Kairo is an AI-powered smart contract security platform that helps developers identify vulnerabilities and ensure the safety of their Solidity code.
Connect your GitHub repositories and scan contracts through our web interface.
Use the command line interface for local scanning and CI/CD integration.
Integrate Kairo directly into your applications with our REST API.
This documentation covers the latest version of Kairo. For legacy features or migration guides, please contact our support team.
Sign up for a free account to get started with Kairo's security scanning.
Link your GitHub account and select a repository containing Solidity contracts.
# Or clone a sample repository
git clone https://github.com/kairo-ai/sample-contracts
cd sample-contractsOnce connected, Kairo will automatically scan your contracts for common vulnerabilities.
✅ Scan completed! View your results in the dashboard to see detected vulnerabilities and recommendations.
Kairo uses OAuth for secure authentication with GitHub and other platforms.
We use GitHub OAuth to securely access your repositories. No passwords are stored, and you can revoke access anytime.
For CLI and API access, you'll need an API key. Generate one from your dashboard settings.
# Set your API key as an environment variable
export KAIRO_API_KEY="your-api-key-here"
# Or pass it directly to commands
kairo scan --api-key your-api-key-here contracts/Kairo uses a multi-layered approach to identify security issues in your smart contracts:
Security vulnerabilities that could lead to loss of funds
Significant issues that should be addressed
Moderate issues with potential impact
Minor issues and best practice suggestions
Fast pattern-based analysis for common vulnerabilities. Great for CI/CD integration.
Comprehensive AI-powered analysis including gas optimization and advanced vulnerability detection.
Kairo supports Solidity contracts deployed on various EVM-compatible networks:
We're working on adding support for additional chains. Contact us if you need support for a specific network.
The Kairo CLI provides a powerful command-line interface for scanning contracts locally and integrating with CI/CD pipelines.
npm install -g @kairo/clibrew tap kairo-ai/kairo
brew install kairoDownload the latest release for your platform from GitHub:
kairo --versionkairo auth loginThis will open your browser to authenticate with your Kairo account.
# Set environment variable
export KAIRO_API_KEY="your-api-key"
# Or use the flag
kairo scan --api-key "your-api-key" contracts/kairo auth statusScan Solidity contracts for vulnerabilities.
# Scan all contracts in current directory
kairo scan
# Scan specific file
kairo scan contracts/MyContract.sol
# Scan with specific mode
kairo scan --mode deep contracts/
# Output to file
kairo scan --output report.json contracts/--mode - Scan mode (quick, deep)--output - Output file path--format - Output format (json, sarif, text)--severity - Minimum severity levelInitialize a Kairo configuration file in your project.
kairo initManage CLI configuration settings.
# View current config
kairo config list
# Set default scan mode
kairo config set scan.mode deep
# Reset config
kairo config reset# Quick scan for CI/CD
kairo scan --mode quick --format sarif --output results.sarif
# Deep scan with detailed output
kairo scan --mode deep --format json contracts/ > audit.json
# Scan only high severity issues
kairo scan --severity high contracts/name: Security Audit
on: [push, pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install Kairo
run: npm install -g @kairo/cli
- name: Run Security Scan
env:
KAIRO_API_KEY: ${{ secrets.KAIRO_API_KEY }}
run: kairo scan --mode quick --format sarif --output audit.sarif
- name: Upload Results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: audit.sarif#!/bin/sh
# .git/hooks/pre-commit
echo "Running Kairo security scan..."
kairo scan --mode quick --severity medium
if [ $? -ne 0 ]; then
echo "Security issues found! Aborting commit."
exit 1
fiThe Kairo API provides programmatic access to our security scanning capabilities. All API requests require authentication via API key.
Base URL: https://api.kairo.ai
Authentication: Bearer token in Authorization header
Submit Solidity code for security analysis.
{
"code": "pragma solidity ^0.8.0;\n\ncontract Example {...}",
"mode": "deep",
"metadata": {
"filename": "Example.sol",
"project": "my-project"
}
}{
"scan_id": "scan_123456789",
"status": "completed",
"results": {
"vulnerabilities": [
{
"id": "vuln_001",
"type": "reentrancy",
"severity": "high",
"line": 42,
"description": "Potential reentrancy vulnerability",
"recommendation": "Use the checks-effects-interactions pattern"
}
],
"summary": {
"total": 1,
"by_severity": {
"critical": 0,
"high": 1,
"medium": 0,
"low": 0
}
}
}
}Retrieve results for a specific scan.
curl -H "Authorization: Bearer your-api-key" \
https://api.kairo.ai/v1/scan/scan_123456789List recent scans for your account.
curl -H "Authorization: Bearer your-api-key" \
"https://api.kairo.ai/v1/scans?limit=10&offset=0"The Model Context Protocol (MCP) server allows AI assistants to interact directly with Kairo's scanning capabilities.
npm install -g @kairo/mcp-serverAdd the following to your MCP client configuration:
{
"mcpServers": {
"kairo": {
"command": "npx",
"args": ["@kairo/mcp-server"],
"env": {
"KAIRO_API_KEY": "your-api-key"
}
}
}
}Scan Solidity contract code for security vulnerabilities.
Retrieve detailed results for a previous scan.
List recent scans for the account.
200Success400Bad Request401Unauthorized429Rate Limit Exceeded500Internal Server Error{
"error": {
"code": "invalid_request",
"message": "Missing required parameter: code",
"details": {
"parameter": "code",
"expected": "string"
}
}
}API usage is rate-limited based on your subscription plan:
API responses include rate limit information:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 55
X-RateLimit-Reset: 1640995200Start scanning your smart contracts for vulnerabilities today.