High Risk:This skill has significant security concerns. Review the findings below before installing.

solidity-lsp

Caution·Scanned 2/17/2026

Dangerous skill: contains a piped remote installer (curl -L https://foundry.paradigm.xyz | bash) and instructs local shell execution. It also references deployment secrets process.env.PRIVATE_KEY and process.env.SEPOLIA_URL.

from clawhub.ai·v633f82f·5.1 KB·0 installs
Scanned from 1.0.0 at 633f82f · Transparency log ↗
$ vett add clawhub.ai/bowen31337/solidity-lspReview security findings before installing

Solidity LSP

Solidity language server integration providing comprehensive smart contract development support through solc (Solidity compiler) and solhint (linter).

Capabilities

  • Compilation: Compile Solidity smart contracts with solc
  • Linting: Static analysis with solhint for best practices and security
  • Security: Detect common vulnerabilities (reentrancy, overflow, etc.)
  • Gas optimization: Identify expensive operations
  • Code intelligence: Syntax highlighting, error detection
  • Supported extensions: .sol

Installation

Install Solidity compiler and linter:

# Solidity compiler
npm install -g solc

# Solidity linter
npm install -g solhint

Verify installation:

solcjs --version
solhint --version

Usage

Compile Solidity Contract

solcjs --bin --abi contract.sol

Compile with optimization:

solcjs --optimize --bin --abi contract.sol

Lint Contract

Run solhint on a file:

solhint contracts/MyContract.sol

Run on entire project:

solhint 'contracts/**/*.sol'

Security Analysis

solhint includes security rules by default. For advanced security analysis, consider:

# Install slither (requires Python)
pip3 install slither-analyzer

# Run security analysis
slither contracts/

Configuration

solhint Configuration

Create .solhint.json in project root:

{
  "extends": "solhint:recommended",
  "rules": {
    "compiler-version": ["error", "^0.8.0"],
    "func-visibility": ["warn", {"ignoreConstructors": true}],
    "max-line-length": ["warn", 120],
    "not-rely-on-time": "warn",
    "avoid-low-level-calls": "warn",
    "no-inline-assembly": "warn"
  }
}

Hardhat/Foundry Integration

For full development environments, see references/frameworks.md.

Integration Pattern

When developing smart contracts:

  1. Write: Edit Solidity code
  2. Lint: Run solhint to catch issues early
  3. Compile: Use solcjs to verify compilation
  4. Analyze: Run security tools before deployment
  5. Test: Write comprehensive unit tests

Common Issues

  • Compiler version mismatch: Specify pragma version in contract
  • Gas optimization: Use view/pure where possible
  • Security: Never use tx.origin for authentication
  • Best practices: Follow Checks-Effects-Interactions pattern

More Information