Chonky is a VS Code extension that transforms GitHub Copilot into a specialized smart contract security auditing agent.
Your AI-Powered Smart Contract Auditing Assistant
VS Code Marketplace:
tintinweb.chonky
#> ext tintinweb.chonky
TLDR;
- Agent Augmented Auditing
- Automated Scoping
- Automated In-Depth Security Analysis
- Agentic Tooling for Deep Smart Contract Insights
- Extending Agent capabilities with General Purpose LLM Tooling
- Your Smart Contract Auditing Side-Kick!
Extends GitHub/Copilot Model Capabilities
Open Copilot Chat β switch to Agent mode β Ask the agent
// list availabler tools
List chonky available llm toolsUse Agent mode for day-to-day use. The agent will decide when to invoke any of Chonky's tools. Use the @chonky chat participant for specialized operations.
Generate comprehensive project scoping reports
Run comprehensive automated security analysis
**@chonky** #autoaudit Full security scan
Specialized chat modes for different audit phases
Explore all available features for your tier
Pre-prompt your action with our agentic security auditor template.
Sponsor and get Early Access to experimental future features π. Ping me if you run into any problems π€.
Ready-to-go Scoping/Auditing workflows, easy to extend and customize.
**@chonky** ...
Get access to our curated list of Solidity security primers to augment and automate your security auditing.
**@chonky** ...
- π§ Improved .chonky Directory Discovery
- π Flexible File Placement Support
- βΈ Fixed discovery of files in .chonky root directory (e.g., .chonky/xxx.workflow.md)
- βΈ Simplified validation logic for better file placement flexibility
- βΈ Enhanced workspace resource detection
- π Auto-Discovery of .chonky Workspace Folders
- π― Repository Filtering with repositoryId
- π Pattern-Based Resource Discovery
- π Enhanced Discovery Output
- βΈ Automatic workspace .chonky folder detection for project-specific security resources
- βΈ Repository filtering for targeted primer/workflow discovery
- βΈ Flexible file extension matching (*.primer.md, .workflow.md, tools/.yml)
- βΈ Repository information display in discovery results
- βΈ Better project-specific security resource management
- βΈ Enhanced filtering capabilities for large repositories
- βΈ More intuitive workspace-based resource organization
- π¨ Enhanced Visual Code Annotation System
- π― Accurate Line Targeting with Code Validation
- π‘οΈ Advanced Security-Focused Decorations
- β¨ Custom Styling with Full Validation
- π Advanced Security Analysis Features
- π‘οΈ Enhanced AI-Powered Vulnerability Detection
- β‘ Improved Tier-Based Feature Access
- βΈ Security primer discovery and loading system
- βΈ Workflow repository with pre-built analysis templates
- βΈ Tool configuration repository access
- βΈ Interactive Solidity REPL (Chisel) integration
- βΈ Comprehensive differential analysis orchestrator
- βΈ AI-powered function similarity detection
- βΈ Advanced vulnerability database search
- βΈ MetaMask Snap security analysis
- βΈ Multi-language scoping (Go, Rust, Solidity)
- βΈ Etherscan and Sourcify integration
- βΈ Semgrep static analysis integration
- βΈ Faster contract analysis
- βΈ Improved tooltip experience
- βΈ Enhanced sponsorship integration
Available to everyone
| Feature | Description |
|---|---|
| πΉ Chonky Chat Participant | AI-powered @chonky chat participant for intelligent assistance |
| πΉ Solidity Metrics & Scoping | Comprehensive project analysis and scoping reports |
| πΉ Contract Structure Analysis | Deep dive into contract architecture and patterns |
| πΉ Inheritance Tree Analysis | Visualize and analyze inheritance relationships |
| πΉ Contract Flattening | Flatten complex contract hierarchies |
| πΉ Access Control Analysis | Identify permission patterns and vulnerabilities |
| πΉ Storage Layout Analysis | Optimize storage packing and layout |
| πΉ Deployable Contract Discovery | Find contracts ready for deployment |
| πΉ Import Dependency Analysis | Map external dependencies and risks |
| πΉ External Calls Analysis | Map and analyze all external interactions |
| πΉ ERC Compliance Checker | Verify token standard implementations |
| πΉ Semgrep Security Analysis | Advanced static analysis with custom rules |
| πΉ Surya Visualization Suite | Generate graphs and visual contract analysis |
| πΉ Solhint Code Quality | Automated code quality and style checks |
| πΉ JSON Processing Tools | Advanced JSON parsing and analysis |
| πΉ DateTime Utilities | Timestamp and date manipulation tools |
| πΉ Memory Store | Persistent data storage across sessions |
| πΉ Available Tools Discovery | Explore all available Chonky capabilities |
| πΉ Workspace File Search | Intelligent file discovery and search |
| πΉ Workspace Integration | Auto-discovery of .chonky folders with pattern-based resource matching |
