Autonomous smart contract security auditor for Claude Code.
Orchestrates 15-95 AI agents across 8 phases to produce audit reports with verified PoC exploits. Supports EVM/Solidity, Solana/Anchor, Aptos Move, and Sui Move.
Claude Code CLI, Python 3.11-3.12 + pip, Node.js 18+, Git
macOS: Also run
xcode-select --install(needed for C++ dependency compilation).Windows: Enable Developer Mode before installing (required for symlinks). Settings > System > For Developers > toggle ON. Or in admin PowerShell:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock /v AllowDevelopmentWithoutDevLicense /t REG_DWORD /d 1 /fPer-language tools (Foundry, Solana CLI, etc.) are installed automatically via
plamen setup.
Open Claude Code and paste the contents of SETUP.md. Claude handles cloning, symlink installation, dependency setup, and RAG database building automatically.
Linux / macOS:
git clone https://github.com/PlamenTSV/plamen.git ~/.plamen export SOLODIT_API_KEY=your_key_here # free at solodit.cyfrin.io (recommended for RAG quality) cd ~/.plamen && python3 plamen.py installWindows (PowerShell):
git clone https://github.com/PlamenTSV/plamen.git $HOME\.plamen $env:SOLODIT_API_KEY = "your_key_here" # free at solodit.cyfrin.io (recommended for RAG quality) cd $HOME\.plamen; python plamen.py installPython dependencies are installed automatically on first run. On macOS/Linux use
python3, on Windows usepython. SetSOLODIT_API_KEYbefore install — the RAG database builds during setup and Solodit is the largest source (3400+ findings).
After install, add to PATH so you can run plamen from anywhere:
Linux (bash):
echo 'export PATH="$HOME/.plamen:$PATH"' >> ~/.bashrc && source ~/.bashrcmacOS (zsh):
echo 'export PATH="$HOME/.plamen:$PATH"' >> ~/.zshrc && source ~/.zshrcWindows (PowerShell, one-time):
[System.Environment]::SetEnvironmentVariable("Path", "$env:USERPROFILE\.plamen;" + [System.Environment]::GetEnvironmentVariable("Path", "User"), "User")Then use plamen from anywhere:
plamen # interactive wizard plamen setup # install tools + build RAG plamen rag # rebuild RAG database only plamen uninstall # remove Plamen from ~/.claudeImportant: Always use
plamen(notpython3 plamen.py) after PATH is set. Thepython3 plamen.pyform only works from inside~/.plamen/.
The installer:
- Creates symlinks from
~/.plameninto~/.claude/so Claude Code discovers Plamen's agents, rules, prompts, and commands - Merges Plamen's permissions into your existing
settings.json(additive only — won't remove your entries) - Merges MCP server definitions into
mcp.json(won't overwrite your existing servers) - Injects Plamen instructions into
CLAUDE.mdbetween<!-- PLAMEN:START/END -->markers (preserves your content) - Installs Python dependencies and builds the RAG database
Your existing Claude Code configuration is preserved.
How symlinks work
The Plamen repo stays at ~/.plamen. The installer creates symlinks (shortcuts) in ~/.claude/ that point back to ~/.plamen/. When Claude Code reads ~/.claude/agents/depth-edge-case.md, the OS transparently reads ~/.plamen/agents/depth-edge-case.md. This means:
git pullin~/.plamenupdates everything automatically — no re-install needed- Your own Claude Code files in
~/.claude/(custom agents, commands, hooks) are untouched - Deleting
~/.plamenwould break the symlinks — don't delete it while Plamen is installed
| Platform | How links are created | Requirements |
|---|---|---|
| Linux / macOS | Standard symlinks (os.symlink) | None |
| Windows (directories) | Junctions (mklink /J) | None |
| Windows (files) | Symlinks (os.symlink) | Developer Mode enabled |
Migrating from v1.0.x (installed directly in
~/.claude): Close Claude Code first, then run both commands together:Linux/macOS:
mv ~/.claude ~/.plamen && cd ~/.plamen && python3 plamen.py installWindows (PowerShell):
Rename-Item $HOME\.claude $HOME\.plamen; cd $HOME\.plamen; python plamen.py installThis moves the repo to
~/.plamenand immediately recreates~/.claudewith symlinks + merged config. Claude Code will not work between the move and install — run them together.
