✓ Verified
✍️ Content Creation
✓ Enhanced Data
Rug Checker
Solana token rug-pull risk analysis. 10-point on-chain check with visual report.
- Rating
- 4 (61 reviews)
- Downloads
- 32,678 downloads
- Version
- 1.0.0
Overview
Solana token rug-pull risk analysis. 10-point on-chain check with visual report.
✨Key Features
1
Extract the Token
2
Resolve the Token
3
Run Risk Analysis
4
Generate Report
5
Present to User
Complete Documentation
View Source →
Rug Checker — Agent Skill Definition
Skill Metadata
| Field | Value |
|---|---|
| Slug | rug-checker |
| Version | 0.1.3 |
| Author | Anvil AI |
| Category | DeFi / Security |
| Chain | Solana |
| Risk Level | Read-only (no wallet interactions) |
Activation Triggers
Activate this skill when the user's message matches any of these patterns:
| Pattern | Example |
|---|---|
| Rug check / rug pull check | "Do a rug check on BONK" |
| Token safety | "Is this token safe?" |
| Scam check | "Is this a scam?" |
| Token risk analysis | "What's the risk on this token?" |
| Honeypot check | "Is this a honeypot?" |
| Token audit | "Audit this token" |
| LP locked | "Is the LP locked on this?" |
| Mint authority | "Can they mint more tokens?" |
| Token lookup + Solana address | "What is DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263?" |
Note: If the user asks "Should I buy [token]?", redirect: "I can't advise on whether to buy — but I can check the on-chain risk factors for you." Then run the analysis.
Address detection: If the user provides a base58 string of 32-44 characters, treat it as a Solana token address. If they provide a name/symbol, resolve it first.
Agent Workflow
Step 1: Extract the Token
Parse the user's message for either:
- A Solana address (base58, 32-44 chars matching
[1-9A-HJ-NP-Za-km-z]{32,44}) - A token name or symbol (e.g., "BONK", "bonk", "Wheelchair Fish")
Step 2: Resolve the Token
bash
bash scripts/detect-token.sh <address_or_name>Output varies by input type:
If given a Solana address: JSON with found: true/false, address, name, symbol, market data.
If given a name/symbol: JSON with ambiguous: true and a candidates array containing up to 5 matches with address, name, symbol, liquidity, and age. If detect-token returns candidates, you MUST present them to the user and ask which one they mean. NEVER auto-pick a candidate. Checking the wrong token is worse than not checking at all.
Example candidate response:
json
{
"query": "bonk",
"ambiguous": true,
"candidates": [
{"address": "DezXAZ8z...", "name": "Bonk", "symbol": "BONK", "liquidity_usd": 5000000, "age": "400d"},
{"address": "56Lc5...", "name": "BonkFork", "symbol": "BONK", "liquidity_usd": 12000, "age": "3d"}
]
}Present candidates as a numbered list:
I found multiple tokens matching "bonk". Which one did you mean?
1. BONK (Bonk) — DezXAZ8z... — $5.0M liquidity, 400d old
2. BONK (BonkFork) — 56Lc5... — $12K liquidity, 3d oldThen re-run with the confirmed mint address.
If found: false (and not ambiguous), tell the user the token couldn't be found and ask them to double-check the address.
Step 3: Run Risk Analysis
bash
bash scripts/analyze-risk.sh <token_address>Output: JSON with 10 risk checks, composite score (0-100), tier (SAFE/CAUTION/WARNING/DANGER/CRITICAL).
Step 4: Generate Report
bash
bash scripts/analyze-risk.sh <address> | bash scripts/format-report.shOr pipe the saved JSON:
bash
bash scripts/format-report.sh < analysis.jsonOutput: Formatted Markdown report card with visual risk bars, market overview, and links.
