token-rugcheck
Provides tools for performing automated safety audits on Solana tokens, allowing AI agents to retrieve risk scores, liquidity analysis, and security flags to identify potential scams and vulnerabilities.
Token RugCheck — Solana Token Safety Audit for AI Agents
We're LIVE on Mainnet! Try the interactive playground:
https://rugcheck.aethercore.dev/playground
# Quick test — no setup needed
curl https://rugcheck.aethercore.dev/health
# Free tier (20 requests/day per IP, no payment needed)
curl https://rugcheck.aethercore.dev/v1/audit/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
# After free quota exhausted, see the 402 paywall
curl https://rugcheck.aethercore.dev/v1/audit/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263What you get: A three-layer safety audit for any Solana token — machine-readable verdict, LLM-friendly analysis, and raw evidence — all in one API call. 20 free requests/day per IP, then $0.02 USDC per request.
Powered by ag402 on-chain micropayments.
Disclaimer: Not financial advice (NFA). Token safety scores are automated heuristics — may be inaccurate or outdated. DYOR. The authors accept no liability for losses.
Live Demos (Mainnet)
All demos below are real mainnet transactions — left side is the client, right side is the production server logs.
1. Wallet Setup (ag402 setup)
https://github.com/user-attachments/assets/fb6b1ecb-8d42-43b7-9939-4751ca09b63f
2. Auditing a Safe Token (BONK — risk score 3, SAFE)
https://github.com/user-attachments/assets/4b3814ae-96af-496b-86b7-c80cddef1475
3. Auditing a Risky Token (TRUMP — risk score 60, HIGH)
https://github.com/user-attachments/assets/6e359374-8caf-41c7-8bd1-14f63eb6d6e8
How It Works
Your AI Agent RugCheck Service
│ │
│ GET /v1/audit/{mint} │
├─────────────────────────────────────▶│
│ │
│ 200 OK + Audit Report │ ← Free tier (20/day per IP)
│ X-Free-Remaining: 19 │
│◀─────────────────────────────────────┤
│ │
│ ... after free quota exhausted ... │
│ │
│ GET /v1/audit/{mint} │
├─────────────────────────────────────▶│
│ │
│ 402 Payment Required │
│ (pay 0.02 USDC on Solana) │
│◀─────────────────────────────────────┤
│ │
│ USDC payment (on-chain) │
├─────────────────────────────────────▶│
│ │
│ 200 OK + Audit Report │
│◀─────────────────────────────────────┤Input a Solana token mint address → get a three-layer report:
Layer | For | Content |
Action | Machines |
|
Analysis | LLMs | Summary, red flags, green flags |
Evidence | Humans | Price, liquidity, holder distribution, mint/freeze authority, raw data |
Data sources: RugCheck.xyz + DexScreener + GoPlus Security (concurrent fetch, graceful degradation).
Try It Now (3 minutes)
Step 1: Install
pip install "ag402-core[crypto]" httpxStep 2: Set up your wallet
ag402 setup
# Choose: Consumer → Mainnet
# Enter your Solana private key (encrypted locally with AES)
# Set safety limits (default: $10/day max)Step 3: Run an audit
# Python one-liner
python3 -c "
import asyncio, httpx, ag402_core
ag402_core.enable()
async def run():
async with httpx.AsyncClient(timeout=30.0) as c:
r = await c.get('https://rugcheck.aethercore.dev/v1/audit/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263')
print(r.json()['action'])
asyncio.run(run())
"Or in Python:
import asyncio, httpx, ag402_core
ag402_core.enable() # Auto-handles 402 → pay → retry
async def check_token(mint: str):
async with httpx.AsyncClient(timeout=30.0) as client:
resp = await client.get(
f"https://rugcheck.aethercore.dev/v1/audit/{mint}"
)
report = resp.json()
action = report["action"]
if not action["is_safe"]:
print(f"DANGER — risk score {action['risk_score']}/100")
for flag in report["analysis"]["red_flags"]:
print(f" 🚩 {flag['message']}")
else:
print(f"SAFE — {report['analysis']['summary']}")
asyncio.run(check_token("DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263"))Requirements: Your wallet needs USDC (for payments) and a small amount of SOL (for transaction fees, ~0.01 SOL).
Command-line Audit Tool (ag402 pay)
You can audit any token directly from the command line using the ag402 CLI:
# Single request with auto-payment
ag402 pay https://rugcheck.aethercore.dev/v1/audit/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
# Or use the Python snippet above with a custom gatewayNote:
mainnet_buyer_test.py(referenced in OPERATIONS.md history) is a local wallet test script intentionally excluded from the repo via.gitignore— it contains wallet-specific configuration not suitable for distribution.
