SicariusGuard
SicariusGuard is a Solana token safety oracle for AI agents, trading bots, and developers, offering multi-layer risk analysis of SPL tokens before swapping or trading. It integrates natively with AI agents and LLMs via MCP for autonomous risk assessment, and supports pay-per-call micropayments using SOL via the x402 protocol.
check_token_safety: 5-layer on-chain safety check (mint authority, freeze authority, Token-2022 extensions, honeypot simulation, holder concentration) returning a risk score (0β100) and verdict (SAFE / CAUTION / HIGH_RISK / CRITICAL)check_honeypot: Simulate a sell order through Jupiter DEX to detect honeypot traps without real costcheck_holder_concentration: Analyze top holder distribution to flag concentrated supply (top-1 >50%, top-5 >80%, top-10 >90%) as rug pull indicatorsfull_token_scan: Most comprehensive 7-layer scan combining on-chain byte-level inspection with Birdeye market intelligence and Helius wallet reputation, using a weighted scoring model (60% on-chain / 25% market / 15% reputation)get_wallet_reputation: Investigate a Solana wallet's trustworthiness via Helius DAS identity, funding chain analysis, deployer age, and known entity classificationget_market_intel: Real-time Birdeye market data (price, 24h volume, liquidity depth, market cap, holder count) with risk flags such as wash trading or low liquiditybatch_scan: Scan up to 10 tokens in parallel for portfolio-level or watchlist risk assessment
Provides real-time Solana token safety analysis combining byte-level on-chain inspection, market intelligence, and wallet reputation scoring for AI agents and trading bots.
π‘οΈ SicariusGuard
Solana Token & NFT Safety Oracle for AI Agents & Trading Bots
Real-time token and NFT safety analysis combining byte-level on-chain inspection, LP lock verification, deployer reputation scoring, market intelligence, and NFT fraud detection. Built for autonomous AI agents, MCP-enabled LLMs, and trading infrastructure.
"Don't trade blind. Query SicariusGuard before every swap."
π Live API: https://sicarius-guard-640545264957.us-east4.run.app
# Try it now β no auth required (100 free calls/day)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/scan/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263π Table of Contents
Related MCP server: RAD Security
π What It Does
SicariusGuard performs 12 layers of safety analysis on any Solana SPL token or NFT:
On-Chain Safety (Layers 1-5)
Layer | Source | Detection |
π Mint Authority | Raw SPL mint bytes | Can deployer print infinite tokens? |
π§ Freeze Authority | SPL layout offset 46 | Can deployer freeze any wallet? |
β οΈ Token-2022 Extensions | Extension type scan | PermanentDelegate, TransferHook, ConfidentialTransfers |
π― Honeypot Detection | Jupiter sell simulation | Can you actually sell this token? |
π Holder Concentration |
| Top 5 wallets controlling >50% supply? |
LP & Token Maturity (Layers 6-8)
Layer | Source | Detection |
π LP Lock/Burn | Raydium V4 byte decode + GeckoTerminal | Is liquidity locked, burned, or unlocked? |
β° Token Age | Helius enhanced RPC | Newborn (<24h)? Young (<7d)? Mature? |
βοΈ Unified Scoring | 5-axis weighted engine | Combined risk across all layers |
Intelligence & Reputation (Layers 9-12)
Layer | Source | Detection |
π Market Intel | Birdeye API | Liquidity, volume, wash trading, manipulation |
π Wallet Reputation | Helius Identity + Funded-By | Is the deployer a known scammer? |
π΅οΈ Deployer Recon | DAS + Enhanced TX | Serial rugger? Burner wallet? Dead token history? |
πΌοΈ NFT Intelligence | Helius DAS + Magic Eden | Counterfeit collection? Unverified creators? Pricing anomaly? |
5-Axis Weighted Risk Scoring
finalScore = (onChain Γ 0.45) + (lpLock Γ 0.15) + (age Γ 0.05) + (market Γ 0.22) + (reputation Γ 0.13)
0 β SAFE
1-15 β CAUTION
16-50 β HIGH_RISK
51-100 β CRITICALWeight | Source | What It Catches |
45% | On-chain safety | Mint/freeze authority, honeypots, extensions, supply |
15% | LP lock analysis | Unlocked liquidity, unburned LP tokens, lock duration |
5% | Token age | Newborn tokens (<24h), recently deployed |
22% | Birdeye market data | Low liquidity, wash trading, price manipulation |
13% | Helius wallet intel | Scammer wallets, suspicious funding chains, burner deployers |
π Quick Start
# Clone
git clone https://github.com/Chronolapse411/sicarius-guard.git
cd sicarius-guard
# Install
npm install
# Configure
cp .env.example .env
# Add your HELIUS_RPC_URL and optionally BIRDEYE_API_KEY
# Build & Run
npm run build
npm startπ‘ API Endpoints
REST API (Port 3400)
Method | Endpoint | Description |
|
| Full on-chain safety analysis |
|
| Convenience GET for safety check |
|
| Full 12-layer analysis + Birdeye + Helius + deployer recon |
|
| Convenience GET for enriched scan |
|
| Honeypot-only check (Jupiter sell sim) |
|
| Holder concentration analysis |
|
| LP lock/burn status for a token |
|
| Token creation date and age category |
|
| Deployer reconnaissance dossier |
|
| NFT safety analysis (Magic Eden + Helius DAS) |
|
| x402 payment pricing table |
|
| Service health check with cache stats |
Example Request
# Basic safety check (BONK)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/check/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
# Full 12-layer scan
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/scan/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
# LP lock check (POPCAT β 99.2% burned, 20,865 SOL liquidity)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/lp-lock/7GCihgDB8fe6LNjn2MYtkzZcRjQy3t9GHdC8uHYmW2hr
# NFT safety check (Mad Lads #7541)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/nft-check/7zuR45WCsAsWsrqvYPyvLXFiCRKuvjh7HrMcNJ6F36Kd
# Deployer recon (checks if a wallet is a serial scammer)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/deployer/BGkkEeg4Gj8VcoerFb2RephZNkTEfHmzJBZMv4S7qVTQExample Response (/v1/scan)
{
"safety": {
"safe": true,
"riskScore": 0,
"verdict": "SAFE",
"checks": {
"mintAuthority": { "status": "REVOKED", "safe": true },
"freezeAuthority": { "status": "REVOKED", "safe": true },
"token2022Extensions": { "status": "CLEAN", "safe": true },
"supplyConcentration": { "status": "OK", "safe": true }
}
},
"honeypot": { "isHoneypot": false, "sellable": true },
"holders": { "concentrated": false, "stats": { "top10Pct": 8.2 } },
"lpLock": {
"status": "burned",
"burnPct": 99.2,
"liquiditySOL": 20865,
"poolCreatedAt": "2023-12-12T..."
