← Back to Skills Marketplace
42
Downloads
1
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install vigil-security-scanner
Description
Onchain security scanner on Base — scan token approvals, detect honeypots, analyze contracts for rugpull indicators, and score contract safety. Keyless read-...
README (SKILL.md)
${var} — Wallet address (
0x...) or token contract address on Base to scan. Required. If empty, logVIGIL_NO_TARGETand exit cleanly (no notify).
VIGIL is an onchain security scanner for DeFi traders on Base. It provides eleven read-only scanning tools and one write action (revoke) that requires explicit Bankr authentication.
Read-only tools (this skill):
- Approval Scanner — list all ERC-20/ERC-721 approvals, flag unlimited allowances
- Token Scanner — analyze contracts for rugpull indicators (hidden mint, proxy, tax manipulation, blacklist)
- Honeypot Detector — simulate buy/sell to detect trap tokens
- Safety Score — 0-100 composite rating based on code, ownership, liquidity, holders
- Wallet Report — full security posture assessment
- Wallet Monitor — real-time alerts for suspicious activity (new approvals, risky interactions, balance changes)
- Token Market — price, liquidity, 24h volume, and pool age via DexScreener (no API key)
- Deployer Check — contract verification, name, and deployer reputation via Basescan
- Batch Scan — score multiple tokens in one call, ranked by risk
- Scam Check — check whether a token has community scam reports (local VIGIL database)
- Sentinel Status — list the autonomous Sentinel watchlist and loop configuration
Write action (separate skill, not included here):
- Approval Revoker — revoke dangerous approvals via Bankr transaction signing. This is a state-changing onchain transaction and is NOT part of this read-only skill. Use the separate
vigil-revokeskill (requiresBANKR_API_KEYand explicit user confirmation).
Read the last 2 days of memory/logs/ so a repeat scan can note newly-granted or newly-revoked approvals.
Config
- Target =
${var}. Can be a wallet address or token contract address. - Chain = Base (
chainid=8453, explorerbasescan.org). - VIGIL API:
https://mcp.vigil.codes(HTTPS, SSE transport) - GitHub:
https://github.com/vigilcodes/vigil-mcp
Steps
1. Validate target
Strict allowlist before any network call. The target must be 0x + exactly 40
hex characters — this rejects quotes, spaces, and any shell/JSON metacharacter,
so the value is safe to interpolate into the curl payloads below.
TARGET="${var}"
if ! printf '%s' "$TARGET" | grep -qiE '^0x[0-9a-f]{40}$'; then
echo "VIGIL_INVALID_TARGET: not a valid 0x address"
exit 0
fi
# Normalize to lowercase. An address can be a wallet or a token; each tool
# below reports its own result, so no up-front type guess is needed.
TARGET="$(printf '%s' "$TARGET" | tr '[:upper:]' '[:lower:]')"
2. Scan approvals (wallet)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_scan_approvals",
"arguments": {"wallet": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
3. Scan token safety
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_scan_token",
"arguments": {"token": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
4. Check honeypot
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_detect_honeypot",
"arguments": {"token": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
5. Get safety score
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_safety_score",
"arguments": {"contract": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
6. Generate wallet report
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_wallet_report",
"arguments": {"wallet": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
7. Monitor wallet (real-time alerts)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_monitor_wallet",
"arguments": {"wallet": "'"$TARGET"'", "chain": "base", "lookback_blocks": 1000}
}
}')
echo "$RESULT" | jq '.result'
8. Token market context (price + liquidity)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_token_market",
"arguments": {"token": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
9. Deployer reputation (verification + age)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_deployer_check",
"arguments": {"contract": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
10. Batch scan multiple tokens
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_batch_scan",
"arguments": {"tokens": ["'"$TARGET"'"], "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
Output Format
VIGIL returns JSON with:
approvals— list of token approvals with risk levelssafety_score— 0-100 composite ratinghoneypot— boolean + reason if detectedrugpull_indicators— list of suspicious patterns foundrecommendations— action items
Risk Levels
| Level | Icon | Meaning |
|---|---|---|
| CRITICAL | 🔴 | Active threat — revoke immediately |
| HIGH | 🟠 | Dangerous pattern — likely exploit vector |
| MEDIUM | 🟡 | Suspicious — proceed with caution |
| LOW | 🟢 | Minor concern — monitor |
| SAFE | ✅ | No issues detected |
Important: Revocation is NOT included
The Approval Revoker tool performs state-changing onchain transactions via Bankr. It is intentionally excluded from this read-only skill. To revoke approvals, use the separate vigil-revoke skill (requires BANKR_API_KEY and explicit user confirmation).
Usage Guidance
Install only if you are comfortable with a crypto tool that can send wallet/token addresses to external services and includes scripts capable of submitting reports and initiating Bankr revocation transactions. Treat BANKR_API_KEY as a sensitive read-write credential, inspect commands before running them, and avoid using the revoke or report scripts unless you intentionally want those write actions.
Capability Tags
Capability Assessment
Purpose & Capability
The stated scanner purpose is coherent for the read-only VIGIL calls, but the package also includes Bankr revocation scripts and a scam-report submission script while the main SKILL.md says revocation is not included in this read-only skill.
Instruction Scope
Address inputs are strictly validated and most actions are user-invoked, but the guidance flows from scan results into Bankr trading/revocation actions and does not clearly separate informational scanning from financial execution across all artifacts.
Install Mechanism
The package is shell scripts and markdown with no dependency installer, but run.sh auto-sources a project-local .env file as shell code before launching a Python server path that is not present in the artifact.
Credentials
External API use is expected for a scanner, but docs claim no third-party sharing despite calls to VIGIL, Bankr, DexScreener/Basescan-derived services, and wallet-report endpoints that transmit wallet or token addresses.
Persistence & Privilege
No background persistence was found, but the skill asks to read recent memory logs and includes high-impact Bankr read-write credential use and transaction-signing workflows that need clearer boundaries.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vigil-security-scanner - After installation, invoke the skill by name or use
/vigil-security-scanner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Harden SKILL.md: strict ^0x[0-9a-f]{40}$ input validation (closes shell-injection in example steps), and standardize all tool calls to advertised vigil_* prefixed names.
v1.0.0
Initial release: 11 read-only onchain security tools for Base (approvals, token scan, honeypot, safety score, wallet report, wallet monitor, market, deployer check, batch scan, scam check, sentinel status). Live MCP endpoint at mcp.vigil.codes. Hardened input validation; merged into Aeon framework.
Metadata
Frequently Asked Questions
What is VIGIL Security Scanner?
Onchain security scanner on Base — scan token approvals, detect honeypots, analyze contracts for rugpull indicators, and score contract safety. Keyless read-... It is an AI Agent Skill for Claude Code / OpenClaw, with 42 downloads so far.
How do I install VIGIL Security Scanner?
Run "/install vigil-security-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is VIGIL Security Scanner free?
Yes, VIGIL Security Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does VIGIL Security Scanner support?
VIGIL Security Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created VIGIL Security Scanner?
It is built and maintained by Vigil (@vigilcodes); the current version is v1.0.1.
More Skills