| πΉ Editor Decorator Tool | Advanced visual code annotation with accurate line targeting and custom styling |
| πΉ Diagnostic View Manager | Read and create VS Code diagnostics with code snippet validation |
Available earlier to sponsors
π‘ Support development to get early access - Become a Sponsor
| Feature | Description |
|---|---|
| πΈ Custom Chat Modes | Specialized chat modes for auditing workflows and scoping |
| πΈ Solidity REPL (Chisel) | Interactive Solidity execution environment |
| πΈ Reentrancy Detection | Comprehensive reentrancy vulnerability analysis |
| πΈ Oracle Risk Analysis | Identify oracle manipulation vulnerabilities |
| πΈ Event Pattern Analysis | Verify event emission completeness |
| πΈ Function Similarity Detector | AI-powered function pattern matching |
| πΈ Inconsistency Reporter | Find security pattern discrepancies |
| πΈ Differential Analysis Orchestrator | Comprehensive security pattern comparison |
| πΈ Smart Contract Invariants | Verify contract invariant properties |
| πΈ Function Analysis Engine | Deep function behavior and pattern analysis |
| πΈ Contract Call Graph Generator | Advanced interaction flow visualization |
| πΈ Function Path Tracer | Execution path analysis with wildcard selectors |
For security teams and researchers
π Professional tools for advanced security research - Upgrade to Professional
| Feature | Description |
|---|---|
| β‘ Security Primer Discovery | Discover and search security analysis primers |
| β‘ Security Primer Loading | Load comprehensive security primers for AI analysis |
| β‘ Workflow Repository Access | Access pre-built security analysis workflows |
| β‘ Tool Repository Access | Access security tool configurations and templates |
| β‘ Vulnerability Database Search | Query Solodit for known vulnerabilities |
| β‘ Diligence Vulnerability Database | Access ConsenSys Diligence research database |
| β‘ Go Codebase Scoping | Security analysis for Go blockchain projects |
| β‘ Rust Codebase Scoping | Security analysis for Rust blockchain projects |
| β‘ MetaMask Snap Analysis | Comprehensive MetaMask Snap security review |
| β‘ Etherscan Integration | On-chain contract verification and analysis |
| β‘ Sourcify Integration | Source code verification and metadata analysis |
| β‘ Public Codebase Search | Search GitHub for similar contract patterns |
- Install the Extension: Search for "Chonky" in VS Code Extensions
- Start Chatting: Use
@chonkyin any chat window (askMode) - Discover Tools: Switch to Copilot
AgenticMode, ask about Chonky's available tools in natural language - Scope Your Project: In
Agenticor Scoping Mode, ask to scope the project
Chonky supports specialized chat modes for different agentic workflows:
Scoping- Project scoping and analysisAudit- Security auditing workflows
- π Security Analysis: Access control, reentrancy, external calls, oracle analysis
- ποΈ Contract Structure: Structure analysis, imports, inheritance, flattening
- π Code Quality: Events, ERC compliance, functions, invariants
- π External Services: Etherscan, Sourcify, vulnerability databases
- π οΈ Utilities: Surya graphs, Solhint, scoping, memory store
- Comprehensive vulnerability detection
- Automated pattern analysis
- AI-assisted code review
- Integration with external databases
- Project scoping and metrics
- Code quality assurance
- ERC standard compliance
- Continuous security monitoring
- Advanced vulnerability research
- Pattern similarity detection
- Multi-language analysis
- Custom primer development
- Open VS Code
- Go to Extensions (Ctrl+Shift+X)
- Search for "Chonky"
- Click Install
- Download the latest
.vsixfile from releases - Open VS Code
- Run
Extensions: Install from VSIX... - Select the downloaded file
We welcome contributions! Here's how you can help:
- Report Bugs: Open an issue with detailed information
- Feature Requests: Suggest new features or improvements
- Documentation: Help improve our docs
- Sponsorship: Support development through GitHub Sponsors
git clone https://github.com/tintinweb/vscode-chonky.git
cd chonky
npm install
npm run compileChonky is developed and maintained by passionate security researchers. Your support helps us:
- π¬ Research new vulnerabilities
- π οΈ Develop advanced tools
- π Create educational content
- π Keep tools free for everyone
- πΉ Base: Core features for everyone
- πΈ Early Access (see Sponsor page): Early access to new features
- β‘ Professional (contact me): Advanced research tools
Created by tintinweb - Security researcher and smart contract auditor with 7+ years in Blockchain security.
- GitHub Issues: Report bugs and request features
- Twitter: @tintinweb
- Website: Visit our website
Made with
π Home β’ π Docs β’ π Sponsor