Can it handle large reports without hitting context limits?

Yes, it uses a context-efficient workflow that avoids reading the full report. Instead, it pulls a summary via MCP and only loads the specific source code snippets needed for verification.

Does it modify my existing report files?

Yes, if a report file exists, the skill can use the Edit tool to remove sections identified as false positives, ensuring your report contains only confirmed security concerns.

What types of vulnerabilities does it check?

It focuses on high and medium severity issues including reentrancy, access control, unchecked returns, and integer overflows/underflows.

How does Weasel Filter identify false positives?

It performs a deep analysis by reading the specific source code mentioned in the finding, checking for security guards like nonReentrant modifiers or SafeERC20 usage, and assessing exploitability against the contract's logic.

Why should I use this instead of reading the report myself?

Weasel Filter automates the repetitive task of checking common false positive patterns, saving significant time and ensuring a systematic verification process based on expert security best practices.

Weasel Filter

Name: Weasel Filter
Author: slvDev

byslvDev

•

セキュリティとテスト

Filters and triages false positives from Weasel Solidity static analysis reports to ensure high-quality security findings.

Weasel Filter is a specialized security skill designed to refine the output of the Weasel static analyzer by identifying and removing false positives from Solidity smart contract audits. By cross-referencing high and medium-severity findings with the actual source code, it validates vulnerabilities like reentrancy and access control issues, allowing developers to focus on genuine security threats. It offers efficient workflows for both in-memory analysis and direct report cleaning, ensuring that final audit reports are concise, accurate, and actionable without exhausting context limits.

主な機能

01Minimalist output summaries for rapid identification of confirmed issues

02Built-in verification checklists for common smart contract attack vectors

03Direct cleaning of markdown reports by removing false positive sections

04Automated triage of high and medium severity Solidity vulnerabilities

05Context-efficient verification using MCP tool summaries and targeted code reading

0610 GitHub stars

ユースケース

01Validating if a reported reentrancy finding is protected by an existing mutex

02Refining large static analysis reports to focus only on exploitable vulnerabilities

03Cleaning up automated security scans before sharing results with a development team

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add slvdev/weasel weasel-filter

For use in Claude.ai and ChatGPT

Download Skill