ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

evm-audit-cli

AI-powered smart contract auditing using OpenRouter. Lightweight alternative to evmbench - no docker needed.

Why use this skill?

Audit your Solidity smart contracts locally using AI. A lightweight, docker-free security tool for rapid vulnerability scanning via OpenRouter.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/aviclaw/evm-audit-cli
Or

What This Skill Does

The evm-audit-cli skill is a specialized, lightweight AI-driven tool designed to perform security audits on Solidity smart contracts. Unlike resource-heavy alternatives that require containerization like Docker, this skill functions as a direct command-line interface. It reads your local Solidity source files, leverages advanced AI models via OpenRouter (such as GPT-4o-mini or Claude 3.5 Sonnet), and generates actionable security reports. By focusing on local file analysis, it provides a fast, privacy-conscious workflow for developers looking to catch common vulnerabilities early in the development lifecycle without needing to rely on external block explorers or complex environments.

Installation

To begin using this skill, ensure you have an active OpenRouter API key. Run the following command via the ClawHub CLI to add the tool to your OpenClaw environment:

clawhub install openclaw/skills/skills/aviclaw/evm-audit-cli

Once installed, set your environment variable to authenticate the API requests:

export OPENROUTER_API_KEY=your_openrouter_api_key_here

Use Cases

This skill is perfect for:

  1. Rapid iterative auditing during the development process to catch low-hanging fruit like reentrancy or integer overflows.
  2. Developers who need an audit solution that doesn't rely on bloated Docker containers.
  3. Quick assessment of smart contract logic when prototyping or learning Solidity patterns.
  4. CI/CD integration where lightweight, fast AI analysis is preferred over full static analysis suites.

Example Prompts

  1. "Run an audit on the Solidity files located in the ./src/contracts directory using the default model."
  2. "Perform a security audit on ./contracts/Vault.sol and provide the output in JSON format for my report."
  3. "Audit my contract using the claude-3.5-sonnet model to get a more comprehensive analysis of complex logic."

Tips & Limitations

While powerful, it is crucial to remember that this tool performs AI-based analysis rather than formal verification. AI models can hallucinate or overlook sophisticated logic errors. Always treat the findings as suggestions. For a production-ready security posture, you should pair this skill with manual audits and static analysis tools like Slither. Furthermore, ensure you only audit local, non-sensitive environments, and always review the generated report manually before deploying any code to a live mainnet or testnet blockchain.

Read Full Documentation on GitHub

Metadata

Author@aviclaw
Stars1335
Views1
Updated2026-02-23
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-aviclaw-evm-audit-cli": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#solidity#smart-contracts#security#blockchain#audit
Safety Score: 4/5

Flags: file-read, external-api

Related Skills

verify-before-done

Prevent premature completion claims, repeated same-pattern retries, and weak handoffs. Use this skill to improve verification, strategy switching, and blocked-task reporting without changing personality or tone.

aviclaw 4473

x-research

General-purpose X/Twitter research agent. Searches X for real-time perspectives, dev discussions, product feedback, cultural takes, breaking news, and expert opinions. Works like a web research agent but uses X as the source. Use when: (1) user says "x research", "search x for", "search twitter for", "what are people saying about", "what's twitter saying", "check x for", "x search", "/x-research", (2) user is working on something where recent X discourse would provide useful context (new library releases, API changes, product launches, cultural events, industry drama), (3) user wants to find what devs/experts/community thinks about a topic. NOT for: posting tweets, account management, or historical archive searches beyond 7 days.

aviclaw 4473

Agent Security Auditor

Skill by aviclaw

aviclaw 4473

Zeroex Swap

Skill by aviclaw

aviclaw 4473

solidity-guardian

Smart contract security analysis skill. Detect vulnerabilities, suggest fixes, generate audit reports. Supports Hardhat/Foundry projects. Uses pattern matching + best practices from Trail of Bits, OpenZeppelin, and Consensys.

aviclaw 4473