Package Exports
- smartguard-mcp
- smartguard-mcp/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (smartguard-mcp) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
SmartGuard MCP
AI-powered smart contract security audit tools for Claude Code, Cursor, and AI coding agents.
Detect reentrancy, access control, overflow, oracle manipulation, and quantum vulnerabilities in Solidity contracts — directly from your AI assistant.
Quick Start
{
"mcpServers": {
"smartguard": {
"command": "npx",
"args": ["-y", "smartguard-mcp"]
}
}
}Tools (5)
| Tool | Description |
|---|---|
scan_contract |
Scan a single Solidity file for vulnerabilities |
scan_contracts_directory |
Recursively scan all .sol files in a directory |
scan_contract_snippet |
Scan a Solidity code snippet (no file needed) |
list_vulnerability_patterns |
List all detectable vulnerability patterns |
gas_optimization |
Analyze gas optimization opportunities |
Detected Vulnerabilities (18 patterns)
| Category | Patterns | Severity |
|---|---|---|
| Reentrancy | External calls before state updates | Critical |
| Access Control | Missing modifiers, tx.origin, unprotected selfdestruct | Critical-High |
| Delegatecall | Untrusted delegatecall targets | Critical |
| Arithmetic | Integer overflow (pre-0.8), unchecked blocks | High-Medium |
| Oracle Manipulation | Direct reserve reading, balance-based pricing | High |
| Frontrunning | ERC20 approve race condition | Medium |
| Timestamp | block.timestamp dependence | Medium |
| Gas DoS | Unbounded loops, long revert strings | Medium-Low |
| Storage | Uninitialized storage pointers | High |
| Quantum (PQC) | ECDSA/ecrecover quantum vulnerability | Medium |
| Best Practice | Floating pragma, TODO comments | Low-Info |
Example Output
# SmartGuard Audit Report
**File**: contracts/Vault.sol
**Risk Score**: 65/100 (HIGH)
## Findings
### 🔴 SG-001: External call with value before state update (potential reentrancy)
- **Severity**: CRITICAL
- **Location**: contracts/Vault.sol:15:9
- **SWC**: SWC-107
**Recommendation**: Use checks-effects-interactions pattern or ReentrancyGuard.Used With
- quantumguard-mcp — Post-quantum cryptography audit (complementary)
Together, QuantumGuard + SmartGuard provide full-spectrum smart contract security: traditional vulnerabilities + quantum-future threats.
License
MIT