Claude Code + Mythril Smart Contract (2026)
Revised April 2026. With recent updates to mythril tooling and Claude Code’s improved project context handling, some mythril workflows have changed. This guide reflects the updated Claude Code behavior for mythril.
Claude Code for Mythril Workflow Tutorial
Security analysis of Ethereum smart contracts is critical for any DeFi project, yet it can be time-consuming and error-prone when done manually. This tutorial shows you how to use Claude Code to automate your Mythril security scanning workflow, making vulnerability detection faster and more consistent across your development cycle.
What is Mythril?
Mythril is a security analysis tool for Ethereum smart contracts that uses symbolic execution to detect potential vulnerabilities. It can identify issues like reentrancy bugs, integer overflows, access control flaws, timestamp dependence, and many other common smart contract vulnerabilities. Mythril does this by modeling all possible execution paths through your contract’s bytecode using the Z3 SMT solver, rather than simply scanning source code for known patterns.
This symbolic execution approach catches bugs that simple pattern matching would miss, but it also means Mythril has a steep learning curve. The tool’s output is technical, its flags are numerous, and translating findings into concrete code fixes requires expertise in Solidity security patterns. That is exactly where Claude Code closes the gap, it handles the execution, interprets the results, and generates remediation guidance in a single workflow.
Understanding What Mythril Detects
Before setting up automation, it helps to understand the vulnerability categories Mythril covers:
| SWC ID | Vulnerability Type | Common Cause |
|---|---|---|
| SWC-101 | Integer Overflow/Underflow | Missing SafeMath or checked arithmetic |
| SWC-104 | Unchecked Return Value | Ignoring return value of send() or call() |
| SWC-105 | Unprotected Ether Withdrawal | Missing access control on withdraw functions |
| SWC-106 | Unprotected SELFDESTRUCT | Missing onlyOwner on destructible functions |
| SWC-107 | Reentrancy | State updated after external calls |
| SWC-110 | Assert Violation | Unreachable assert or incorrect invariant |
| SWC-111 | Use of Deprecated Functions | suicide(), throw, callcode() |
| SWC-116 | Timestamp Dependence | Using block.timestamp for randomness or locks |
| SWC-120 | Weak Sources of Randomness | Using blockhash as entropy source |
Knowing these categories helps you configure Mythril to focus on the checks most relevant to your contract type, a simple ERC-20 token needs different analysis priorities than a complex DeFi vault.
Setting Up Your Environment
Before integrating Claude Code with Mythril, ensure you have the necessary tools installed:
Create a Python virtual environment to isolate Mythril dependencies
python3 -m venv mythril-env
source mythril-env/bin/activate
Install Mythril
pip install mythril
Verify installation
myth --version
Install solc-select for managing Solidity compiler versions
pip install solc-select
solc-select install 0.8.19
solc-select use 0.8.19
Verify the Claude CLI is installed and configured
claude --version
Create a project directory structure that organizes contracts, scan results, and reports:
mkdir -p ~/smart-contract-security/{contracts,reports,baselines,scripts}
cd ~/smart-contract-security
Create a new skill to handle Mythril interactions. In your Claude Skills directory, create mythril-security.md:
---
name: mythril
description: Run Mythril security analysis on Ethereum smart contracts
---
Mythril Security Analysis Skill
You have access to bash commands and file operations. When asked to analyze a smart contract:
1. Check which Solidity version the contract targets (read the pragma line)
2. Switch to the correct solc version using solc-select
3. Run: myth analyze <file> --solc-version <version> --json-output > /tmp/mythril-out.json
4. Read the JSON output and categorize findings by SWC ID and severity
5. For each finding, explain what the vulnerability is, why it is dangerous, and provide a concrete code fix
This skill will have access to file system and bash operations, which are essential for running Mythril and processing results.
Creating Your First Automated Scan
Start with a deliberately vulnerable contract to verify your setup works end to end. Create a test contract:
// contracts/VulnerableVault.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract VulnerableVault {
mapping(address => uint256) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
}
// VULNERABILITY: reentrancy - state updated after external call
function withdraw(uint256 amount) public {
require(balances[msg.sender] >= amount, "Insufficient balance");
(bool success, ) = msg.sender.call{value: amount}("");
require(success, "Transfer failed");
balances[msg.sender] -= amount; // should happen BEFORE the call
}
// VULNERABILITY: unprotected ether withdrawal
function emergencyDrain() public {
payable(msg.sender).transfer(address(this).balance);
}
}
Run Mythril against it:
myth analyze contracts/VulnerableVault.sol --solc-version 0.8.0 --json-output > reports/VulnerableVault-scan.json
Then ask Claude Code to interpret the output:
Read reports/VulnerableVault-scan.json and explain each finding in plain English.
