Summary
Brings smart contract security scanning into Claude with heuristic analysis for Solidity, Rust, and TypeScript contracts. Exposes three tools: scan_contract checks for reentrancy, integer overflow, access control flaws, front-running vectors, and oracle manipulation risks, returning a vulnerability list with severity ratings and line numbers. compare_security_models and audit_checklist generate language-specific security guidance. The scanner includes NEAR-specific context, scoring contracts against NEAR's security model and providing cross-chain migration recommendations. Install globally via npm and point Claude Desktop at the mcp-contract-security command. Useful when reviewing contract code during development or audits, especially if you're evaluating patterns across EVM and NEAR ecosystems.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
mcp-contract-security
MCP server for smart contract security scanning.
Implements the required tools:
scan_contractcompare_security_modelsaudit_checklist
Supports languages:
solidityrusttypescript
What it checks
scan_contract currently detects heuristic patterns for:
- Reentrancy
- Integer overflow/underflow risk
- Access control issues
- Front-running exposure
- Oracle manipulation risk
The output includes:
- vulnerability list with severity/type/line
security_scorenear_equivalent_score- NEAR-specific security notes and recommendation
Install
npm install -g mcp-contract-security
Published package:
- npm: https://www.npmjs.com/package/mcp-contract-security
- MCP Registry: https://registry.modelcontextprotocol.io/v0/servers/io.github.mastrophot%2Fcontract-security-scanner/versions/0.1.1
MCP config (Claude Desktop)
{
"mcpServers": {
"contract-security": {
"command": "mcp-contract-security"
}
}
}
Tool usage
scan_contract
Input:
{
"code": "contract source code here",
"language": "solidity"
}
compare_security_models
Input (optional):
{
"language": "solidity"
}
audit_checklist
Input (optional):
{
"language": "rust"
}
Local development
npm install
npm run check
Deliverable assets
Additional publish assets are prepared in deliverables/:
deliverables/mcp-registry-submission.mddeliverables/security-subreddit-posts.mddeliverables/blog-why-near-contracts-safer.mdserver.json(MCP Registry metadata, schema-validated)
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Packagemcp-contract-security
TransportSTDIO
UpdatedMar 16, 2026
