Summary
Exposes three tools for scanning Base L2 smart contracts through BaseScan's API: scan_contract for full security analysis, batch_scan to compare up to five contracts, and interpret_risk for actionable recommendations. Returns a 0-100 risk score by detecting mint functions, blacklist selectors, pause mechanisms, backdoors, proxy patterns, and checking source verification and contract age. Useful when evaluating tokens before swaps, auditing DeFi protocols, or vetting contracts in Claude without switching to Etherscan. Works read-only over RPC with no wallet required. Supports stdio transport across Claude Desktop, Cursor, and Cline with optional BASESCAN_API_KEY for deeper source code analysis.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Contract Security Scanner — MCP Server
Scan any Base L2 smart contract for security risks directly from your AI assistant.
3 tools exposed:
scan_contract— Full security scan (source verification, risky selectors, age, activity)batch_scan— Compare up to 5 contracts side by sideinterpret_risk— Get an actionable recommendation (SAFE / CAUTION / HIGH_RISK / DO_NOT_USE)
Risk score: 0-100. Analyzes: mint/blacklist/backdoor functions, proxy patterns, source verification, contract age, transaction activity.
Installation
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"contract-scanner": {
"command": "node",
"args": ["/Users/sam/Desktop/samDev/p8/mcp/server.js"]
}
}
}
Restart Claude Desktop. The tools appear automatically.
Cursor
Add to .cursor/mcp.json (project) or ~/.cursor/mcp.json (global):
{
"mcpServers": {
"contract-scanner": {
"command": "node",
"args": ["/Users/sam/Desktop/samDev/p8/mcp/server.js"]
}
}
}
Cline (VS Code extension)
- Open Cline settings → MCP Servers → Add server
- Set type:
stdio - Command:
node /Users/sam/Desktop/samDev/p8/mcp/server.js
Any MCP client (generic)
The server uses stdio transport — just pipe JSON-RPC messages:
node /Users/sam/Desktop/samDev/p8/mcp/server.js
Usage examples
Once connected, just ask your AI assistant naturally:
"Scan this contract before I approve: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
"Compare the risk of these 3 Aave clones: 0x... 0x... 0x..."
"Is this token safe to buy? 0x4ed4e862860bed51a9570b96d89af5e1b0efefed"
What gets analyzed
| Check | Source |
|---|---|
| Source code verified? | BaseScan API |
| Mint / burn functions | Bytecode selector scan |
| Pause / freeze | Bytecode selector scan |
| Blacklist / whitelist | Bytecode selector scan |
| Backdoors (rescueTokens, withdrawAll) | Bytecode selector scan |
| Upgradeable proxy | BaseScan + delegatecall detection |
| Contract age | BaseScan transaction history |
| Activity level | BaseScan recent txs |
Risk scoring
| Score | Label | Meaning |
|---|---|---|
| 0-9 | SAFE | No red flags |
| 10-29 | LOW | Minor concerns |
| 30-49 | MEDIUM | Elevated risk — review before interacting |
| 50-69 | HIGH | Significant risk — small amounts only |
| 70+ | CRITICAL | Avoid — potential rug or backdoor |
Technical notes
- Chain: Base L2 only (
https://mainnet.base.org) - API: BaseScan free tier (no key needed for basic checks; set
BASESCAN_API_KEYenv var for full source analysis) - No wallet needed: read-only RPC calls only
- Latency: ~2-5s per contract (network dependent)
Built on Base. Agent wallet: 0x804dd2cE4aA3296831c880139040e4326df13c6e
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
BASESCAN_API_KEYsecretBaseScan API key for source code analysis (optional — basic bytecode scan works without it)
Categories
Registryactive
Package@fino314-oss/contract-scanner-mcp
TransportSTDIO
AuthRequired
UpdatedMar 17, 2026
