a5c-ai/mythril-symbolic
library/specializations/cryptography-blockchain/skills/mythril-symbolic/SKILL.md
Symbolic execution analysis using Mythril for deep vulnerability detection in smart contracts. Supports configurable transaction depth, timeout settings, and proof-of-concept exploit generation.
$ install --global
skillsauthnpx skillsauth add a5c-ai/babysitter mythril-symbolicInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 4:44 PM173.9s2 files scanned
SKILL.md
- name:
- mythril-symbolic
- description:
- Symbolic execution analysis using Mythril for deep vulnerability detection in smart contracts. Supports configurable transaction depth, timeout settings, and proof-of-concept exploit generation.
- allowed-tools:
- Read, Grep, Write, Bash, Edit, Glob, WebFetch
Mythril Symbolic Execution Skill
Deep vulnerability detection through symbolic execution using Mythril, a security analysis tool for EVM bytecode.
Capabilities
- Symbolic Execution: Configure and run symbolic execution analysis
- Transaction Depth Control: Set appropriate depth for complex interactions
- Trace Analysis: Interpret symbolic execution traces
- Integer Issues: Detect overflow/underflow paths (pre-0.8 Solidity)
- State Analysis: Find reentrancy via state change analysis
- Assertion Detection: Identify assertion failures and edge cases
- PoC Generation: Generate proof-of-concept exploit inputs
Installation
# Install via pip
pip install mythril
# Or use Docker (recommended)
docker pull mythril/myth
# Verify installation
myth version
Basic Usage
Analyze Source Code
# Analyze single file
myth analyze Contract.sol
# Analyze with Solidity version
myth analyze Contract.sol --solv 0.8.20
# Analyze specific contract
myth analyze Contract.sol:MyContract
Analyze Bytecode
# Analyze deployed contract
myth analyze -a 0x<address> --rpc <rpc_url>
# Analyze bytecode file
myth analyze --bin-runtime contract.bin
Configuration Options
Transaction Depth
# Default depth (2)
myth analyze Contract.sol
# Increased depth for complex interactions
myth analyze Contract.sol --execution-timeout 300 -t 3
# Deep analysis (slow)
myth analyze Contract.sol --execution-timeout 600 -t 4
Timeout Settings
# Set execution timeout (seconds)
myth analyze Contract.sol --execution-timeout 300
# Set solver timeout
myth analyze Contract.sol --solver-timeout 10000
# Quick scan
myth analyze Contract.sol --execution-timeout 60 -t 2
Module Selection
# Run specific modules
myth analyze Contract.sol --modules ether_thief,suicide
# Available modules
# - ether_thief
# - suicide
# - integer_overflow/underflow
# - delegatecall
# - arbitrary_write
# - state_change_external_call
Output Formats
Standard Output
myth analyze Contract.sol
JSON Output
myth analyze Contract.sol -o json > report.json
Markdown Output
myth analyze Contract.sol -o markdown > report.md
JSONV2 (Detailed)
myth analyze Contract.sol -o jsonv2 > detailed.json
Vulnerability Detection
Reentrancy Detection
Mythril detects reentrancy by tracking:
- External calls
- State changes after calls
- ETH transfers
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Low
Contract: Vulnerable
Function name: withdraw()
PC address: 1234
Estimated Gas Usage: 2500 - 10000
Type: Informational
...
Integer Overflow/Underflow
==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: Token
Function name: transfer(address,uint256)
PC address: 567
Estimated Gas Usage: 3000 - 5000
A possible integer overflow exists in the function...
Unprotected Self-Destruct
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: Vulnerable
Function name: kill()
Any sender can trigger self-destruction...
Advanced Usage
Concolic Execution
# Use concrete values where possible
myth analyze Contract.sol --strategy dfs --execution-timeout 300
Custom Constraints
# Analyze with constraints file
myth analyze Contract.sol --constraints constraints.json
State Space Pruning
# Limit state explosion
myth analyze Contract.sol --max-depth 30 --call-depth-limit 3
CI/CD Integration
GitHub Actions
name: Mythril Analysis
on: [push]
jobs:
mythril:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Mythril
uses: docker://mythril/myth
with:
args: analyze /github/workspace/contracts/*.sol --solv 0.8.20
Custom Script
#!/bin/bash
for file in contracts/*.sol; do
myth analyze "$file" --solv 0.8.20 -o json > "reports/$(basename $file .sol).json"
done
Interpreting Results
Severity Levels
| Level | Description | Action | |-------|-------------|--------| | High | Critical vulnerability | Fix immediately | | Medium | Potential issue | Investigate | | Low | Minor concern | Consider fixing | | Informational | Code quality | Optional fix |
SWC Registry
| SWC ID | Name | Description | |--------|------|-------------| | SWC-101 | Integer Overflow | Arithmetic overflow | | SWC-104 | Unchecked Return | Ignored return values | | SWC-106 | Unprotected Destruct | Accessible selfdestruct | | SWC-107 | Reentrancy | State change after call | | SWC-110 | Assert Violation | Reachable assertion | | SWC-116 | Timestamp Dependence | Block timestamp usage |
Process Integration
| Process | Purpose |
|---------|---------|
| smart-contract-security-audit.js | Deep vulnerability analysis |
| smart-contract-fuzzing.js | Complement to fuzzing |
| invariant-testing.js | Property verification |
Comparison with Other Tools
| Tool | Technique | Speed | Depth | |------|-----------|-------|-------| | Mythril | Symbolic Execution | Slow | Deep | | Slither | Static Analysis | Fast | Surface | | Echidna | Fuzzing | Medium | Medium | | Certora | Formal Verification | Slow | Deepest |
Best Practices
- Start with quick scans, increase depth as needed
- Use Docker for consistent environment
- Run on CI for automated security checks
- Combine with static analysis (Slither)
- Verify findings manually before reporting
- Use appropriate Solidity version flag
Troubleshooting
Out of Memory
# Increase timeout, reduce depth
myth analyze Contract.sol --execution-timeout 600 -t 2
Solver Timeout
# Increase solver timeout
myth analyze Contract.sol --solver-timeout 30000
Compilation Errors
# Specify Solidity version
myth analyze Contract.sol --solv 0.8.20
# Use specific compiler
myth analyze Contract.sol --solc-json solc.json
See Also
skills/slither-analysis/SKILL.md- Static analysisskills/echidna-fuzzer/SKILL.md- Property-based fuzzingagents/solidity-auditor/AGENT.md- Security auditor- Mythril Documentation
Related Skills
a5c-ai/model-card-generator
development
VerifiedTrustedCommunity
Model documentation skill for generating model cards following Google's model card framework.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/mlflow-experiment-tracker
development
VerifiedTrustedCommunity
MLflow integration skill for experiment tracking, model registry, and artifact management. Enables LLMs to log experiments, compare runs, manage model lifecycle, and retrieve artifacts through the MLflow API.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/lime-explainer
data-ai
VerifiedTrustedCommunity
LIME-based local explanation skill for individual predictions across tabular, text, and image data.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/kubeflow-pipeline-executor
devops
VerifiedTrustedCommunity
Kubeflow Pipelines skill for ML workflow orchestration, component management, and Kubernetes-native ML.
680SKILL.mdUpdated Apr 28, 2026