Step 5: Present to User
Display the formatted report. Add brief commentary based on the tier:
| Tier | Commentary Template |
|---|---|
| 🟢 SAFE (0-15) | "Low on-chain risk indicators detected. Note: this only covers on-chain factors — team, legal, and market risks are not assessed." |
| 🟡 CAUTION (16-35) | "Some yellow flags here. Not necessarily a scam, but proceed with caution and do your own research." |
| 🟠 WARNING (36-55) | "Several risk factors detected. Be careful with this one." |
| 🔴 DANGER (56-75) | "Significant red flags. This has multiple indicators of a potential rug pull." |
| ⛔ CRITICAL (76-100) | "Extreme risk. This token has critical safety issues. Strongly avoid." |
Discord v2 Delivery Mode (OpenClaw v2026.2.14+)
When running in a Discord channel:
- Send a compact first message with: token, tier, score, and top 3 risk drivers.
- Keep the first message under ~1200 characters; avoid rendering the full long report first.
- If Discord components are available, include quick actions:
Show Full Risk BreakdownShow Data SourcesRe-Run Check- If components are unavailable, provide the same options as a numbered list.
- For long reports, send in short chunks (<=15 lines) to avoid noisy channel spam.
Error Handling
| Error | Cause | Agent Response |
|---|---|---|
| Exit code 2 from detect-token | Token not found | "I couldn't find that token. Please check the address — it should be a Solana SPL token mint address (32-44 base58 characters)." |
| Exit code 1 from detect-token | API failure | "I'm having trouble reaching the token APIs right now. Try again in a minute." |
| composite_score: -1 | All data sources failed | "All three data sources are down right now. I can't safely analyze this token without data." |
| rugcheck unavailable | Rugcheck API down | Analysis proceeds with DexScreener + Solana RPC (degraded but functional). Note this in your response. |
| found: true but name "Unknown" | Token exists on-chain but has no DEX listings | "This token exists on Solana but doesn't appear to be listed on any DEX. It may be too new or a non-tradeable token." |
Data Sources
| Source | What It Provides | Required? |
|---|---|---|
| Rugcheck.xyz | Mint/freeze authority, top holders, LP locks, risk flags, insider detection, verification status | Primary (most checks degrade without it) |
| DexScreener | Price, volume, liquidity, FDV, market cap, token age, name resolution | Secondary (market context) |
| Solana RPC | On-chain mint/freeze authority verification | Tertiary (fallback verification) |
Risk Checks (10 points)
| # | Check | Weight | What It Detects |
|---|---|---|---|
| 1 | Mint Authority | 2.0 | Can creator mint unlimited tokens? |
| 2 | Freeze Authority | 1.5 | Can creator freeze holder wallets? |
| 3 | Holder Concentration | 1.5 | Are tokens concentrated in few wallets? |
| 4 | LP Lock Status | 2.0 | Can liquidity be pulled? (classic rug) |
| 5 | Token Age | 1.0 | How old is the token? |
| 6 | Liquidity Depth | 1.0 | Is there enough liquidity to trade? |
| 7 | Rugcheck Flags | 1.0 | Rugcheck.xyz automated risk flags |
| 8 | Insider Activity | 1.5 | Coordinated wallet networks detected? |
| 9 | Transfer Fee | 1.0 | Hidden tax on transfers? |
| 10 | Verification | 0.5 | Listed on Jupiter? |
Safety
⚠️ NOT Financial Advice — This Is Non-Negotiable
This skill provides informational risk signals only. The agent MUST NOT:
- Recommend buying or selling any token — ever
- Use language implying a token is a "good buy", "looks solid", or is "safe to invest in"
- Frame analysis results as investment validation
- Guarantee any token is safe or unsafe
- Replace professional financial advice
- Account for off-chain risks (team, legal, regulatory, market sentiment)
🔒 Read-Only
This skill:
- Never interacts with any wallet
- Never signs or submits any transaction
- Never requests private keys or seed phrases
- Never sends tokens or funds
- Only reads publicly available on-chain data and public API endpoints
🛡️ No API Keys
All data sources are free, public APIs. No API keys are stored or transmitted.
