← 返回 Skills 市场
42
总下载
1
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install vigil-security-scanner
功能描述
Onchain security scanner on Base — scan token approvals, detect honeypots, analyze contracts for rugpull indicators, and score contract safety. Keyless read-...
使用说明 (SKILL.md)
${var} — Wallet address (
0x...) or token contract address on Base to scan. Required. If empty, logVIGIL_NO_TARGETand exit cleanly (no notify).
VIGIL is an onchain security scanner for DeFi traders on Base. It provides eleven read-only scanning tools and one write action (revoke) that requires explicit Bankr authentication.
Read-only tools (this skill):
- Approval Scanner — list all ERC-20/ERC-721 approvals, flag unlimited allowances
- Token Scanner — analyze contracts for rugpull indicators (hidden mint, proxy, tax manipulation, blacklist)
- Honeypot Detector — simulate buy/sell to detect trap tokens
- Safety Score — 0-100 composite rating based on code, ownership, liquidity, holders
- Wallet Report — full security posture assessment
- Wallet Monitor — real-time alerts for suspicious activity (new approvals, risky interactions, balance changes)
- Token Market — price, liquidity, 24h volume, and pool age via DexScreener (no API key)
- Deployer Check — contract verification, name, and deployer reputation via Basescan
- Batch Scan — score multiple tokens in one call, ranked by risk
- Scam Check — check whether a token has community scam reports (local VIGIL database)
- Sentinel Status — list the autonomous Sentinel watchlist and loop configuration
Write action (separate skill, not included here):
- Approval Revoker — revoke dangerous approvals via Bankr transaction signing. This is a state-changing onchain transaction and is NOT part of this read-only skill. Use the separate
vigil-revokeskill (requiresBANKR_API_KEYand explicit user confirmation).
Read the last 2 days of memory/logs/ so a repeat scan can note newly-granted or newly-revoked approvals.
Config
- Target =
${var}. Can be a wallet address or token contract address. - Chain = Base (
chainid=8453, explorerbasescan.org). - VIGIL API:
https://mcp.vigil.codes(HTTPS, SSE transport) - GitHub:
https://github.com/vigilcodes/vigil-mcp
Steps
1. Validate target
Strict allowlist before any network call. The target must be 0x + exactly 40
hex characters — this rejects quotes, spaces, and any shell/JSON metacharacter,
so the value is safe to interpolate into the curl payloads below.
TARGET="${var}"
if ! printf '%s' "$TARGET" | grep -qiE '^0x[0-9a-f]{40}$'; then
echo "VIGIL_INVALID_TARGET: not a valid 0x address"
exit 0
fi
# Normalize to lowercase. An address can be a wallet or a token; each tool
# below reports its own result, so no up-front type guess is needed.
TARGET="$(printf '%s' "$TARGET" | tr '[:upper:]' '[:lower:]')"
2. Scan approvals (wallet)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_scan_approvals",
"arguments": {"wallet": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
3. Scan token safety
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_scan_token",
"arguments": {"token": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
4. Check honeypot
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_detect_honeypot",
"arguments": {"token": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
5. Get safety score
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_safety_score",
"arguments": {"contract": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
6. Generate wallet report
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_wallet_report",
"arguments": {"wallet": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
7. Monitor wallet (real-time alerts)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_monitor_wallet",
"arguments": {"wallet": "'"$TARGET"'", "chain": "base", "lookback_blocks": 1000}
}
}')
echo "$RESULT" | jq '.result'
8. Token market context (price + liquidity)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_token_market",
"arguments": {"token": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
9. Deployer reputation (verification + age)
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_deployer_check",
"arguments": {"contract": "'"$TARGET"'", "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
10. Batch scan multiple tokens
RESULT=$(curl -m 30 -s "https://mcp.vigil.codes/tools/call" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "vigil_batch_scan",
"arguments": {"tokens": ["'"$TARGET"'"], "chain": "base"}
}
}')
echo "$RESULT" | jq '.result'
Output Format
VIGIL returns JSON with:
approvals— list of token approvals with risk levelssafety_score— 0-100 composite ratinghoneypot— boolean + reason if detectedrugpull_indicators— list of suspicious patterns foundrecommendations— action items
Risk Levels
| Level | Icon | Meaning |
|---|---|---|
| CRITICAL | 🔴 | Active threat — revoke immediately |
| HIGH | 🟠 | Dangerous pattern — likely exploit vector |
| MEDIUM | 🟡 | Suspicious — proceed with caution |
| LOW | 🟢 | Minor concern — monitor |
| SAFE | ✅ | No issues detected |
Important: Revocation is NOT included
The Approval Revoker tool performs state-changing onchain transactions via Bankr. It is intentionally excluded from this read-only skill. To revoke approvals, use the separate vigil-revoke skill (requires BANKR_API_KEY and explicit user confirmation).
安全使用建议
Install only if you are comfortable with a crypto tool that can send wallet/token addresses to external services and includes scripts capable of submitting reports and initiating Bankr revocation transactions. Treat BANKR_API_KEY as a sensitive read-write credential, inspect commands before running them, and avoid using the revoke or report scripts unless you intentionally want those write actions.
能力标签
能力评估
Purpose & Capability
The stated scanner purpose is coherent for the read-only VIGIL calls, but the package also includes Bankr revocation scripts and a scam-report submission script while the main SKILL.md says revocation is not included in this read-only skill.
Instruction Scope
Address inputs are strictly validated and most actions are user-invoked, but the guidance flows from scan results into Bankr trading/revocation actions and does not clearly separate informational scanning from financial execution across all artifacts.
Install Mechanism
The package is shell scripts and markdown with no dependency installer, but run.sh auto-sources a project-local .env file as shell code before launching a Python server path that is not present in the artifact.
Credentials
External API use is expected for a scanner, but docs claim no third-party sharing despite calls to VIGIL, Bankr, DexScreener/Basescan-derived services, and wallet-report endpoints that transmit wallet or token addresses.
Persistence & Privilege
No background persistence was found, but the skill asks to read recent memory logs and includes high-impact Bankr read-write credential use and transaction-signing workflows that need clearer boundaries.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vigil-security-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/vigil-security-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Harden SKILL.md: strict ^0x[0-9a-f]{40}$ input validation (closes shell-injection in example steps), and standardize all tool calls to advertised vigil_* prefixed names.
v1.0.0
Initial release: 11 read-only onchain security tools for Base (approvals, token scan, honeypot, safety score, wallet report, wallet monitor, market, deployer check, batch scan, scam check, sentinel status). Live MCP endpoint at mcp.vigil.codes. Hardened input validation; merged into Aeon framework.
元数据
常见问题
VIGIL Security Scanner 是什么?
Onchain security scanner on Base — scan token approvals, detect honeypots, analyze contracts for rugpull indicators, and score contract safety. Keyless read-... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 42 次。
如何安装 VIGIL Security Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vigil-security-scanner」即可一键安装,无需额外配置。
VIGIL Security Scanner 是免费的吗?
是的,VIGIL Security Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
VIGIL Security Scanner 支持哪些平台?
VIGIL Security Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 VIGIL Security Scanner?
由 Vigil(@vigilcodes)开发并维护,当前版本 v1.0.1。
推荐 Skills