For each issue, show the vulnerable code and the corrected version.
Claude Code will produce a structured report explaining that the reentrancy issue in withdraw() allows an attacker to recursively call back into the function before the balance is decremented, a pattern responsible for the $60M DAO hack in 2016, and will show the fix using the checks-effects-interactions pattern.
Building an Intelligent Analysis Skill
Create a skill that not only runs Mythril but interprets findings and generates remediation guidance:
---
name: mythril-analyze
description: Analyze Solidity contracts with Mythril and provide remediation guidance
---
Mythril Analysis with Remediation
When analyzing a contract:
1. Run Mythril with appropriate flags for comprehensive coverage
2. Parse and categorize findings by severity (Critical/High/Medium/Low/Informational)
3. Map each SWC ID to a remediation pattern
4. Generate a developer-readable security report
5. Produce a patched version of the contract where fixes are straightforward
Severity Classification
- Critical: Direct theft of funds or contract destruction by unauthorized party
- High: Potential fund loss under specific conditions, access control bypass
- Medium: Denial of service, logic errors without direct fund loss
- Low: Best practice violations, deprecated function usage
- Informational: Code quality notes, gas optimization opportunities
Common Remediation Patterns
- SWC-107 Reentrancy: Apply checks-effects-interactions; use OpenZeppelin ReentrancyGuard
- SWC-101 Overflow: Use Solidity 0.8+ checked arithmetic or SafeMath for 0.7 and below
- SWC-105 Unprotected Withdrawal: Add onlyOwner or role-based access control
- SWC-116 Timestamp: Use block.number for time-based logic; avoid for randomness
The skill body instructs Claude on how to handle each finding category with concrete patterns, not just generic advice.
Integrating into Your Development Workflow
The real power of Claude Code + Mythril comes from integrating security scanning into your daily development process.
Pre-Commit Security Checks
Configure a pre-commit hook that triggers Mythril analysis on any modified Solidity files:
#!/bin/bash
.git/hooks/pre-commit
Make executable: chmod +x .git/hooks/pre-commit
CHANGED_SOL=$(git diff --cached --name-only --diff-filter=ACM | grep '\.sol$')
if [ -z "$CHANGED_SOL" ]; then
exit 0
fi
echo "Running Mythril security scan on changed contracts..."
for file in $CHANGED_SOL; do
echo "Scanning: $file"
myth analyze "$file" --solc-version 0.8.19 --execution-timeout 60 --json-output > /tmp/mythril-pre-commit.json
# Check for critical findings using Python
python3 -c "
import json, sys
with open('/tmp/mythril-pre-commit.json') as f:
data = json.load(f)
issues = data.get('issues', [])
critical = [i for i in issues if i.get('severity') in ('High', 'Critical')]
if critical:
print(f'BLOCKED: {len(critical)} critical issue(s) found in $file')
for i in critical:
print(f' - {i[\"swc-id\"]}: {i[\"title\"]} at line {i.get(\"lineno\", \"?\")}')
sys.exit(1)
print(f'OK: No critical issues in $file')
"
if [ $? -ne 0 ]; then
exit 1
fi
done
echo "Security scan passed."
exit 0
This ensures every commit passes through security review before entering your repository. Critical findings block the commit entirely, while lower-severity findings are logged but do not block.
Continuous Integration Pipeline
Add Mythril scanning to your CI/CD pipeline with structured JSON output and PR comment posting:
.github/workflows/security-scan.yml
name: Mythril Security Scan
on: [push, pull_request]
jobs:
mythril-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
pip install mythril solc-select
solc-select install 0.8.19
solc-select use 0.8.19
- name: Run Mythril Analysis
run: |
myth analyze contracts/ \
--solc-version 0.8.19 \
--execution-timeout 120 \
--json-output > mythril-results.json
continue-on-error: true
- name: Upload results
uses: actions/upload-artifact@v3
with:
name: mythril-results
path: mythril-results.json
- name: Check for critical issues
run: |
python3 scripts/check_severity.py mythril-results.json
The check_severity.py script gives you fine-grained control over what passes or fails the build:
scripts/check_severity.py
import json
import sys
with open(sys.argv[1]) as f:
data = json.load(f)
issues = data.get("issues", [])
by_severity = {"High": [], "Medium": [], "Low": []}
for issue in issues:
sev = issue.get("severity", "Low")
if sev in by_severity:
by_severity[sev].append(issue)
print(f"Scan complete: {len(issues)} total issues")
print(f" High: {len(by_severity['High'])}")
print(f" Medium: {len(by_severity['Medium'])}")
print(f" Low: {len(by_severity['Low'])}")
if by_severity["High"]:
print("\nCRITICAL - Build failed due to high severity issues:")
for i in by_severity["High"]:
print(f" [{i['swc-id']}] {i['title']}")
print(f" Contract: {i.get('filename', 'unknown')}, Line: {i.get('lineno', '?')}")
sys.exit(1)
print("\nBuild passed security scan.")
