Summary
Gives Claude eight tools to audit Base smart contracts without needing a wallet. It scans bytecode for reentrancy and hidden mints, simulates Uniswap V2 trades to detect honeypots, scores rug pull risk from 0 to 100 based on ownership and liquidity, and checks whether the owner can pause, mint, or blacklist. The audit_report tool bundles all checks into one pass. Bytecode analysis works by extracting function selectors and matching them against 30+ known dangerous patterns. You'd use this before interacting with an unknown token contract, or to compare two contracts for clone detection via Jaccard similarity. Connects to Base mainnet over RPC, all operations are read only.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
base-security-scanner-mcp
MCP server for AI agents to scan smart contracts on Base mainnet for security vulnerabilities. Detect honeypots, rug pulls, hidden mints, proxy patterns, and generate full audit reports -- all read-only, no private key needed.
Install
npx -y base-security-scanner-mcp
Configure (Claude Desktop / Cursor)
{
"mcpServers": {
"base-security-scanner": {
"command": "npx",
"args": ["-y", "base-security-scanner-mcp"]
}
}
}
Tools (8)
| Tool | Description |
|---|---|
scan_contract | Analyze a contract for security issues (reentrancy, access control, hidden mints, proxy patterns) |
check_honeypot | Check if a token is a honeypot by simulating buy+sell via Uniswap V2 |
detect_rug_risk | Score rug pull risk 0-100 based on ownership, liquidity, permissions, honeypot status |
analyze_bytecode | Disassemble bytecode, identify contract type (proxy, AMM, ERC-20, diamond, etc.) |
check_token_permissions | Check owner permissions: mint, pause, blacklist, change fees, disable trading |
get_contract_info | Basic contract metadata: verified status, bytecode size, ETH balance, token info |
compare_bytecode | Clone detection -- check if two contracts share the same bytecode |
audit_report | Full security audit combining all checks into one comprehensive report |
Environment Variables
| Variable | Default | Description |
|---|---|---|
RPC_URL | https://mainnet.base.org | Base mainnet RPC endpoint |
How It Works
- Bytecode Analysis: Extracts PUSH4 opcodes to find function selectors, matches against 30+ known dangerous patterns
- Opcode Scanning: Detects DELEGATECALL, SELFDESTRUCT, CREATE, CREATE2
- Honeypot Detection: Simulates ETH->Token->ETH round-trip via Uniswap V2 router getAmountsOut
- Rug Scoring: Weighted algorithm combining ownership, liquidity depth, dangerous permissions, honeypot status
- Clone Detection: Jaccard similarity on function selector sets
Related MCP Servers
| Package | Tools | What it does |
|---|---|---|
obsd-launchpad-mcp | 14 | Deploy tokens, trade, earn OBSD |
base-security-scanner-mcp | 8 | Scan contracts for vulnerabilities |
base-price-oracle-mcp | 7 | On-chain price feeds from DEX pools |
base-multi-wallet-mcp | 8 | Coordinated multi-wallet trading |
base-gasless-deploy-mcp | 5 | Gasless ERC-20 token deployment |
base-flash-arb-mcp | 7 | Detect arbitrage opportunities |
base-token-sniper-mcp | 5 | Discover & trade new launches |
base-wallet-toolkit-mcp | 7 | Wallet balances, gas, tokens |
base-contract-reader-mcp | 6 | Read any smart contract (free) |
create-mcp-server-cli | - | Scaffold a new MCP server |
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
RPC_URLBase mainnet RPC URL (defaults to https://mainnet.base.org)
Categories
Registryactive
Packagebase-security-scanner-mcp
TransportSTDIO
UpdatedMar 7, 2026
