An autonomous onchain security agent on Base that scans approvals, detects honeypots, and scores token contracts — before you sign.
Each tool is exposed as a standardized MCP capability, optimized for Base chain. Any AI client can invoke them — no custom integration required.
Enumerate every ERC-20 and ERC-721 approval on a wallet. Flag unlimited allowances. Identify unverified or malicious spender contracts before they drain funds.
Deep contract analysis for rugpull signatures — hidden mint functions, proxy upgrade patterns, adjustable tax rates, and owner-controlled blacklists.
Simulate full buy-sell cycles on-chain. Detect tokens that block selling, apply extreme sell taxes, or trap liquidity through contract logic.
A 0–100 composite rating derived from bytecode analysis, ownership status, liquidity depth, holder distribution, and contract verification state.
Full-spectrum security posture assessment. Aggregate all findings into a single report with severity ratings and remediation steps.
Real-time alerts for suspicious activity. Detects new approvals, unlimited allowances, risky contract interactions, and balance changes.
Live price, liquidity depth, 24h volume, and pool age via DexScreener. Thin liquidity and brand-new pools are rug signals bytecode alone can't see.
Contract verification status, name, and deployer reputation via Basescan. Know who shipped the contract before you trust it.
Score an entire wallet's holdings in one call, ranked by risk. Triage a whole portfolio before acting on any single position.
Cross-reference a token against a community scam database of reported rugs, honeypots, and malicious contracts.
Inspect the autonomous monitoring loop — watchlist, scan interval, severity threshold. The agent that watches wallets while you sleep.
Six independent signals vote separately — GoPlus, onchain score, market, deployer, scam DB, liquidity lock. Risk only escalates when multiple sources agree, so a single noisy source can't trigger a false positive.
Detect whether a token's DEX liquidity is locked, burned, or freely withdrawable — the classic rug-pull vector. Missing data returns "unknown," never "safe."
The question no other tool answers: if you approve this spender right now, what could it do? Profiles the spender before you sign — contract or EOA, known-safe, scam-flagged, unlimited.
Scam farms deploy the same contract dozens of times with new names. Bytecode fingerprinting flags copy-paste clones and cross-checks them against the scam database.
A token can be sellable yet still bleed you on every trade — or carry tax the owner can change after you buy. Flags buy/sell/transfer fees and owner-modifiable tax: the "0% now, 99% later" trap.
The question behind most rugs: who holds the keys, and what can they do? Flags owner powers — mint, pause transfers, blacklist, reclaim ownership, modify balances, selfdestruct. A renounced owner neutralizes them.
Could a few wallets dump on you? Measures top-holder concentration over the sellable float — excluding LP pools, burns, and locked holders. One wallet over half the float is a red flag even when the contract is clean.
Revoke dangerous approvals with signed transactions through Bankr. Kept separate from the read-only tools by design — state-changing actions require explicit signing, never autonomous execution.
VIGIL Sentinel is a self-running loop. Add wallets to a watchlist and it scans them on a schedule, surfaces only new threats, and alerts you. No prompts, no babysitting. Perceive. Decide. Act.
Vigil speaks the Model Context Protocol, purpose-built for Base L2. Any compliant AI client becomes a Base chain security expert — zero glue code.
Purpose-built for the Base L2 ecosystem. Every tool optimized for Base's contract patterns and RPC infrastructure.
$VIGIL on Base (canonical) and $VIGILCODES on Robinhood Chain (Virtual Protocol agent). Only these two contract addresses are official — everything else is a clone.
VIGIL accepts micropayments via the x402 protocol on Base. Any AI agent can call a paid tool, pay a few cents in USDC, and get the verdict back — programmatically, without signup.
Install Vigil on any OpenClaw agent in one command, or run it as a Python MCP server for any client.
Add this to your MCP client configuration. Works with Cursor, Claude Desktop, and any compliant client.
{ "mcpServers": { "vigil": { "command": "python3", "args": ["-m", "vigil_mcp.server"], "env": { "BANKR_API_KEY": "bk_..." } } } }
No install, no API key. Hit the live endpoint and get a verified security verdict back. These are the actual responses for the $VIGIL token on Base — honeypot check and a 0–100 safety score.
curl -X POST https://mcp.vigil.codes/tools/call \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/call", "params":{"name":"vigil_detect_honeypot", "arguments":{"token":"0xC751afAdD6fde251Ac624A279ECB9ac85AA27bA3", "chain":"base"}}}' // response { "is_honeypot": false, "can_buy": true, "can_sell": true, "buy_tax": 0, "sell_tax": 0, "source": "goplus_token_security" }
curl -X POST https://mcp.vigil.codes/tools/call \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/call", "params":{"name":"vigil_safety_score", "arguments":{"contract":"0xC751...7bA3","chain":"base"}}}' // response { "score": 83, "risk_level": "low" }