API Reference
Base URL: https://rugcheck.aethercore.dev
Endpoints
Method | Path | Auth | Description |
GET |
| USDC payment | Full safety audit report |
GET |
| None | Trending tokens from DexScreener |
GET |
| None | Interactive web UI — audit tokens in the browser |
GET |
| None | Service health + upstream status |
GET |
| Loopback only | Request counts + cache hit rate |
GET |
| Loopback only | Prometheus metrics |
GET |
| USDC payment | Deprecated — use |
Audit Response Schema
{
"contract_address": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263",
"chain": "solana",
"audit_timestamp": "2026-03-08T12:34:56.789012+00:00",
"degraded": false,
"action": {
"is_safe": true,
"risk_level": "SAFE",
"risk_score": 3
},
"analysis": {
"summary": "No significant risk signals detected. Always do your own research (DYOR).",
"red_flags": [
{"level": "LOW", "message": "Token metadata is mutable — common for Solana tokens."}
],
"green_flags": [
{"message": "Mint authority renounced (Mint Renounced)."},
{"message": "Liquidity pool is sufficiently protected (LP Burned or Locked)."},
{"message": "No freeze authority (Not Freezable)."}
]
},
"evidence": {
"token_name": "Bonk",
"token_symbol": "Bonk",
"price_usd": 0.00012,
"liquidity_usd": 85000000.0,
"is_mintable": false
},
"metadata": {
"data_sources": ["RugCheck", "DexScreener", "GoPlus"],
"data_completeness": "full",
"cache_hit": false,
"data_age_seconds": 0,
"response_time_ms": 738,
"disclaimer": "This report is generated by automated data aggregation. Not financial advice (NFA)."
}
}Key Fields
Field | Type | Description |
|
| Machine-readable verdict |
|
| 0 (safest) to 100 (most dangerous) |
|
|
|
|
|
|
|
|
|
|
|
|
Health Check
# Development mode — detailed info
GET /health → {"status": "ok", "service": "token-rugcheck-mcp", "version": "0.1.0"}
# Production mode (RUGCHECK_PRODUCTION=true) — minimal, no internal details
GET /health → {"status": "ok"}
| Meaning |
| All systems normal |
| Upstream API failures — service continues with available data |
Deployment Guide (Self-hosting)
Automated Deployment: See OPERATIONS.md for one-click scripts and ops runbook.
Architecture
Client (AI Agent)
│ HTTPS
▼
Cloudflare (SSL termination, DDoS protection)
│ HTTP:80
▼
┌─────────────────────────────────────────────────┐
│ Docker Compose │
│ ┌──────────────────────┐ ┌──────────────────┐ │
│ │ ag402-gateway :80 │ │ rugcheck-audit │ │
│ │ (QuotaAwareGateway) │ │ :8000 (internal) │ │
│ │ │ │ Audit engine │ │
│ │ free quota left? │ │ │ │
│ │ ├─ yes → HTTP proxy─┼─▶│ │ │
│ │ └─ no → 402 pay │ │ │ │
│ └──────────────────────┘ └──────────────────┘ │
└─────────────────────────────────────────────────┘Three Environments
Environment | Blockchain | Real Funds | Use Case |
Test (mock) | None | No | Local dev, CI |
Devnet | Solana Devnet | No (faucet) | Integration testing |
Production | Solana Mainnet | Yes | Live service |
Quick Start — Test Mode (zero config)
pip install -e .
python -m rugcheck.main & # Audit server on :8000
python -m rugcheck.gateway & # Gateway on :8001 (mock payments)
curl http://localhost:8001/v1/audit/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263Quick Start — Production (Docker)
# 1. One-click deploy to your server
bash scripts/deploy-oneclick.sh
# Or manually:
cp .env.example .env # Edit with your wallet address + keys
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -dProvider .env (Production)
X402_MODE=production
X402_NETWORK=mainnet
AG402_ADDRESS=<your_solana_wallet> # Receives USDC payments
AG402_PRICE=0.02 # USDC per audit
SOLANA_RPC_URL=https://api.mainnet-beta.solana.com # Read-only RPC for payment verification
RUGCHECK_PRODUCTION=true # Disable /docs, harden /health response
UVLOOP_INSTALL=0 # Required: prevents uvloop/aiosqlite crash
# Optional: prepaid fast-path (~1ms per request instead of ~500ms)
# Generate: python -c "import secrets; print(secrets.token_hex(32))"
AG402_PREPAID_SIGNING_KEY=<random_32+_char_key>
# Optional: higher GoPlus rate limits
GOPLUS_APP_KEY=<key>
GOPLUS_APP_SECRET=<secret>Note: As a seller/provider, you do not need
SOLANA_PRIVATE_KEY. The gateway verifies buyer payments via read-only RPC — no signing required.
