w3m audit
Run security checks on local smart contracts.
w3m auditDoes not require authentication (AI review requires Pro tier).
Options
| Option | Description |
|---|---|
--slither | Run Slither static analysis only |
--ai | Run AI-powered contract review only |
By default (no flags), both Slither and AI review are run.
Requirements
- Must be run from a project directory (a
contracts/src/directory must exist) - Slither requires slither-analyzer (
pip install slither-analyzer) - AI review requires authentication with a Pro-tier account
Checks Performed
Environment Security
Always runs first. Validates environment variables:
- Variables matching secret patterns (
private_key,secret,mnemonic) must not have theNEXT_PUBLIC_prefix - Empty secret variables trigger a warning
Slither Static Analysis
Runs Slither on your contracts. Findings are categorized by impact:
| Impact | Display |
|---|---|
| High | Red — critical security issues |
| Medium | Yellow — potential issues to investigate |
| Low / Informational | Count shown — minor or optimization suggestions |
If Slither is not installed, a warning is shown with installation instructions.
AI Contract Review
Sends .sol files to the AI review API. Issues are categorized as Critical or Warning, each with a suggested fix.
If not authenticated or not on a Pro plan, AI review is skipped with a message.
Examples
# Run all security checks
w3m audit
# Slither only
w3m audit --slither
# AI review only
w3m audit --ai