This document provides a comprehensive guide for integrating and using Mythril as an MCP (Model Context Protocol) server.
- Overview
- Quick Start
- Architecture
- Available Tools
- Client Configuration
- Usage Examples
- Advanced Topics
- Troubleshooting
- Development
Mythril now includes native MCP server support, allowing AI assistants and other MCP-compatible applications to leverage Mythril's security analysis capabilities through a standardized protocol.
Model Context Protocol (MCP) is an open protocol that standardizes how applications provide context to Large Language Models (LLMs). It enables:
- Standardized Integration: One implementation works with all MCP-compatible clients
- Tool Discovery: Clients can query available capabilities
- Type Safety: Structured tool definitions with JSON schemas
- Error Handling: Standardized error reporting
- AI-Powered Analysis: Let AI assistants help analyze smart contracts
- Interactive Security Audits: Conversational interface to security tools
- Workflow Integration: Use Mythril within your existing AI-assisted workflows
- Educational: Learn about smart contract security through natural language
# Install Mythril with MCP support
pip install -e .
# Verify installation
mythril2-mcp-server --helpFor Claude Desktop, add to claude_desktop_config.json:
{
"mcpServers": {
"mythril2": {
"command": "mythril2-mcp-server"
}
}
}After configuration, simply ask your AI assistant:
Analyze this smart contract for vulnerabilities:
pragma solidity ^0.8.0;
contract Test {
function destroy() public {
selfdestruct(payable(msg.sender));
}
}
┌─────────────────┐
│ MCP Client │ (Claude Desktop, Cline, etc.)
│ (AI Assistant) │
└────────┬────────┘
│ MCP Protocol (JSON-RPC over stdio)
│
┌────────▼────────┐
│ Mythril MCP │
│ Server │
└────────┬────────┘
│
┌────────▼────────┐
│ Mythril Core │ (Analysis Engine)
│ - Symbolic │
│ Execution │
│ - Detectors │
│ - Disassembler │
└─────────────────┘
- Client Request: MCP client sends tool call via stdio
- Server Processing: MCP server validates and routes request
- Analysis Execution: Mythril engine performs security analysis
- Result Formatting: Results formatted per MCP protocol
- Client Response: Results sent back to client
The server uses stdio transport:
- stdin: Receives JSON-RPC requests
- stdout: Sends JSON-RPC responses
- stderr: Logs diagnostic information
Performs comprehensive security analysis on smart contracts.
Input Schema:
{
"contract_code": "string (optional)",
"contract_address": "string (optional)",
"solc_version": "string (optional)",
"max_depth": "integer (optional, default: 128)",
"execution_timeout": "integer (optional, default: 86400)",
"strategy": "string (optional, default: 'dfs')",
"enable_onchain_data": "boolean (optional, default: false)"
}Output: Text report with identified vulnerabilities
Example:
{
"contract_code": "pragma solidity ^0.8.0; ...",
"max_depth": 256,
"strategy": "bfs"
}Converts EVM bytecode into human-readable assembly.
Input Schema:
{
"contract_code": "string (optional)",
"contract_address": "string (optional)"
}Output: EVM assembly listing
Example:
{
"contract_code": "0x608060405234801561001057600080fd5b50..."
}Lists all available security detection modules.
Input Schema:
{}Output: List of detector modules with descriptions
Location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json
Configuration:
{
"mcpServers": {
"mythril2": {
"command": "mythril2-mcp-server",
"args": [],
"env": {
"MYTHRIL_DIR": "/custom/path"
}
}
}
}- Install Cline extension in VS Code
- Open Cline settings
- Add MCP server configuration:
{
"mcpServers": {
"mythril2": {
"command": "mythril2-mcp-server"
}
}
}For custom integrations:
from mcp import ClientSession, StdioServerParameters
from mcp.client.stdio import stdio_client
async def use_mythril2():
server_params = StdioServerParameters(
command="mythril2-mcp-server",
args=[]
)
async with stdio_client(server_params) as (read, write):
async with ClientSession(read, write) as session:
await session.initialize()
# Call analyze_contract tool
result = await session.call_tool(
"analyze_contract",
arguments={"contract_code": "..."}
)
print(result)User: "Analyze this contract for security issues"
AI Response: Calls analyze_contract tool and presents findings in natural language.
User: "Check this contract specifically for reentrancy vulnerabilities, use a depth of 256"
AI Response: Adjusts parameters and provides targeted analysis.
User: "What does this bytecode do? 0x6080604052..."
AI Response: Uses disassemble_contract to explain the code.
User: "What types of vulnerabilities can Mythril detect?"
AI Response: Uses list_detectors to enumerate capabilities.
Control analysis behavior through tool parameters:
{
"contract_code": "...",
"max_depth": 256, // Deeper analysis
"execution_timeout": 3600, // 1 hour timeout
"strategy": "bfs", // Breadth-first search
"enable_onchain_data": true // Use blockchain data
}For Quick Scans:
max_depth: 64-128execution_timeout: 300-600
For Thorough Analysis:
max_depth: 256-512execution_timeout: 3600-7200
- Local Execution: Server runs locally, no data sent to external services
- Blockchain Access: When
enable_onchain_datais true, connects to Ethereum nodes - Resource Usage: Analysis can be CPU-intensive
- File Access: Server reads contract files from local filesystem
# GitHub Actions example
- name: Security Analysis via MCP
run: |
pip install mythril2
echo "$CONTRACT_CODE" | mythril2-mcp-serverProblem: Command not found
Solution:
# Find installation path
which mythril2-mcp-server
# Use full path in config
{
"command": "/home/user/.local/bin/mythril2-mcp-server"
}Problem: Analysis takes too long
Solution:
- Reduce
max_depth - Increase
execution_timeout - Simplify contract or analyze specific functions
Problem: Out of memory during analysis
Solution:
- Reduce
max_depth - Analyze contracts in smaller pieces
- Increase system memory
Problem: MCP client can't connect
Solution:
- Verify server starts:
mythril2-mcp-server - Check client logs for error messages
- Verify PATH includes mythril2 installation
- Try absolute path to executable
Problem: Module not found errors
Solution:
# Install all dependencies
pip install -e .
# Install specific missing module
pip install py-solc-x# Run MCP server tests
pytest tests/mcp_server_test.py -v
# Test all Mythril functionality
pytest tests/Main files:
mythril2/mcp_server.py: Server implementationtests/mcp_server_test.py: Integration testsexamples/: Configuration examples
- Define tool in
list_tools():
Tool(
name="new_tool",
description="...",
inputSchema={...}
)- Implement handler in
call_tool():
elif name == "new_tool":
return await new_tool_handler(arguments)- Add tests:
@pytest.mark.asyncio
async def test_new_tool():
result = await new_tool_handler({})
assert result is not NoneEnable verbose logging:
import logging
logging.basicConfig(level=logging.DEBUG)Check stderr output:
mythril2-mcp-server 2>debug.log- GitHub Issues: Report bugs or request features
- Discord: Join ConsenSys Discord for community support
- Documentation: See README-MCP.md for additional information
MIT License - See LICENSE file for details.