Automated Code Review for Pull Requests
Combine Mythril output with Claude Code for intelligent PR review comments:
scripts/pr-security-review.sh
#!/bin/bash
Get list of .sol files changed in the PR
CHANGED=$(gh pr diff --name-only | grep '\.sol$')
for file in $CHANGED; do
myth analyze "$file" --solc-version 0.8.19 --json-output > /tmp/scan-result.json
# Use Claude to generate a human-readable summary
claude -p "
Read /tmp/scan-result.json. This is Mythril's analysis of $file.
Write a concise PR review comment (markdown) that:
1. Lists any high/critical findings with the line number and explanation
2. Suggests specific code fixes for each issue
3. Notes any medium severity concerns worth reviewing
4. Gives a final recommendation: Approve / Request Changes
" > /tmp/pr-comment.md
# Post the comment to the PR
gh pr comment --body "$(cat /tmp/pr-comment.md)"
done
Handling Common Issues
False Positives
Mythril, like all static analysis tools, can produce false positives. Common sources include:
- Reentrancy warnings on non-reentrant functions that use
call()for ETH transfer only - Timestamp warnings on functions where precision does not matter (monthly fee periods, not per-block logic)
- Integer overflow warnings on values mathematically constrained to safe ranges
Your workflow should help filter these systematically:
Create a baseline of known-acceptable findings
myth analyze contracts/Token.sol --solc-version 0.8.19 --json-output > baselines/Token.baseline.json
On future scans, diff against baseline to highlight only new issues
python3 scripts/diff_scan.py baselines/Token.baseline.json reports/Token.latest.json
The diff script compares finding locations and SWC IDs to surface only regressions, not findings your team has already reviewed and accepted.
For confirmed false positives, maintain a suppression file:
// .mythril-suppress.json
{
"suppressions": [
{
"swc-id": "SWC-116",
"file": "contracts/RewardDistributor.sol",
"line": 47,
"reason": "Timestamp used only for 30-day epoch boundaries; manipulation risk acceptable"
}
]
}
Large Contracts
For contracts that exceed Mythril’s default analysis capacity:
Increase timeout and use optimization flags
myth analyze LargeVault.sol \
--solc-version 0.8.19 \
--execution-timeout 300 \
--max-depth 22 \
--strategy bfs \
--json-output > reports/LargeVault-scan.json
Consider analyzing large contracts function by function. Claude Code can split the analysis:
Read contracts/LargeVault.sol. List all public and external functions.
Then run myth analyze for each function individually using the --function flag,
and compile a combined report.
Version Compatibility
Mythril requires matching the correct Solidity compiler version to the contract’s pragma:
Extract pragma version from contract and switch automatically
PRAGMA=$(grep 'pragma solidity' contracts/MyToken.sol | grep -oP '\d+\.\d+\.\d+' | head -1)
echo "Detected pragma: $PRAGMA"
solc-select install $PRAGMA 2>/dev/null || true
solc-select use $PRAGMA
myth analyze contracts/MyToken.sol --solc-version $PRAGMA --json-output > reports/scan.json
Your Claude Code skill can embed this auto-detection logic so you never need to manually specify compiler versions.
Advanced: Custom Security Rules
For specialized security requirements beyond Mythril’s built-in checks, create custom detection modules:
mythril/custom_rules.py
from mythril.analysis.module import DetectionModule, Issue
from mythril.analysis.report import Issue
class CustomAccessControlCheck(DetectionModule):
"""Custom check for missing access control on sensitive functions.
Flags any function named 'setOwner', 'setAdmin', or 'updateConfig'
that does not include a require() guard as its first statement.
