smart-contract-scanner-api

smart-contract-scanner-api

Enables scanning Solidity smart contracts for 13 vulnerability classes using pattern-based analysis; provides full audit, quick scan, gas analysis, and detector catalog through MCP tools.

Category
Visit Server

README

<p align="center"><img src="logo.png" width="120" alt="logo"></p>

lazymac API Store Gumroad MCPize

Smart Contract Scanner API

Building in public from $0 MRR. Star if you want to follow the journey — lazymac-mcp (42 tools, one MCP install) · lazymac-k-mcp (Korean wedge) · lazymac-sdk (TS client) · api.lazy-mac.com · Pro $29/mo.

npm Smithery lazymac Pro api.lazy-mac.com

🚀 Want all 42 lazymac tools through ONE MCP install? npx -y @lazymac/mcp · Pro $29/mo for unlimited calls.

Premium Solidity smart contract vulnerability scanner — REST API and MCP server. Detects 13 vulnerability classes using pattern-based analysis with zero external dependencies.

Why This Exists

Professional smart contract audits cost $5K–$50K and take weeks. This API provides automated, instant security analysis for a fraction of the cost. No external API keys needed — all analysis is done locally via pattern matching and structural analysis.

Vulnerability Detection

ID Name Severity SWC
SCS-001 Reentrancy Critical SWC-107
SCS-002 Integer Overflow/Underflow High SWC-101
SCS-003 Unchecked External Calls High SWC-104
SCS-004 Access Control Critical SWC-105
SCS-005 Timestamp Dependence Medium SWC-116
SCS-006 tx.origin Authentication Critical SWC-115
SCS-007 Delegatecall Injection Critical SWC-112
SCS-008 Self-destruct High SWC-106
SCS-009 Floating Pragma Low SWC-103
SCS-010 Gas Limit Issues Medium SWC-128
SCS-011 Front-running Medium SWC-114
SCS-012 Missing Events Low N/A
SCS-013 Unused Variables Info SWC-131

Quick Start

npm install
npm start        # REST API on port 5200
npm run mcp      # MCP server (stdio)
npm test         # Run test suite

API Endpoints

POST /api/v1/scan — Full Audit

curl -X POST http://localhost:5200/api/v1/scan \
  -H "Content-Type: application/json" \
  -d '{"code": "pragma solidity ^0.8.0; contract Foo { function withdraw() public { msg.sender.call{value: 1}(\"\"); } }"}'

Returns: Full audit report with risk score (0–100), findings grouped by severity, gas optimization suggestions, and actionable recommendations.

POST /api/v1/quick-scan — Critical Checks Only

Same request format. Checks only the top 5 critical patterns (reentrancy, access control, tx.origin, delegatecall, unchecked calls). Faster response.

POST /api/v1/gas-analysis — Gas Optimization

Returns gas optimization suggestions with estimated savings per suggestion.

GET /api/v1/vulnerabilities — Detector Catalog

Lists all 13 detectable vulnerability types with descriptions and SWC references.

MCP Server

Add to your MCP client configuration:

{
  "mcpServers": {
    "smart-contract-scanner": {
      "command": "node",
      "args": ["src/mcp-server.js"],
      "cwd": "/path/to/smart-contract-scanner-api"
    }
  }
}

Tools:

  • scan_contract — Full security audit
  • quick_scan_contract — Critical checks only
  • analyze_gas — Gas optimization analysis
  • list_vulnerabilities — Detector catalog

Report Format

{
  "report": {
    "overview": {
      "riskScore": 78,
      "riskLevel": "High",
      "summary": { "total": 8, "critical": 2, "high": 3, "medium": 2, "low": 1, "info": 0 }
    },
    "findings": { "bySeverity": { ... }, "total": 8 },
    "gasOptimization": { "suggestions": [...] },
    "recommendations": [...]
  }
}

Docker

docker build -t smart-contract-scanner .
docker run -p 5200:5200 smart-contract-scanner

License

MIT

<sub>💡 Host your own stack? <a href="https://m.do.co/c/c8c07a9d3273">Get $200 DigitalOcean credit</a> via lazymac referral link.</sub>

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured