Skip to main content

Agent

apps/agent is a standalone Hono server that wraps the scanner in a Claude tool-use loop. It exposes a single x402-gated endpoint:

POST /ask   { "prompt": "..." }   → { role, text, scans }

How it works

  1. Request hits paymentMiddleware. If no X-PAYMENT header, returns 402 with the x402 challenge.
  2. Once paid (facilitator verifies + settles on Base), control passes to the handler.
  3. The handler calls runAgent({ prompt }), which:
    • Sends the prompt to Claude with one tool: scan_token.
    • Loops up to 6 iterations: model emits tool_use, server runs analyzeToken, returns the result, model continues.
    • When stop_reason === "end_turn", returns the assistant text and the raw scan results.

Security knowledge base

The auditor doesn't reason about contracts from scratch — it ships with a vendored knowledge base (packages/knowledge) that mirrors the evm-audit-* skill checklists (~500+ items across 19 domains: weird ERC20 behaviors, precision/math, proxies, oracles, AMM/Uniswap V4 hooks, signatures, bridges, governance, flash loans, NFTs, assembly, L2 quirks, …). The markdown lives in packages/knowledge/skills/ and is copied into the agent's Docker image, so the knowledge is available at runtime without reaching any local skill files.

For each project audit (auditor.ts), the worker:

  1. Fetches the target's verified Solidity source and flattens multi-file standard-json into readable code.
  2. Derives routing signals from the source + scanner flags (deriveSignals) and selects the relevant domains (selectSkills), mirroring the master skill's routing table. general + precision-math + erc20 + access-control always load; the rest are gated on detected patterns.
  3. Injects a budget-bounded knowledge block (AUDIT_KNOWLEDGE_CHAR_BUDGET), the source excerpt (AUDIT_SOURCE_CHAR_BUDGET), and any prior Clawditor audits of the same contract or its deployer's siblings into the prompt.

The report gains a ## Contract security review section with severity-tagged, source-grounded findings. Follow-up Q&A turns inherit the conversation history plus a core-checklist appendix so paid follow-ups stay rigorous.

The interactive /ask agent leverages the same knowledge on demand via the lookup_audit_checklists tool — it pulls the routed checklists for a contract only when the model decides it needs source-level depth.

Both budgets are env-tunable to trade token cost against audit depth.

Customizing

To add more tools (e.g. a Discord/X notifier, a price oracle), edit apps/agent/src/tools.ts:

export const tools = [
  { name: "scan_token", description: "...", input_schema: { ... } },
  { name: "post_alert", description: "...", input_schema: { ... } },
] as const;

export async function runTool(name, input) {
  switch (name) {
    case "scan_token": return analyzeToken(input.address, input.chainId);
    case "post_alert": return postAlert(input);
  }
}

Agent-to-agent

Because the endpoint is x402-gated, any other agent on the network can pay and call it without an account, API key, or rate-limit handshake. This is the unlock: composability between agents that don't trust each other but can both prove they paid.