Example Prompts
text
"Rug check DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263"
"Is BONK safe?"
"Check this token for me: 5smiafTeV4ATT6naUWTwzcsvix4VU9nQ7ReyzKiqpump"
"Is this a rug pull? [address]"
"Analyze the risk on this Solana token"
"Do a safety check on $WIF"Dependencies
bash4+curljqbc(for floating-point comparisons)- Internet access to:
api.rugcheck.xyz,api.dexscreener.com,api.mainnet-beta.solana.com
Installation
Terminal bash
openclaw install rug-checker
Copied!
💻Code Examples
bash scripts/detect-token.sh <address_or_name>
bash-scriptsdetect-tokensh-addressorname.txt
**Output varies by input type:**
**If given a Solana address:** JSON with `found: true/false`, `address`, `name`, `symbol`, market data.
**If given a name/symbol:** JSON with `ambiguous: true` and a `candidates` array containing up to 5 matches with address, name, symbol, liquidity, and age. **If detect-token returns candidates, you MUST present them to the user and ask which one they mean. NEVER auto-pick a candidate.** Checking the wrong token is worse than not checking at all.
Example candidate response:}
.txt
Present candidates as a numbered list:
> I found multiple tokens matching "bonk". Which one did you mean?
> 1. **BONK** (Bonk) — `DezXAZ8z...` — $5.0M liquidity, 400d old
> 2. **BONK** (BonkFork) — `56Lc5...` — $12K liquidity, 3d old
Then re-run with the confirmed mint address.
If `found: false` (and not `ambiguous`), tell the user the token couldn't be found and ask them to double-check the address.
### Step 3: Run Risk Analysisbash scripts/analyze-risk.sh <token_address>
bash-scriptsanalyze-risksh-tokenaddress.txt
**Output:** JSON with 10 risk checks, composite score (0-100), tier (SAFE/CAUTION/WARNING/DANGER/CRITICAL).
### Step 4: Generate Reportbash scripts/format-report.sh < analysis.json
bash-scriptsformat-reportsh--analysisjson.txt
**Output:** Formatted Markdown report card with visual risk bars, market overview, and links.
### Step 5: Present to User
Display the formatted report. Add brief commentary based on the tier:
| Tier | Commentary Template |
|------|-------------------|
| 🟢 SAFE (0-15) | "Low on-chain risk indicators detected. Note: this only covers on-chain factors — team, legal, and market risks are not assessed." |
| 🟡 CAUTION (16-35) | "Some yellow flags here. Not necessarily a scam, but proceed with caution and do your own research." |
| 🟠 WARNING (36-55) | "Several risk factors detected. Be careful with this one." |
| 🔴 DANGER (56-75) | "Significant red flags. This has multiple indicators of a potential rug pull." |
| ⛔ CRITICAL (76-100) | "Extreme risk. This token has critical safety issues. Strongly avoid." |
**Always end with the disclaimer** (it's built into format-report.sh). **Never use language that implies a buy/sell recommendation** (e.g., "looks solid", "good investment", "safe bet").
### Discord v2 Delivery Mode (OpenClaw v2026.2.14+)
When running in a Discord channel:
- Send a compact first message with: token, tier, score, and top 3 risk drivers.
- Keep the first message under ~1200 characters; avoid rendering the full long report first.
- If Discord components are available, include quick actions:
- `Show Full Risk Breakdown`
- `Show Data Sources`
- `Re-Run Check`
- If components are unavailable, provide the same options as a numbered list.
- For long reports, send in short chunks (<=15 lines) to avoid noisy channel spam.
