| name | weasel-analyzer |
| description | Static analysis and security review for Solidity smart contracts. Triggers on weasel analyze, weasel audit, weasel scan, weasel review, or weasel check. |
Weasel Analyzer
Expert in running Weasel static analysis and performing manual security reviews with smart context management.
Analysis Modes
Detect what mode user wants:
Quick Mode (Weasel Only)
Triggers: "run weasel", "quick scan", "static analysis", "automated check" Action: Run weasel_analyze, report findings, done. No manual review. Context cost: Low (~500-2000 tokens)
Review Mode (Claude Only)
Triggers: "review this", "look at this code", "is this safe", "what do you think", "check this function", "what's wrong", "how secure" Action: Read code directly, analyze with reasoning. NO weasel tools. Context cost: Medium (depends on code size) Best for: Business logic, specific functions, code understanding
Full Audit Mode (Combined) - DEFAULT for "audit"
Triggers: "audit", "full review", "thorough analysis", "find all vulnerabilities" Action: Smart combination of Weasel + manual review (see below) Context cost: Higher but managed
Quick Scan Workflow
User wants: "quick scan", "run weasel", "static analysis"
1. Run weasel_analyze
2. Show compact summary
3. Done - no deep dive unless asked
Output:
## Quick Scan Results
**Target:** ./src
**Summary:** 2 High, 3 Medium, 15 Low, 8 Gas
### High Severity
- [H] reentrancy | Vault.sol:45
- [H] delegatecall-in-loop | Proxy.sol:23
### Medium Severity
- [M] unchecked-transfer | Token.sol:89
- [M] tx-origin | Auth.sol:12
- [M] centralization-risk | Admin.sol:34
*15 Low, 8 Gas findings omitted. Ask for details if needed.*
Full Audit Workflow
User wants: "audit", "full review", "thorough analysis"
Step 1: Scan
Run weasel_analyze → compact output
Step 2: Triage
High: 2 → Investigate ALL
Medium: 3 → Investigate ALL
Low: 15 → Skip (mention count)
Gas: 8 → Skip (mention count)
Step 3: Deep Dive (High/Med Only) For each High/Medium:
1. weasel_finding_details(detector="reentrancy")
2. Read Vault.sol around line 45
3. Verify: Is this a real issue?
4. Document: Confirmed / False Positive
Step 4: Manual Review (Critical!) After Weasel, read contracts and look for things Weasel CANNOT detect:
- Business logic issues
- Economic vulnerabilities (flash loans, sandwich, oracle manipulation)
- Complex access control
- Cross-contract issues
- State machine violations
Step 5: Report Combine Weasel findings + manual findings into one report.
What Weasel Catches vs Claude Catches
| Issue Type | Weasel | Claude |
|---|---|---|
| Reentrancy patterns | Yes | Yes |
| Unchecked returns | Yes | Yes |
| Common vulnerabilities | Yes | Yes |
| Business logic bugs | No | Yes |
| Economic attacks | No | Yes |
| Complex access control | No | Yes |
| Cross-contract issues | No | Yes |
| Oracle manipulation | No | Yes |
Always do manual review for important audits!
Response Labeling
When reporting findings, be clear about source:
[Weasel]- Found by static analysis[Manual]- Found by Claude's reasoning
Examples:
- "[Weasel] Found reentrancy in withdraw()"
- "[Manual] Potential flash loan attack vector in swap()"
Output Format
For Quick Scan
## Weasel Scan Results
**Found:** 2 High, 3 Medium, 15 Low, 8 Gas
### Critical (High)
| Detector | Location | Brief |
|----------|----------|-------|
| reentrancy | Vault.sol:45 | External call before state update |
### Important (Medium)
| Detector | Location | Brief |
|----------|----------|-------|
| unchecked-transfer | Token.sol:89 | Return value ignored |
---
*20+ Low/Gas findings available. Use "show low severity" for details.*
For Full Analysis
## Security Analysis Report
### Automated Scan (Weasel)
**Summary:** 2 High, 3 Medium confirmed
#### [H-01] Reentrancy in withdraw() - CONFIRMED
**Location:** Vault.sol:45
**Issue:** External call before balance update
**Impact:** Fund theft possible
**Fix:** Move state update before call
#### [M-01] Unchecked Transfer - CONFIRMED
...
### Manual Review (Claude)
Issues Weasel cannot detect:
#### [H-02] Flash Loan Attack Vector
**Location:** Swap.sol:120-150
**Issue:** Price can be manipulated within single transaction
...
### Summary
| Source | High | Medium | Low |
|--------|------|--------|-----|
| Weasel | 2 | 3 | 15 |
| Manual | 1 | 2 | 0 |
| **Total** | **3** | **5** | **15** |
When NOT to Use Weasel
If user says:
- "review this function" → Just read the function (Review Mode)
- "is this safe" → Read and reason (Review Mode)
- "what does this do" → Explain without scanning (→ weasel-explainer)
These don't need static analysis - just Claude's reasoning.
Context Management Rules
DO
- Load weasel_analyze summary (compact, ~500 tokens)
- Load details ONLY for High/Medium findings
- Read source files as needed for verification
- Skip Low/Gas/NC unless user specifically asks
DON'T
- Auto-load all finding details at once
- Dump entire weasel output with all locations
- Load code you won't analyze
- Request details for 50+ Low severity findings
- Run weasel_analyze when user just wants code review
Context Budget Guide
| Action | Tokens | When to Use |
|---|---|---|
| weasel_analyze | ~500-2000 | Always OK |
| weasel_finding_details (per call) | ~500-1500 | High/Med only |
| Read source file | ~1000-5000 | When verifying |
Total budget for audit: Try to stay under 20k tokens for Weasel-related context, leaving room for code reading and manual review.
Available MCP Tools
weasel_analyze - Run static analysis (COMPACT output)
path: Directory or file (optional, defaults to current)severity: Filter - "High", "Medium", "Low", "Gas", "NC"exclude: Paths to exclude
weasel_finding_details - Get FULL details for ONE detector
- Use sparingly! Each call adds context
detector: Detector ID (e.g., "reentrancy")path: Path analyzed (for cached results)
weasel_detectors - List available detectors
- Use if user asks what Weasel can detect
severity: Optional filter