← Back to Skills Marketplace
certik-ai

Token Scan

by CertiK · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
162
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install token-scan
Description
Scan token contract security risk and return a structured summary including score, tax, holder concentration, and LP lock status. Supported chains are bsc, e...
Usage Guidance
This skill appears to do exactly what it says: it sends the chain and contract address to CertiK's public token-scan API and returns JSON. Before installing, consider: (1) network calls to open.api.certik.com will reveal which contract addresses you query — if that is sensitive for your organization, avoid using it; (2) the script prints raw JSON, so the agent should format/sanitize outputs before exposing them to users; (3) SKILL.md recommends validating address formats but the bundled script does not — ensure the agent performs any required validation; (4) no credentials are requested, so there is no secret-exfiltration risk from this skill itself, but third-party API logging/policy is out of scope. Overall the pieces are coherent and proportionate.
Capability Analysis
Type: OpenClaw Skill Name: token-scan Version: 1.0.0 The skill is a legitimate tool for scanning cryptocurrency token contracts for security risks using the CertiK Token Scan API (open.api.certik.com). The Python script (scripts/token_scan.py) and agent instructions (SKILL.md) are well-structured, perform standard API requests, and show no evidence of malicious intent, data exfiltration, or unauthorized command execution.
Capability Assessment
Purpose & Capability
Name/description match the implementation: the bundled script and SKILL.md call the public CertiK token-scan API (open.api.certik.com) to retrieve a token risk scan. There are no unrelated credentials, binaries, or services requested.
Instruction Scope
SKILL.md restricts usage to supported chains and instructs validation of addresses and use of the bundled Python script (with a curl fallback). The Python script itself simply performs an HTTP GET and does not perform address-format validation; the SKILL.md places some validation responsibility on the agent. This is a minor mismatch but not malicious.
Install Mechanism
No install spec — instruction-only with a small included Python script. No downloads from arbitrary URLs, no archives extracted, and nothing is written to disk beyond executing the provided script. Low install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. It makes outbound HTTPS calls to a single third-party endpoint (CertiK). The network access is proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed but is the platform default; this skill does not request elevated persistence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install token-scan
  3. After installation, invoke the skill by name or use /token-scan
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of token-scan skill. - Provides structured security risk analysis for token contracts on 11 supported chains (bsc, eth, solana, arbitrum, base, polygon, avax, tron, ton, plasma, sui). - Returns risk score, alert count, alert severity, token tax info, holder concentration, and LP lock status. - Alerts are sorted by severity, with top 8 highest-priority items shown if more exist. - Interprets real buy/sell tax when available and clarifies difference from deduction factors. - Explains supported chain/address formats and enforces input validation. - Reports scan status (in progress, success, or error) clearly to the user.
Metadata
Slug token-scan
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Token Scan?

Scan token contract security risk and return a structured summary including score, tax, holder concentration, and LP lock status. Supported chains are bsc, e... It is an AI Agent Skill for Claude Code / OpenClaw, with 162 downloads so far.

How do I install Token Scan?

Run "/install token-scan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Token Scan free?

Yes, Token Scan is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Token Scan support?

Token Scan is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Token Scan?

It is built and maintained by CertiK (@certik-ai); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments