Choose Your Tool Integration

AI Alone vs AI + Tools

Your auditor currently relies entirely on the AI's reasoning. That is powerful for semantic analysis (understanding code logic), but weak for structural analysis (finding all state-changing functions, tracing call graphs, identifying reentrancy paths).

Static analyzers like Slither and Aderyn are the opposite: excellent at structural analysis but cannot reason about business logic. Combining both is strictly better than either alone.

AI Only

No external dependencies. Your skill is a single markdown file. It works anywhere Claude Code runs.

Pros: Zero setup for users. No dependencies to install or maintain. Portable across machines. Cons: Misses patterns that static analysis catches trivially (dead code, shadowing, unused returns). Cannot prove findings with formal verification.

Static Analysis Integration

Run Slither and/or Aderyn first, feed their output to your AI. The AI reasons over tool findings, filters false positives, and enriches reports with context.

Pros: Catches structural issues. Cross-validates AI findings with deterministic tools. Reduces false positives (if Slither agrees, it is more likely real). Cons: Requires Slither/Aderyn installed. Adds complexity. Token usage increases (feeding tool output to AI).

How SC-Auditor does it: 8 MCP tools (Slither, Aderyn, Solodit, Cyfrin checklist, Foundry, Echidna, Medusa, Halmos). The AI orchestrates tool execution and reasons over combined results.

Full Stack (Static + Fuzzing + Formal)

Everything in static analysis plus fuzzers (Echidna, Medusa) for property testing and Halmos for formal verification. Findings that can be proven with a test or formal proof are dramatically more credible.

Pros: Highest confidence findings. Provable vulnerabilities. Catches complex multi-step bugs that pure analysis misses. Cons: Heavy dependencies. Slow. Requires the project to have a working build setup. Complex MCP configuration.

Your verification approach filters findings. Tool integration gives your AI additional data to work with. These are separate concerns.