Agent-Based MCP Security Server · Base L2

See what
others miss.

An autonomous onchain security agent on Base that scans approvals, detects honeypots, and scores token contracts — before you sign.

Approval Scanner Token Analysis Honeypot Detection Safety Scoring Approval Revocation Wallet Reports Wallet Monitoring Base L2 Onchain Security Approval Scanner Token Analysis Honeypot Detection Safety Scoring Approval Revocation Wallet Reports Wallet Monitoring Base L2 Onchain Security
Agent Capabilities

Eighteen autonomous tools,
one protocol.

Each tool is exposed as a standardized MCP capability, optimized for Base chain. Any AI client can invoke them — no custom integration required.

01

Approval Scanner

Enumerate every ERC-20 and ERC-721 approval on a wallet. Flag unlimited allowances. Identify unverified or malicious spender contracts before they drain funds.

02

Token Analyzer

Deep contract analysis for rugpull signatures — hidden mint functions, proxy upgrade patterns, adjustable tax rates, and owner-controlled blacklists.

03

Honeypot Detector

Simulate full buy-sell cycles on-chain. Detect tokens that block selling, apply extreme sell taxes, or trap liquidity through contract logic.

04

Safety Scoring

A 0–100 composite rating derived from bytecode analysis, ownership status, liquidity depth, holder distribution, and contract verification state.

05

Wallet Report

Full-spectrum security posture assessment. Aggregate all findings into a single report with severity ratings and remediation steps.

06

Wallet Monitor

Real-time alerts for suspicious activity. Detects new approvals, unlimited allowances, risky contract interactions, and balance changes.

07

Token Market

Live price, liquidity depth, 24h volume, and pool age via DexScreener. Thin liquidity and brand-new pools are rug signals bytecode alone can't see.

08

Deployer Check

Contract verification status, name, and deployer reputation via Basescan. Know who shipped the contract before you trust it.

09

Batch Scan

Score an entire wallet's holdings in one call, ranked by risk. Triage a whole portfolio before acting on any single position.

10

Scam Check

Cross-reference a token against a community scam database of reported rugs, honeypots, and malicious contracts.

11

Sentinel Status

Inspect the autonomous monitoring loop — watchlist, scan interval, severity threshold. The agent that watches wallets while you sleep.

12

Multi-Source Consensus

Six independent signals vote separately — GoPlus, onchain score, market, deployer, scam DB, liquidity lock. Risk only escalates when multiple sources agree, so a single noisy source can't trigger a false positive.

13

Liquidity Lock

Detect whether a token's DEX liquidity is locked, burned, or freely withdrawable — the classic rug-pull vector. Missing data returns "unknown," never "safe."

14

Approval Simulator

The question no other tool answers: if you approve this spender right now, what could it do? Profiles the spender before you sign — contract or EOA, known-safe, scam-flagged, unlimited.

15

Clone Detector

Scam farms deploy the same contract dozens of times with new names. Bytecode fingerprinting flags copy-paste clones and cross-checks them against the scam database.

16

Tax Scanner

A token can be sellable yet still bleed you on every trade — or carry tax the owner can change after you buy. Flags buy/sell/transfer fees and owner-modifiable tax: the "0% now, 99% later" trap.

17

Ownership Scanner

The question behind most rugs: who holds the keys, and what can they do? Flags owner powers — mint, pause transfers, blacklist, reclaim ownership, modify balances, selfdestruct. A renounced owner neutralizes them.

18

Holder Concentration

Could a few wallets dump on you? Measures top-holder concentration over the sellable float — excluding LP pools, burns, and locked holders. One wallet over half the float is a red flag even when the contract is clean.

+ Write action — gated

Approval Revoker

Revoke dangerous approvals with signed transactions through Bankr. Kept separate from the read-only tools by design — state-changing actions require explicit signing, never autonomous execution.

Autonomous

It doesn't wait
to be asked.

VIGIL Sentinel is a self-running loop. Add wallets to a watchlist and it scans them on a schedule, surfaces only new threats, and alerts you. No prompts, no babysitting. Perceive. Decide. Act.

Perceive
Scan every watched wallet on a fixed interval
Decide
Diff against prior state, only new alerts surface
Act
Persist findings and notify on real threats
Protocol Architecture

MCP-native by design.

Vigil speaks the Model Context Protocol, purpose-built for Base L2. Any compliant AI client becomes a Base chain security expert — zero glue code.