Consumer Setup
pip install "ag402-core[crypto]" httpx
ag402 setup # Interactive wizard
ag402 status # Verify wallet + balanceimport ag402_core
ag402_core.enable()
# Now all httpx requests auto-handle 402 → pay → retryConfiguration Reference
Service
Variable | Default | Description |
|
| Bind address |
|
| Bind port |
|
|
|
|
|
|
|
| Worker processes |
|
| Cache TTL (short to catch rug pulls) |
|
| Max cached entries (LRU) |
|
| Free requests per IP per day |
|
| Enable/disable the free tier in the gateway |
|
| Paid requests per IP per minute |
Upstream APIs
Variable | Default | Description |
|
| DexScreener timeout |
|
| GoPlus timeout |
|
| RugCheck timeout |
| — | GoPlus API key (optional) |
| — | GoPlus API secret |
ag402 Payment
Variable | Default | Description |
|
| USDC per request |
| — | Provider wallet (receives payments) |
|
| Gateway port |
| — | HMAC signing key for prepaid fast-path (optional, |
|
|
|
|
|
|
|
| Read-only Solana RPC for payment verification |
Consumer Safety Limits
Variable | Default | Description |
|
| Max daily spend (USD) |
|
| Max per-transaction |
|
| Max spend per minute |
|
| Max transactions per minute |
ag402 CLI Reference
ag402 setup # Interactive setup wizard
ag402 status # Dashboard: mode, wallet, balance
ag402 balance # Check SOL + USDC balance
ag402 doctor # Diagnose environment issues
ag402 history --limit 10 # Recent transactions
ag402 pay <url> # Send a single paid request
ag402 demo # Quick E2E test (mock mode)
ag402 demo --devnet # E2E test with Devnet transactions
ag402 info # Protocol version
# Prepaid packages (v0.1.15+) — pre-purchase call bundles for ~1ms per request
ag402 prepaid buy <gateway_url> <package_id> # Purchase a prepaid package
ag402 prepaid status # List all credentials + remaining calls
ag402 prepaid purge # Remove expired/depleted credentials
ag402 prepaid pending # Show in-flight purchase (if any)
ag402 prepaid recover <gateway_url> # Recover credential after timeout/network failureDevelopment
pip install -e ".[dev]"
python -m pytest tests/ -v # 153 tests
ruff check src/ tests/ # Lint
python examples/demo_agent.py # E2E demo (direct)
python examples/demo_agent.py --with-gateway # E2E demo (with payment)Project Structure
src/rugcheck/
├── config.py # Environment-based configuration
├── models.py # Pydantic models (report schema)
├── cache.py # Async-safe TTL cache (LRU, asyncio.Lock)
├── quota.py # Shared quota & IP resolution (DailyQuota, resolve_client_ip)
├── server.py # FastAPI app + rate limiter + health checks
├── main.py # Audit server entry point
├── gateway.py # ag402 gateway entry point
├── gateway_wrapper.py # QuotaAwareGateway — free-tier bypass + HTTP proxy
├── fetchers/
│ ├── base.py # BaseFetcher ABC
│ ├── goplus.py # GoPlus Security API
│ ├── rugcheck.py # RugCheck.xyz API
│ ├── dexscreener.py # DexScreener API
│ └── aggregator.py # Concurrent fetch + merge
└── engine/
└── risk_engine.py # Deterministic rule-based scoringSecurity
Free-tier gateway — 20/day per IP with
X-Free-Remainingheader; quota-exhausted → 402Rate limiting — free: 20/day per IP; paid: 120/min per IP
Trusted proxy model —
CF-Connecting-IPonly trusted from Cloudflare IPs; IPv6 normalizedHeader stripping — proxy/hop-by-hop headers stripped before forwarding (anti-spoofing)
Production hardening —
/docs,/redoc,/openapi.jsondisabledGateway fail-safe — refuses to start if payment verifier fails in production
Graceful degradation — free-tier proxy failure falls through to 402 payment path
CSP-hardened playground — zero inline event handlers, all user data escaped, whitelist-validated CSS injection points
Cache isolation — deep-copy on get/set prevents shared state corruption
Degraded short-TTL — incomplete reports cached only 10s
Prometheus path normalization — prevents cardinality explosion
Upstream protection —
Semaphore(20)+max_connections=50Error sanitization — never exposes internal paths
Troubleshooting
Problem | Cause | Fix |
| Free daily quota exhausted (check | Wait for UTC midnight reset, or use |
| Wallet SOL too low for ATA creation | Send ≥ 0.01 SOL to your wallet |
| Solana network confirmation timeout | Retry — transient network issue |
| Missing crypto deps |
|
| Missing crypto deps |
|
Gateway keeps restarting | Missing | Check |
Health returns | Upstream APIs failing | Service continues with available sources — check |
License
MIT
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AetherCore-Dev/token-rugcheck'
If you have feedback or need assistance with the MCP directory API, please join our Discord server