Skip to content
CLI client for the MythX API
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Setup test framework (#29) Mar 29, 2019
.github/ISSUE_TEMPLATE Update issue templates Apr 3, 2019
.vscode Remove launch.json from repo May 17, 2019
bin Clean commit Feb 28, 2019
src Update May 17, 2019
test Update test May 17, 2019
.editorconfig Clean commit Feb 28, 2019
.gitignore Add launch.json to ignore list May 17, 2019 Add changes for 0.9.0 May 17, 2019
output.txt Clean commit Feb 28, 2019
tsconfig.json Clean commit Feb 28, 2019
tslint.json Clean commit Feb 28, 2019
yarn.lock Update May 17, 2019


A CLI client for MythX

oclif Version Downloads Codacy Badge License: MIT CircleCI Discord


Install globally using:

$ npm -g install @cleanunicorn/mythos


Use this to scan Solidity source code.

You need to provide your MythX address and password.

As an env variable:

$ export MYTHX_ETH_ADDRESS='mythxEthAddress'
$ export MYTHX_PASSWORD='mythxPassword'
$ mythos analyze ./contract.sol Contract

Or as flags:

$ mythos analyze ./contract.sol Contract \
  --mythxEthAddress=mythxEthAddress \


$ mythos analyze no-pragma.sol NoPragma

Reading contract no-pragma.sol... done
Compiling with Solidity version: latest
 ›   Warning: no-pragma.sol:1:1: Warning: Source file does not specify required compiler version! Consider adding "pragma solidity ^0.5.7;"
 ›   contract NoPragma {
 ›   ^ (Relevant source part starts here and spans across multiple lines).

Compiling contract no-pragma.sol... done
Analyzing contract NoPragma... done

UUID: 9350d5c4-b89f-43ef-b1f7-48840fee8a02
API Version: v1.4.12
Harvey Version: 0.0.16
Maestro Version: 1.2.6
Maru Version: 0.4.2
Mythril Version: 0.20.3

Report found 2 issues
Covered instructions: 40
Covered paths: 4
Selected compiler version: v0.4.25

Title: (SWC-106) Unprotected SELFDESTRUCT Instruction
Severity: High
Head: The contract can be killed by anyone.
Description: Anyone can kill this contract and withdraw its balance to an arbitrary address.
Source code:

no-pragma.sol 3:8


Title: (SWC-103) Floating Pragma
Severity: Medium
Head: No pragma is set.
Description: It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently no version is set in the Solidity file.
Source code:

no-pragma.sol 1:0




Basic usage

$ npm install -g @cleanunicorn/mythos
$ mythos COMMAND
running command...
$ mythos (-v|--version|version)
@cleanunicorn/mythos/0.9.0 linux-x64 node-v11.15.0
$ mythos --help [COMMAND]
  $ mythos COMMAND



Scan a smart contract with MythX API


  CONTRACTFILE  Contract file to scan
  CONTRACTNAME  Contract name

  -h, --help                         show CLI help

  --analysisMode=analysisMode        [default: quick] Define the analysis mode when requesting a scan. Choose one from:
                                     quick, full.

  --mythxEthAddress=mythxEthAddress  (required)

  --mythxPassword=mythxPassword      (required)

  --solcVersion=solcVersion          Solidity version to use when compiling (example: 0.4.21). If none is specified it
                                     will try to identify the version from the source code.

  --timeout=timeout                  [default: 180] How many seconds to wait for the result

See code: src/commands/analyze.ts

mythos get-analysis UUID

Retrieve analysis results scanned with MythX API

  $ mythos get-analysis UUID

  UUID  uuid to retrive analysis results

  -h, --help                         show CLI help
  --mythxEthAddress=mythxEthAddress  (required)
  --mythxPassword=mythxPassword      (required)

See code: src/commands/get-analysis.ts

mythos help [COMMAND]

display help for mythos

  $ mythos help [COMMAND]

  COMMAND  command to show help for

  --all  see all commands in CLI

See code: @oclif/plugin-help


  • 0.9.0

    • Update to new armlet version and to new API changes
  • 0.8.1

    • Fix off by one source mapping
  • 0.8.0

    • Fix file name when running get-analysis to save response as issues-${uuid}.json
    • Make compilation errors more obvious
    • Display more information from report: compiler version used, API versions, SWC-ID, report's UUID
    • Display clear error when incorrect contract name is specified
    • Display compilation warnings
  • 0.7.0

    • Send the AST when requesting an analysis
  • 0.6.0

    • Fix external lib import, it sends the library information to MythX
    • Dump issues in a file as issues-[uuid].json for easy manual inspection
  • 0.5.2

    • Setup automatic tests
  • 0.5.1

    • Fix dynamic linking issue (thanks to @eswarasai).
  • 0.5.0

    • Automatically import other files (thanks to @eswarasai).
    • Fix minor issue when picking Solidty version (thanks to @eswarasai).
    • Fix issue count (thanks to @tagomaru).
  • 0.4.1

    • Update npm dependencies
  • 0.4.0

    • Correctly pick solidity version when an interval is set (thanks to @nanspro).
    • Add get-analysis command to retrieve a scanned result (thanks to @tagomaru).
    • Fix displaying severity in output list.
  • 0.3.2

    • Display message on syntax error.
  • 0.3.1

    • Add Severity to output.
  • 0.3.0

    • Request different depths of analyses with --analysisMode can be full or quick.
    • Add changelog.
  • 0.2.0

    • Stable version, first release.
You can’t perform that action at this time.