Client
Claude, Cursor, or any MCP-compatible AI
Transport
Stdio or SSE on port 3100
Vigil Agent
Security scanner core with 18 tools
Base L2
RPC, ABI decoding, Base contract calls
vigil — live scan
vigil token 0xC751...7bA3
scanning $VIGIL on base
✓ not a honeypot — buy & sell ok
✓ buy tax 0% · sell tax 0%
✓ source verified · not mintable
✓ 0 community scam reports
data: GoPlus + Base RPC
safety score: 93/100 — safe
vigil sentinel watch 0xC751...7bA3
watching — autonomous scans every cycle
BaseBuilt for Base

One chain.
One agent.
Full coverage.

Purpose-built for the Base L2 ecosystem. Every tool optimized for Base's contract patterns and RPC infrastructure.

Network Approvals Scan Revoke
Base
Base
Ecosystem

Integrated with
the agents that matter.

Vigil is live in the Aeon ecosystem and published on ClawHub — autonomous AI agents using VIGIL to secure onchain actions before execution.

Agent Status Type Link
Aeon
Aeon
LIVE
Autonomous Agent
🦞
ClawHub
LIVE
Skill Registry
$VIGIL Token

Fuel the agents
that protect you.

$VIGIL on Base (canonical) and $VIGILCODES on Robinhood Chain (Virtual Protocol agent). Only these two contract addresses are official — everything else is a clone.

Base — $VIGIL (canonical)
0xC751afAdD6fde251Ac624A279ECB9ac85AA27bA3
BaseScan Buy
Robinhood Chain — $VIGILCODES
0xB1aC03ed8de9a4Ac44e59FAe93590384aC611fa5
Explorer Virtuals
Property Value Status Link
$
Base token
VIGIL
LIVE
Base
Base
Canonical
L2
RH
Robinhood
VIGILCODES
LIVE
Uniswap
Base DEX
Uniswap V4
Active
x402 Pay-Per-Scan

Agents pay in USDC.
No keys. No accounts.

VIGIL accepts micropayments via the x402 protocol on Base. Any AI agent can call a paid tool, pay a few cents in USDC, and get the verdict back — programmatically, without signup.

Tool Price Asset Status
vigil_safety_score
FREE
LIVE
vigil_detect_honeypot
FREE
LIVE
vigil_scan_token
$0.005
USDC
LIVE
vigil_batch_scan
$0.025
USDC
LIVE
vigil_consensus
$0.0075
USDC
LIVE
vigil_check_scam
FREE
LIVE
vigil_scan_approvals
FREE
LIVE
vigil_monitor_wallet
FREE
LIVE
Quick Start

Plug in. Scan. Stay safe.

Install Vigil on any OpenClaw agent in one command, or run it as a Python MCP server for any client.

ClawHub (OpenClaw)

openclaw skills install vigil-security-scanner

Install

pip install -e .

Run (Stdio)

make run

Run (SSE)

make run-sse

Test

make test
Client Config

Claude Desktop

Add this to your MCP client configuration. Works with Cursor, Claude Desktop, and any compliant client.

claude_desktop_config.json
{
  "mcpServers": {
    "vigil": {
      "command": "python3",
      "args": ["-m", "vigil_mcp.server"],
      "env": {
        "BANKR_API_KEY": "bk_..."
      }
    }
  }
}
Live Example

Scan $VIGIL in one call

No install, no API key. Hit the live endpoint and get a verified security verdict back. These are the actual responses for the $VIGIL token on Base — honeypot check and a 0–100 safety score.

curl — vigil_detect_honeypot
curl -X POST https://mcp.vigil.codes/tools/call \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
      "params":{"name":"vigil_detect_honeypot",
      "arguments":{"token":"0xC751afAdD6fde251Ac624A279ECB9ac85AA27bA3",
      "chain":"base"}}}'

// response
{
  "is_honeypot": false,
  "can_buy": true,  "can_sell": true,
  "buy_tax": 0,  "sell_tax": 0,
  "source": "goplus_token_security"
}
curl — vigil_safety_score
curl -X POST https://mcp.vigil.codes/tools/call \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
      "params":{"name":"vigil_safety_score",
      "arguments":{"contract":"0xC751...7bA3","chain":"base"}}}'

// response
{ "score": 83, "risk_level": "low" }