt=\"Weasel demo\" width=\"800\"\u003e\n\u003c/p\u003e\n\n```bash\n# 1. Install weasel\ncurl -L https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash\n\n# 2. Add to your AI tool:\n# Claude Code (recommended - MCP + skills)\n/plugin marketplace add slvDev/weasel\n/plugin install weasel\n\n# MCP only for Claude Code (if you don't want skills), Cursor, Windsurf\nweasel mcp add\n```\n\nNow just say `weasel \u003ccommand\u003e`:\n\n\u003e \"weasel analyze my contracts\"\n\n\u003e \"weasel poc for this reentrancy bug\"\n\n\u003e \"weasel report this finding\"\n\n\u003e \"weasel explain this function\"\n\nWeasel skills activate. Your AI runs analysis, writes PoCs, formats reports, and more.\n\n---\n\n## Features\n\n- **AI-Native Skills** — 9 specialized skills for Claude Code (PoC writing, report formatting, gas optimization, and more)\n- **Blazing Fast** — Parallel Rust analysis, instant MCP responses\n- **MCP Server** — Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool\n- **Extensive Detectors** — Vulnerabilities, gas optimizations, and code quality checks\n- **Auto-Detection** — Automatically configures for Foundry, Hardhat, and Truffle projects\n\n---\n\n## Why Weasel?\n\n|                    | Weasel                              | Other Analyzers              |\n| ------------------ | ----------------------------------- | ---------------------------- |\n| **AI Integration** | Native skills + MCP                 | Copy-paste output to ChatGPT |\n| **Setup**          | `plugin install` / `mcp add`        | Manual config, scripts       |\n| **Workflow**       | \"weasel poc for this bug\"           | Read reports, search fixes   |\n| **Context**        | AI knows Solidity security patterns | Context lost between tools   |\n| **Speed**          | Parallel Rust analysis              | Often single-threaded        |\n\n---\n\n## Installation\n\n```bash\ncurl -L https://raw.githubusercontent.com/slvDev/weasel/main/weaselup/install | bash\n```\n\nUpdate anytime with `weaselup`.\n\n\u003cdetails\u003e\n\u003csummary\u003eFrom Source\u003c/summary\u003e\n\n```bash\ngit clone https://github.com/slvDev/weasel.git\ncd weasel \u0026\u0026 cargo build --release\n```\n\n\u003c/details\u003e\n\n---\n\n## Claude Code Integration\n\nFor **Claude Code** users, install the Weasel plugin for intelligent skills:\n\n```bash\n/plugin marketplace add slvDev/weasel\n/plugin install weasel\n```\n\nUse `weasel` prefix to activate skills:\n\n**Audit:**\n\n| Skill             | What it does                                              |\n| ----------------- | --------------------------------------------------------- |\n| `weasel analyze`  | Security review (quick scan / manual review / full audit) |\n| `weasel validate` | Verify if attack hypothesis is exploitable                |\n| `weasel filter`   | Triage findings, filter false positives                   |\n| `weasel poc`      | Write exploit PoC (Foundry/Hardhat)                       |\n| `weasel report`   | Format findings as professional audit report              |\n| `weasel overview` | Scope project, map architecture/attack surface            |\n\n**Dev:**\n\n| Skill             | What it does                                   |\n| ----------------- | ---------------------------------------------- |\n| `weasel gas`      | Find and implement gas optimizations           |\n| `weasel explain`  | Explain code logic, patterns, and risks        |\n| `weasel simplify` | Refactor for clarity without changing behavior |\n\n**Skills provide context-aware expertise** — Claude knows how to analyze Solidity, write PoCs in Foundry/Hardhat, format audit reports, and more. The `weasel` prefix ensures skills only activate when you want them.\n\n\u003e To update the plugin, run `/plugin update weasel` in Claude Code.\n\n---\n\n## IDE Integration (MCP)\n\nFor **Cursor**, **Windsurf**, or Claude Code without skills:\n\n```bash\nweasel mcp add                      # auto-detect all installed IDEs\nweasel mcp add --target cursor      # Cursor only\nweasel mcp add --target windsurf    # Windsurf only\nweasel mcp add --target claude      # Claude Code only\n```\n\n| IDE         | MCP Tools | Skills                     |\n| ----------- | --------- | -------------------------- |\n| Claude Code | ✅        | ✅ (via `/plugin install`) |\n| Cursor      | ✅        | ❌                         |\n| Windsurf    | ✅        | ❌                         |\n\nMCP tools (`weasel_analyze`, `weasel_finding_details`, `weasel_detectors`) work in all IDEs. Skills (PoC writing, report formatting, etc.) are Claude Code exclusive.