## Error Handling
| Error | Cause | Agent Response |
|-------|-------|---------------|
| Exit code 2 from detect-token | Token not found | "I couldn't find that token. Please check the address — it should be a Solana SPL token mint address (32-44 base58 characters)." |
| Exit code 1 from detect-token | API failure | "I'm having trouble reaching the token APIs right now. Try again in a minute." |
| `composite_score: -1` | All data sources failed | "All three data sources are down right now. I can't safely analyze this token without data." |
| `rugcheck` unavailable | Rugcheck API down | Analysis proceeds with DexScreener + Solana RPC (degraded but functional). Note this in your response. |
| `found: true` but name "Unknown" | Token exists on-chain but has no DEX listings | "This token exists on Solana but doesn't appear to be listed on any DEX. It may be too new or a non-tradeable token." |
## Data Sources
| Source | What It Provides | Required? |
|--------|-----------------|-----------|
| Rugcheck.xyz | Mint/freeze authority, top holders, LP locks, risk flags, insider detection, verification status | Primary (most checks degrade without it) |
| DexScreener | Price, volume, liquidity, FDV, market cap, token age, name resolution | Secondary (market context) |
| Solana RPC | On-chain mint/freeze authority verification | Tertiary (fallback verification) |
## Risk Checks (10 points)
| # | Check | Weight | What It Detects |
|---|-------|--------|----------------|
| 1 | Mint Authority | 2.0 | Can creator mint unlimited tokens? |
| 2 | Freeze Authority | 1.5 | Can creator freeze holder wallets? |
| 3 | Holder Concentration | 1.5 | Are tokens concentrated in few wallets? |
| 4 | LP Lock Status | 2.0 | Can liquidity be pulled? (classic rug) |
| 5 | Token Age | 1.0 | How old is the token? |
| 6 | Liquidity Depth | 1.0 | Is there enough liquidity to trade? |
| 7 | Rugcheck Flags | 1.0 | Rugcheck.xyz automated risk flags |
| 8 | Insider Activity | 1.5 | Coordinated wallet networks detected? |
| 9 | Transfer Fee | 1.0 | Hidden tax on transfers? |
| 10 | Verification | 0.5 | Listed on Jupiter? |
## Safety
### ⚠️ NOT Financial Advice — This Is Non-Negotiable
This skill provides **informational risk signals only**. The agent MUST NOT:
- Recommend buying or selling any token — ever
- Use language implying a token is a "good buy", "looks solid", or is "safe to invest in"
- Frame analysis results as investment validation
- Guarantee any token is safe or unsafe
- Replace professional financial advice
- Account for off-chain risks (team, legal, regulatory, market sentiment)
A low risk score means **low on-chain risk indicators were detected** — it does NOT mean the token is a good investment or free from risk.
### 🔒 Read-Only
This skill:
- **Never** interacts with any wallet
- **Never** signs or submits any transaction
- **Never** requests private keys or seed phrases
- **Never** sends tokens or funds
- Only reads publicly available on-chain data and public API endpoints
### 🛡️ No API Keys
All data sources are free, public APIs. No API keys are stored or transmitted.
## Example Promptsexample.json
{
"query": "bonk",
"ambiguous": true,
"candidates": [
{"address": "DezXAZ8z...", "name": "Bonk", "symbol": "BONK", "liquidity_usd": 5000000, "age": "400d"},
{"address": "56Lc5...", "name": "BonkFork", "symbol": "BONK", "liquidity_usd": 12000, "age": "3d"}
]
}example.txt
"Rug check DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263"
"Is BONK safe?"
"Check this token for me: 5smiafTeV4ATT6naUWTwzcsvix4VU9nQ7ReyzKiqpump"
"Is this a rug pull? [address]"
"Analyze the risk on this Solana token"
"Do a safety check on $WIF"Tags
#image_and-video-generation
Quick Info
Category Content Creation
Model Claude 3.5
Complexity One-Click
Author tkuehnl
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install rug-checker
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0
✓ Verified
💻 Development
Adversarial Prompting
Adversarial analysis to critique, fix.
🧠 Claude-Ready
)}
★ 4.6 (372)
↓ 28,222
v1.0.0