Click to expand (~5-10 min)
Option B handles this automatically. These commands are for reference only.
cd ~/.plamen # 1. Python deps (~2GB download — PyTorch for embeddings) pip install -r requirements.txt pip install -r custom-mcp/unified-vuln-db/requirements.txt pip install -r custom-mcp/solodit-scraper/requirements.txt pip install -r custom-mcp/defihacklabs-rag/requirements.txt pip install -e custom-mcp/solana-fender pip install -r custom-mcp/farofino-mcp/requirements.txt pip install -e custom-mcp/slither-mcp # EVM only (needs Python 3.11+) # 2. Build RAG database (~5 min) export SOLODIT_API_KEY=your_key_here # free at solodit.cyfrin.io cd custom-mcp/unified-vuln-db python3 -m unified_vuln.indexer index -s solodit --max-pages 10 python3 -m unified_vuln.indexer index -s defihacklabs python3 -m unified_vuln.indexer index -s immunefi cd ../.. # Note: on Windows use 'python' instead of 'python3' # 3. Chain tools (install what you need) curl -L https://foundry.paradigm.xyz | bash && foundryup # EVM pip install slither-analyzer # EVM static analysis # See docs/setup.md for Solana, Aptos, Sui, Medusa, TridentWindows + Solana: Enable Developer Mode (Settings > System > For Developers) and install OpenSSL (
winget install ShiningLight.OpenSSL.Dev) before building. See docs/dependencies.md.
See docs/setup.md for the full guide with all per-language prerequisites.
plamen # terminal wrapper with interactive wizardOr inside Claude Code: /plamen
| Mode | Plan | Agents | Key Features |
|---|---|---|---|
| Light | Pro | ~15-18 | Fast scan, all Sonnet, no fuzzing |
| Core | Max | ~25-45 | Full depth, PoC verification for Medium+ |
| Thorough | Max | ~35-95 | Iterative depth, invariant fuzzing, Medusa, skeptic-judge |
See docs/audit-modes.md for the full comparison.
Terminal wrapper (recommended — includes setup, cost estimation):
plamen # interactive wizard plamen core /path/to/project # skip wizard plamen thorough /path/to/project --proven-only # strict evidence mode plamen setup # install tools onlyInside Claude Code:
> /plamen core > /plamen thorough docs: whitepaper.pdf scope: scope.txt See docs/usage.md for PATH setup and all CLI options.
| Language | Build Tool | Static Analysis | Fuzzing |
|---|---|---|---|
| EVM/Solidity | Foundry, Hardhat | Slither, Aderyn | Foundry invariant, Medusa |
| Solana/Anchor | Anchor, cargo-build-sbf | Fender | Trident, proptest |
| Aptos Move | aptos CLI | Move Prover | Parameterized tests |
| Sui Move | sui CLI | -- | Parameterized tests |
Language detection is automatic based on config files.
| Topic | Link |
|---|---|
| Full setup guide | docs/setup.md |
| Platform dependencies | docs/dependencies.md |
| Audit mode comparison | docs/audit-modes.md |
| Pipeline architecture | docs/architecture.md |
| MCP servers & API keys | docs/mcp-servers.md |
| Usage & CLI options | docs/usage.md |
| Skills, rules & internals | docs/internals.md |
| Repository structure | docs/repository-structure.md |
| Automated setup (Claude) | SETUP.md |
See CONTRIBUTING.md. Skills are the most impactful contribution — teach methodology (how to look), not patterns (what to find).
- Trail of Bits — Slither MCP server
- Farofino — Aderyn integration
- SunWeb3Sec — DeFiHackLabs exploit corpus
- Solodit — Audit finding database
- Anthropic — Claude Code runtime