"""
name = "Custom Access Control Check"
swc_id = "SWC-105"
description = "Detects missing access control on privileged admin functions"
def _execute(self, state):
issues = []
node = state.get_current_instruction()
# Flag SSTORE operations in functions matching sensitive name patterns
if node["opcode"] == "SSTORE":
func_name = state.environment.active_function_name
sensitive_patterns = ["setOwner", "setAdmin", "updateConfig", "pause", "unpause"]
if any(p.lower() in func_name.lower() for p in sensitive_patterns):
issue = Issue(
contract=state.environment.active_account.contract_name,
function_name=func_name,
address=node["address"],
swc_id=self.swc_id,
title="Potential Missing Access Control",
bytecode=state.environment.code.bytecode,
severity="High",
description_head="Sensitive function may lack access control",
description_tail=f"Function '{func_name}' performs storage writes. Verify that an access control check (onlyOwner or role-based) is enforced before this operation."
)
issues.append(issue)
return issues
Register this module with your mythril-analyze skill and it will run alongside the standard checks on every scan.
Comparing Mythril with Other Smart Contract Security Tools
Understanding how Mythril fits into the broader security tooling landscape helps you use it more effectively:
| Tool | Approach | Best For | Limitations |
|---|---|---|---|
| Mythril | Symbolic execution | Deep path analysis, integer issues | Slow on large contracts, false positives |
| Slither | Static analysis | Fast scanning, code quality, many detectors | Misses runtime-dependent bugs |
| Echidna | Fuzzing | Property-based testing, edge cases | Requires writing properties manually |
| Manticore | Symbolic execution | Deep analysis, custom constraints | Very slow, expert configuration needed |
| Solhint | Linting | Style and best practices | No vulnerability detection |
The recommended workflow is to use all three of Mythril, Slither, and manual review in sequence. Slither is faster and catches a wider class of code quality issues; Mythril goes deeper on specific vulnerability patterns. Claude Code can orchestrate all three tools and merge their findings into a unified report.
Best Practices
-
Scan Early, Scan Often: Integrate Mythril into your IDE workflow and CI pipeline. Security bugs are dramatically cheaper to fix during development than after deployment to mainnet.
-
Automate Remediation Suggestions: Configure your skill to always produce a patched code snippet alongside each finding. Developers should never receive a bare warning with no clear fix.
-
Track Historical Results: Store every scan result in version control alongside your contracts. A finding that appears and then disappears without explanation is a red flag, either a false positive you should document, or a suppressed real issue.
-
Combine Tools: Run Mythril alongside Slither for static analysis, Echidna for fuzz testing, and at minimum one manual audit before deploying contracts that hold significant value. No single tool catches everything.
-
Stay Updated: Mythril is actively maintained and receives new detectors regularly. Pin a specific version in CI for reproducibility, but schedule quarterly upgrades to benefit from new detection capabilities.
-
Document Suppressed Findings: Every time you suppress a Mythril warning, require a written justification in the suppression file. This creates an audit trail and forces deliberate decision-making rather than reflexive dismissal.
Conclusion
Integrating Claude Code with Mythril transforms smart contract security from a manual, sporadic process into an automated, consistent workflow. By creating specialized skills that not only run analysis but also interpret results and guide remediation, you build a security-conscious development culture that catches vulnerabilities before they reach production.
The combination is particularly powerful because Mythril’s raw output is technical and intimidating, while Claude Code turns that output into actionable developer guidance. Developers who struggle to interpret a symbolic execution trace will immediately understand “this function allows an attacker to call back into your contract before you update the balance, add a reentrancy guard.”
Start small: create your first mythril skill, run it against the VulnerableVault.sol example from this tutorial, and verify Claude Code produces the reentrancy finding with a working patch. Then integrate the pre-commit hook into your active project. The investment in setting up this workflow pays dividends in reduced security incidents, faster code reviews, and a team that develops security intuition over time rather than treating security as someone else’s problem.
Try it: Paste your error into our Error Diagnostic for an instant fix.
Last verified: April 2026. If this approach no longer works, check Claude Code for Workspace Indexing Workflow Tutorial for updated steps.
Related Reading
- Claude Skills for Solidity Smart Contract Development
- Claude Code for Go Fuzz Workflow Tutorial Guide
- Claude Code for OpenSea Protocol Workflow Guide
Built by theluckystrike. More at zovo.one
Find the right skill → Browse 155+ skills in our Skill Finder.