security-check
$
npx mdskill add TermiX-official/cryptoclaw/security-checkAssess token and address security risks via GoPlus API before executing transfers.
- Helps identify honeypots, high taxes, and hidden ownership in crypto assets.
- Integrates with the free GoPlus Security API without requiring an API key.
- Uses predefined risk thresholds like tax rates above 10% to flag issues.
- Presents results through automated checks and detailed response fields for review.
SKILL.md
.github/skills/security-checkView on GitHub ↗
---
name: security-check
description: Assess token and address security via the GoPlus Security API.
metadata: { "cryptoclaw": { "emoji": "🛡️", "always": true } }
---
# GoPlus Security API
## Quick Access
The `check_address_security` tool provides instant address risk assessment. All transfers are also auto-checked before execution.
Assess token contracts, wallet addresses, and approvals for security risks using the free GoPlus API.
## Base URL
```
https://api.gopluslabs.io/api/v1
```
No API key required. Free tier is sufficient for normal usage.
## Security Checks
### 1. Token Security
```
GET /token_security/{chain_id}?contract_addresses={address}
```
Chain IDs: `1` (Ethereum), `56` (BSC), `137` (Polygon), `42161` (Arbitrum), `10` (Optimism), `8453` (Base)
Key response fields:
- `is_honeypot` — token cannot be sold (CRITICAL)
- `buy_tax` / `sell_tax` — percentage tax on trades (HIGH if > 10%)
- `is_mintable` — owner can mint unlimited tokens
- `hidden_owner` — ownership is concealed
- `can_take_back_ownership` — owner can reclaim after renouncing
- `selfdestruct` — contract can self-destruct
- `is_proxy` — upgradeable proxy contract
- `is_open_source` — source code is verified
- `holder_count` — number of holders
- `lp_holder_count` — number of LP holders
- `is_anti_whale` — anti-whale mechanism present
- `owner_percent` — percentage held by owner
- `creator_percent` — percentage held by creator
### 2. Address Security
```
GET /address_security/{address}?chain_id={chain_id}
```
Checks if an address is associated with: phishing, stealing, malicious contracts, or blacklists.
### 3. Approval Security
```
GET /approval_security/{chain_id}?contract_addresses={address}
```
Checks token approval risks: whether the approved contract is malicious or has known exploits.
### 4. NFT Security
```
GET /nft_security/{chain_id}?contract_addresses={address}
```
Checks NFT contract for: privileged operations, restricted transfer, self-destruct, and trading risks.
### 5. Phishing Site Detection
```
GET /phishing_site?url={url}
```
Checks if a URL is a known phishing site. Use this before directing users to any DeFi frontend.
## Risk Scoring Workflow
Evaluate the response fields and classify risk:
**CRITICAL** (do not proceed):
- `is_honeypot: 1`
- `selfdestruct: 1`
- `hidden_owner: 1` AND `is_mintable: 1`
**HIGH** (strong warning):
- `buy_tax > 10%` or `sell_tax > 10%`
- `can_take_back_ownership: 1`
- `is_open_source: 0` (unverified source)
- `owner_percent > 50%`
**MEDIUM** (note to user):
- `is_proxy: 1` (upgradeable)
- `is_mintable: 1` (alone)
- `holder_count < 100`
**LOW** (informational):
- `is_anti_whale: 1`
- Minor tax (< 5%)
## Risk Report Template
```
🛡️ Security Report: {token_name} ({symbol})
Chain: {chain_name} | Contract: {address}
Risk Level: {CRITICAL|HIGH|MEDIUM|LOW}
✅ Passed:
- Open source: Yes
- Not a honeypot
- No self-destruct
⚠️ Warnings:
- Sell tax: 5%
- Mintable: Yes
- Holder count: 87
❌ Critical:
- (none)
Recommendation: {proceed with caution / avoid / safe to interact}
```
## Cross-references
Other skills should invoke security checks:
- **token-swap**: Check token before executing swaps
- **nft-manager**: Check NFT contract before purchases
- **etherscan**: Complement ABI analysis with security data
## Example Interactions
User: "Is this token safe? 0x..."
→ Call `/token_security/56?contract_addresses=0x...`, generate risk report
User: "Check this address for me: 0x..."
→ Call `/address_security/0x...?chain_id=56`, report any flags
User: "Are my token approvals safe?"
→ Call `/approval_security/56?contract_addresses=0x...` for each approved contract
User: "Is this DeFi site legit? https://..."
→ Call `/phishing_site?url=https://...`, report result
More from TermiX-official/cryptoclaw
- aave-bscInteract with Aave V3 lending protocol on BNB Smart Chain (BSC).
- agent-identityRegister and manage on-chain AI agent identity via ERC-8004.
- agentic-commerceCreate, fund, and settle on-chain agent jobs via ERC-8183 Agentic Commerce Protocol.
- binance-address-infoBinance Web3 official skill — query any wallet address for token holdings, balances, and portfolio data across BSC, Base, and Solana. Sourced from github.com/binance/binance-skills-hub.
- binance-market-rankBinance Web3 official skill — crypto market rankings including trending tokens, smart money inflow, social hype, meme ranks, and top trader PnL leaderboards. Sourced from github.com/binance/binance-skills-hub.
- binance-meme-rushBinance Web3 official skill — real-time meme token launchpad tracking and AI-powered trending topic discovery on Solana and BSC. Sourced from github.com/binance/binance-skills-hub.
- binance-spotBinance official spot trading skill — place orders, manage accounts, and access real-time market data via Binance Spot API. Sourced from github.com/binance/binance-skills-hub.
- binance-token-auditBinance Web3 official skill — security audit for token contracts, detecting honeypots, rug pulls, and malicious functions across BSC, Base, Solana, and Ethereum. Sourced from github.com/binance/binance-skills-hub.
- binance-token-infoBinance Web3 official skill — search tokens, retrieve metadata, real-time market data, and candlestick charts across BSC, Base, and Solana. Sourced from github.com/binance/binance-skills-hub.
- binance-trading-signalBinance Web3 official skill — Smart Money on-chain trading signals tracking professional investor buy/sell activity on BSC and Solana. Sourced from github.com/binance/binance-skills-hub.