\n\n---\n\n## What It Detects\n\n| Severity   | What                     | Examples                                        |\n| ---------- | ------------------------ | ----------------------------------------------- |\n| **High**   | Critical vulnerabilities | Reentrancy, unchecked calls, delegatecall risks |\n| **Medium** | Security concerns        | Missing access control, oracle manipulation     |\n| **Low**    | Best practices           | Unlocked pragma, zero-address checks            |\n| **Gas**    | Optimizations            | Storage reads, loop efficiency, packing         |\n| **NC**     | Code quality             | Naming, style, documentation                    |\n\nRun `weasel detectors` to see all checks, or ask your AI: _\"what can weasel detect?\"_\n\n---\n\n## How It Works\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/flow.png\" alt=\"Weasel flow\" width=\"800\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  Your AI calls Weasel via MCP, gets structured findings, and explains them to you.\n\u003c/p\u003e\n\n| MCP Command              | What It Does                        |\n| ------------------------ | ----------------------------------- |\n| `weasel_analyze`         | Scan contracts, get compact summary |\n| `weasel_finding_details` | Deep dive into specific issues      |\n| `weasel_detectors`       | List all available checks           |\n\n---\n\n## Standalone Usage\n\nNo AI? Weasel works great from the terminal.\n\n```bash\nweasel run                              # analyze ./src\nweasel run -s ./contracts               # specify path\nweasel run -e ./test -e ./mocks         # exclude paths\nweasel run -m High                      # only critical\nweasel run -o report.md                 # save report\nweasel run -o report.json -f json       # JSON format\n```\n\n### Detectors\n\n```bash\nweasel detectors                # list all\nweasel detectors -s High        # filter by severity\nweasel detectors -d \u003cid\u003e        # details for one\n```\n\n### Configuration\n\nCreate `weasel.toml` with `weasel init`:\n\n```toml\nscope = [\"src\", \"contracts\"]\nexclude = [\"test\", \"script\"]\nmin_severity = \"Low\"\nformat = \"md\"\nremappings = [\"@openzeppelin/=lib/openzeppelin-contracts/\"]\n```\n\n| Option           | Short | Default           |\n| ---------------- | ----- | ----------------- |\n| `--scope`        | `-s`  | `[\"src\"]`         |\n| `--exclude`      | `-e`  | `[\"lib\", \"test\"]` |\n| `--min-severity` | `-m`  | `NC`              |\n| `--format`       | `-f`  | `md`              |\n| `--output`       | `-o`  | stdout            |\n| `--remappings`   | `-r`  | auto              |\n\n**Priority:** CLI flags \u003e config file \u003e auto-detection\n\n---\n\n## Project Support\n\n**Foundry** — Remappings loaded in order:\n\n1. Default paths (`forge-std/`, `@openzeppelin/`)\n2. `remappings.txt`\n3. `foundry.toml`\n4. CLI `-r` flags\n\n**Hardhat / Truffle** — Auto-detects config, uses `node_modules/`, defaults to `./contracts`\n\n---\n\n## FAQ\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eAI can't find Weasel?\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nwhich weasel          # should show path\nweasel mcp add        # re-run setup\n# restart your AI tool\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eHow do I check MCP config?\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\ncat ~/.claude.json              # Claude Code\ncat ~/.cursor/mcp.json          # Cursor\ncat ~/.codeium/windsurf/mcp_config.json  # Windsurf\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eManual MCP setup\u003c/strong\u003e\u003c/summary\u003e\n\nAdd to your AI tool's config:\n\n```json\n{\n  \"mcpServers\": {\n    \"weasel\": {\n      \"type\": \"stdio\",\n      \"command\": \"/path/to/weasel\",\n      \"args\": [\"mcp\", \"serve\"]\n    }\n  }\n}\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eHow do I exclude test files?\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nweasel run -e ./test -e ./src/mocks\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eHow do I analyze only critical issues?\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nweasel run -m High\n```\n\n\u003c/details\u003e\n\n---\n\n## License\n\nMIT — [LICENSE.md](LICENSE.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslvdev%2Fweasel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslvdev%2Fweasel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslvdev%2Fweasel/lists"}