← Back to Skills Marketplace
Anti Rug
by
deanpeng-dotcom
· GitHub ↗
· v3.1.0
· MIT-0
102
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install anti-rug
Description
Web3 token security scanner with expert cross-validation engine. Detects honeypots, rug pulls, and contract risks across Ethereum, BSC, Polygon, and other EV...
README (SKILL.md)
Web3 Token Security Scanner (Anti-Rug)
Maintainer: Antalpha AI Team
A professional-grade token contract security analyzer featuring scenario-based classification and cross-validation engine.
Overview
This tool performs comprehensive security analysis of token contracts with:
- Scenario Classification: Automatically categorizes tokens (A: Pegged Assets, B: Eco Tokens, C: Meme Coins)
- Cross-Validation Engine: Analyzes relationships between indicators (neutralized/amplified/contextual)
- Dynamic Risk Scoring: Weighted scoring system adapted to token type
- Fatal Finding Detection: One-strike rules for critical vulnerabilities
Supported Chains
- Ethereum (chain_id: 1)
- BNB Smart Chain (chain_id: 56)
- Polygon (chain_id: 137)
- Arbitrum One (chain_id: 42161)
- Base (chain_id: 8453)
- Optimism (chain_id: 10)
- Avalanche C-Chain (chain_id: 43114)
- Solana (chain_id: solana)
Installation
git clone https://github.com/ZorroShao/anti-rug.git
cd anti-rug
pip install -r requirements.txt
Usage
python scripts/check_token.py --chain_id 56 --contract_address 0x...
Scenario Classification
Scenario A: Pegged/Stable Assets
Examples: USDT, USDC, WETH, WBNB
- Mintable: ✅ Expected for peg maintenance
- Owner: ✅ Institution custody is normal
- Blacklist: ✅ Compliance requirement
Scenario B: Ecosystem Tokens
Examples: UNI, AAVE, established DeFi
- Proxy: ✅ Acceptable for upgradeability
- Treasury: ✅ Protocol-owned liquidity expected
Scenario C: Meme/Unknown Tokens
- All permissions: ⚠️ Treated as potential rug tools
- Strictest evaluation applied
Risk Severity Levels
| Score | Level | Action |
|---|---|---|
| 0-24 | Low | ✅ Base security passed |
| 25-49 | Low-Medium | 🟡 Minor concerns |
| 50-74 | Medium | 🟡 Caution required |
| 75-100 | High | 🔴 Dangerous |
| Fatal | Critical | 🛑 Do not buy |
Architecture
config.py # Centralized configuration
exceptions.py # Custom exception classes
validators/ # Cross-validation rules (modular)
cv_mint_ownership.py
cv_concentration.py
cv_proxy.py
cv_tax_scenario.py
tests/ # Unit tests
scripts/
check_token.py # Main entry point
License
MIT License - See LICENSE file
Usage Guidance
This package appears to do what it says: it queries a token‑security API (api.gopluslabs.io) for indicators, runs local validators, and reports risks. Before installing or running it: 1) be aware that contract addresses you check are sent to the external API (and to any custom --api_gateway you provide); do not point --api_gateway at untrusted services. 2) There is a minor inconsistency between repo URLs in SKILL.md vs README (ZorroShao vs AntalphaAI) — consider verifying the upstream source/maintainer on GitHub. 3) The config stores runtime lambda check functions (FATAL_RULES) — these are executable Python objects (normal here but harder to audit if persisted/serialized). 4) If you want to be extra cautious, run the tool in an isolated environment, review the GoPlus endpoint privacy/terms, and run the included tests (pytest) locally. Overall the skill is internally coherent with no disproportionate credential or install demands.
Capability Analysis
Type: OpenClaw Skill
Name: anti-rug
Version: 3.1.0
The Anti-Rug skill bundle is a well-structured Web3 security tool designed to analyze token contracts for risks like honeypots and rug pulls. It uses the legitimate GoPlus API (api.gopluslabs.io) to fetch contract data and implements a modular cross-validation engine to calculate risk scores. No evidence of data exfiltration, malicious execution, or prompt injection was found; the code logic is consistent with its stated purpose.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description align with the included Python code and validators. The repo contains a CLI script that fetches token data, runs validators, and computes scores — all appropriate for a token security scanner. No unrelated credentials, binaries, or system‑level access are requested.
Instruction Scope
Runtime instructions and the code perform outbound HTTP requests to third‑party endpoints (api.gopluslabs.io) carrying the chain_id and contract_address — this is expected to fetch token indicators, but it does transmit the contract addresses to an external service. The CLI also accepts a --api_gateway argument allowing use of a custom proxy; that is useful but means a malicious gateway could receive query data if supplied.
Install Mechanism
No registry install spec was provided, but SKILL.md documents a normal git + pip workflow and requirements.txt only lists 'requests' (and typing-extensions for older Python). There are no downloads from personal servers, IP addresses, or archive extraction steps in the package metadata.
Credentials
The skill does not declare or require any environment variables, credentials, or config paths. It operates with provided CLI args and uses public API endpoints — no secret access is requested or implied.
Persistence & Privilege
always is false and the skill does not modify other skills or system settings. It does allow autonomous invocation (disable-model-invocation=false) which is the platform default; this is not a red flag on its own and is not combined with broad privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install anti-rug - After installation, invoke the skill by name or use
/anti-rug - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.1.0
- Added support for Solana chain alongside EVM chains (Ethereum, BSC, Polygon, etc.).
- Introduced a scenario-based classification system for tokens (Pegged Assets, Ecosystem Tokens, Meme/Unknown Tokens).
- Implemented a cross-validation engine analyzing the relationship between risk indicators.
- Updated risk scoring and severity levels, including fatal finding detection for critical vulnerabilities.
- Expanded and clarified documentation, installation, and usage instructions.
Metadata
Frequently Asked Questions
What is Anti Rug?
Web3 token security scanner with expert cross-validation engine. Detects honeypots, rug pulls, and contract risks across Ethereum, BSC, Polygon, and other EV... It is an AI Agent Skill for Claude Code / OpenClaw, with 102 downloads so far.
How do I install Anti Rug?
Run "/install anti-rug" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Anti Rug free?
Yes, Anti Rug is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Anti Rug support?
Anti Rug is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Anti Rug?
It is built and maintained by deanpeng-dotcom (@deanpeng-dotcom); the current version is v3.1.0.
More Skills