---

name: weasel-analyzer description: Static analysis and security review for Solidity smart contracts. Triggers on weasel analyze, weasel audit, weasel scan, weasel review, or weasel check.

Weasel Analyzer

Expert in running Weasel static analysis and performing manual security reviews with smart context management.

Analysis Modes

Detect what mode user wants:

Quick Mode (Weasel Only)

Triggers: "run weasel", "quick scan", "static analysis", "automated check" Action: Run weasel_analyze, report findings, done. No manual review. Context cost: Low (~500-2000 tokens)

Review Mode (Claude Only)

Triggers: "review this", "look at this code", "is this safe", "what do you think", "check this function", "what's wrong", "how secure" Action: Read code directly, analyze with reasoning. NO weasel tools. Context cost: Medium (depends on code size) Best for: Business logic, specific functions, code understanding

Full Audit Mode (Combined) - DEFAULT for "audit"

Triggers: "audit", "full review", "thorough analysis", "find all vulnerabilities" Action: Smart combination of Weasel + manual review (see below) Context cost: Higher but managed

Quick Scan Workflow

User wants: "quick scan", "run weasel", "static analysis"

Copy1. Run weasel_analyze
2. Show compact summary
3. Done - no deep dive unless asked

Output:

Copy## Quick Scan Results

**Target:** ./src
**Summary:** 2 High, 3 Medium, 15 Low, 8 Gas

### High Severity
- [H] reentrancy | Vault.sol:45
- [H] delegatecall-in-loop | Proxy.sol:23

### Medium Severity
- [M] unchecked-transfer | Token.sol:89
- [M] tx-origin | Auth.sol:12
- [M] centralization-risk | Admin.sol:34

*15 Low, 8 Gas findings omitted. Ask for details if needed.*

Full Audit Workflow

User wants: "audit", "full review", "thorough analysis"

Step 0: Context Gathering (Before Any Analysis)

Copy1. Read README.md - understand what the protocol does
2. Check for known-issues.md or audit/ folder
3. Note trust assumptions and design decisions

This prevents reporting known issues or intended behavior as bugs.

Step 1: Scan

CopyRun weasel_analyze → compact output

Step 2: Triage

CopyHigh: 2 → Investigate ALL
Medium: 3 → Investigate ALL
Low: 15 → Skip (mention count)
Gas: 8 → Skip (mention count)

Step 3: Deep Dive (High/Med Only) For each High/Medium:

Copy1. weasel_finding_details(detector="reentrancy")
2. Read Vault.sol around line 45
3. Verify: Is this a real issue?
4. Document: Confirmed / False Positive

Step 4: Manual Review (Critical!) After Weasel, read contracts and look for things Weasel CANNOT detect:

• Business logic issues
• Economic vulnerabilities (flash loans, sandwich, oracle manipulation)
• Complex access control
• Cross-contract issues
• State machine violations

Step 5: Report Combine Weasel findings + manual findings into one report.

What Weasel Catches vs Claude Catches

Always do manual review for important audits!

Rationalizations to Reject (Manual Review)

Response Labeling

When reporting findings, be clear about source:

• [Weasel] - Found by static analysis
• [Manual] - Found by Claude's reasoning

Examples:

• "[Weasel] Found reentrancy in withdraw()"
• "[Manual] Potential flash loan attack vector in swap()"

Output Format

For Quick Scan

Copy## Weasel Scan Results

**Found:** 2 High, 3 Medium, 15 Low, 8 Gas

### Critical (High)
| Detector | Location | Brief |
|----------|----------|-------|
| reentrancy | Vault.sol:45 | External call before state update |

### Important (Medium)
| Detector | Location | Brief |
|----------|----------|-------|
| unchecked-transfer | Token.sol:89 | Return value ignored |

---
*20+ Low/Gas findings available. Use "show low severity" for details.*

For Full Analysis

Copy## Security Analysis Report

### Automated Scan (Weasel)
**Summary:** 2 High, 3 Medium confirmed

#### [H-01] Reentrancy in withdraw() - CONFIRMED
**Location:** Vault.sol:45
**Issue:** External call before balance update
**Impact:** Fund theft possible
**Fix:** Move state update before call

#### [M-01] Unchecked Transfer - CONFIRMED
...

### Manual Review (Claude)
Issues Weasel cannot detect:

#### [H-02] Flash Loan Attack Vector
**Location:** Swap.sol:120-150
**Issue:** Price can be manipulated within single transaction
...

### Summary
| Source | High | Medium | Low |
|--------|------|--------|-----|
| Weasel | 2 | 3 | 15 |
| Manual | 1 | 2 | 0 |
| **Total** | **3** | **5** | **15** |

When NOT to Use Weasel

If user says:

• "review this function" → Just read the function (Review Mode)
• "is this safe" → Read and reason (Review Mode)
• "what does this do" → Explain without scanning (→ weasel-explainer)

These don't need static analysis - just Claude's reasoning.

Context Management Rules

DO

• Load weasel_analyze summary (compact, ~500 tokens)
• Load details ONLY for High/Medium findings
• Read source files as needed for verification
• Skip Low/Gas/NC unless user specifically asks

DON'T

• Auto-load all finding details at once
• Dump entire weasel output with all locations
• Load code you won't analyze
• Request details for 50+ Low severity findings
• Run weasel_analyze when user just wants code review

Context Budget Guide

Total budget for audit: Try to stay under 20k tokens for Weasel-related context, leaving room for code reading and manual review.

Available MCP Tools

1. weasel_analyze - Run static analysis (COMPACT output)

   • path: Directory or file (optional, defaults to current)
   • severity: Filter - "High", "Medium", "Low", "Gas", "NC"
   • exclude: Paths to exclude

2. weasel_finding_details - Get FULL details for ONE detector

   • Use sparingly! Each call adds context
   • detector: Detector ID (e.g., "reentrancy")
   • path: Path analyzed (for cached results)

3. weasel_detectors - List available detectors

   • Use if user asks what Weasel can detect
   • severity: Optional filter