📦
io.github.lordbasilaiassistant-sudo/base-security-scanner-mcp
MCP server for AI agents to scan and audit smart contracts on Base for security vulnerabilities. Det
0 installs
Trust: 37 — Low
Devtools
Ask AI about io.github.lordbasilaiassistant-sudo/base-security-scanner-mcp
Powered by Claude · Grounded in docs
I know everything about io.github.lordbasilaiassistant-sudo/base-security-scanner-mcp. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
base-security-scanner-mcp
MCP server for AI agents to scan smart contracts on Base mainnet for security vulnerabilities. Detect honeypots, rug pulls, hidden mints, proxy patterns, and generate full audit reports -- all read-only, no private key needed.
Install
npx -y base-security-scanner-mcp
Configure (Claude Desktop / Cursor)
{
"mcpServers": {
"base-security-scanner": {
"command": "npx",
"args": ["-y", "base-security-scanner-mcp"]
}
}
}
Tools (8)
| Tool | Description |
|---|---|
scan_contract | Analyze a contract for security issues (reentrancy, access control, hidden mints, proxy patterns) |
check_honeypot | Check if a token is a honeypot by simulating buy+sell via Uniswap V2 |
detect_rug_risk | Score rug pull risk 0-100 based on ownership, liquidity, permissions, honeypot status |
analyze_bytecode | Disassemble bytecode, identify contract type (proxy, AMM, ERC-20, diamond, etc.) |
check_token_permissions | Check owner permissions: mint, pause, blacklist, change fees, disable trading |
get_contract_info | Basic contract metadata: verified status, bytecode size, ETH balance, token info |
compare_bytecode | Clone detection -- check if two contracts share the same bytecode |
audit_report | Full security audit combining all checks into one comprehensive report |
Environment Variables
| Variable | Default | Description |
|---|---|---|
RPC_URL | https://mainnet.base.org | Base mainnet RPC endpoint |
How It Works
- Bytecode Analysis: Extracts PUSH4 opcodes to find function selectors, matches against 30+ known dangerous patterns
- Opcode Scanning: Detects DELEGATECALL, SELFDESTRUCT, CREATE, CREATE2
- Honeypot Detection: Simulates ETH->Token->ETH round-trip via Uniswap V2 router getAmountsOut
- Rug Scoring: Weighted algorithm combining ownership, liquidity depth, dangerous permissions, honeypot status
- Clone Detection: Jaccard similarity on function selector sets
Related MCP Servers
| Package | Tools | What it does |
|---|---|---|
obsd-launchpad-mcp | 14 | Deploy tokens, trade, earn OBSD |
base-security-scanner-mcp | 8 | Scan contracts for vulnerabilities |
base-price-oracle-mcp | 7 | On-chain price feeds from DEX pools |
base-multi-wallet-mcp | 8 | Coordinated multi-wallet trading |
base-gasless-deploy-mcp | 5 | Gasless ERC-20 token deployment |
base-flash-arb-mcp | 7 | Detect arbitrage opportunities |
base-token-sniper-mcp | 5 | Discover & trade new launches |
base-wallet-toolkit-mcp | 7 | Wallet balances, gas, tokens |
base-contract-reader-mcp | 6 | Read any smart contract (free) |
create-mcp-server-cli | - | Scaffold a new MCP server |
License
MIT