},
"tokenAge": {
"ageCategory": "mature",
"createdAt": "2022-12-08T...",
"ageDays": 1259
},
"deployerRecon": {
"verdict": "CLEAN",
"recidivismScore": 0,
"portfolioSize": 1
},
"combined": {
"safe": true,
"finalScore": 0,
"verdict": "SAFE",
"summary": "All checks passed β token appears safe"
}
}π€ MCP Server (for AI Agents)
SicariusGuard exposes tools via the Model Context Protocol (MCP), enabling LLMs and agent frameworks to call safety checks natively.
Available MCP Tools (11)
Tool | Description | Read-Only |
| 5-layer on-chain rug pull, honeypot, and holder analysis | β |
| Jupiter DEX sell simulation β zero cost, quote-only | β |
| Top holder distribution analysis with concentration flags | β |
| LP lock/burn status β Raydium V4 byte decode + burn detection | β |
| Token creation date and age category via Helius RPC | β |
| 12-layer scan: on-chain + LP + age + market + reputation + deployer | β |
| Helius DAS identity, funding chain, deployer age analysis | β |
| Birdeye market data: price, volume, liquidity, risk flags | β |
| Deployer reconnaissance β portfolio health, serial scammer detection | β |
| NFT safety analysis β collection verification, floor price, risk scoring | β |
| Parallel 12-layer scan of up to 10 tokens per call | β |
Install via npx (Recommended)
# Run directly β no cloning required
npx sicarius-guardInstall in Claude Code
claude mcp add sicarius-guard -- npx -y sicarius-guardInstall in Cursor
Or manually add to your Cursor MCP config:
{
"mcpServers": {
"sicarius-guard": {
"command": "npx",
"args": ["-y", "sicarius-guard"],
"env": {
"HELIUS_RPC_URL": "https://mainnet.helius-rpc.com/?api-key=YOUR_KEY",
"BIRDEYE_API_KEY": "your-birdeye-key"
}
}
}
}Install in VS Code
Or via CLI:
code --add-mcp '{"name":"sicarius-guard","command":"npx","args":["-y","sicarius-guard"]}'Install from Source (Claude Desktop / Cursor)
{
"mcpServers": {
"sicarius-guard": {
"command": "node",
"args": ["dist/mcp-server.js"],
"cwd": "/path/to/sicarius-guard",
"env": {
"HELIUS_RPC_URL": "https://mainnet.helius-rpc.com/?api-key=YOUR_KEY",
"BIRDEYE_API_KEY": "your-birdeye-key"
}
}
}
}ποΈ Architecture
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SicariusGuard v1.1 β
β β
β βββββββββββββββ βββββββββββββββ ββββββββββββββββββββββββ β
β β REST API β β MCP Server β β x402 Payment Gate β β
β β Express 5 β β 11 tools β β SOL Micropayments β β
β β 12 endpts β β stdio β β β β
β ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββββββ¬ββββββββββββ β
β β β β β
β ββββββββΌβββββββββββββββββΌββββββββββββββββββββββΌββββββββββββ β
β β 12-Layer Analysis Engine β β
β β β β
β β token_safety.ts β β β
β β honeypot_sim.ts ββ On-Chain (45%) β β
β β holder_analysis.tsβ β β
β β lp_lock.ts LP Lock (15%) β β
β β token_age.ts Age (5%) β β
β β birdeye.ts Market (22%) β β
β β helius_wallet.ts Rep (13%) β β
β β scoring.ts Unified 5-Axis Engine β β
β β deployer_recon.ts Deployer Reconnaissance β β
β β nft_intel.ts NFT Intelligence (ME + DAS) β β
β ββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββ β
β β β
β βββββββββββββ¬ββββββββββββΌββββββββββββ¬ββββββββββββββ β
β βΌ βΌ βΌ βΌ βΌ β
β βββββββββ βββββββββββ ββββββββββ ββββββββββββ βββββββββββ β
β βSolana β βBirdeye β βHelius β βMagic Edenβ βGecko β β
β βRPC β βAPI v3 β βDAS+RPC β βv2 (free) β βTerminal β β
β βββββββββ βββββββββββ ββββββββββ ββββββββββββ βββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββπ° x402 Payment Protocol
SicariusGuard implements the x402 HTTP Payment Required protocol for machine-native micropayments. AI agents can pay per API call with SOL β no registration, no API keys, no accounts.
How It Works
1. Agent hits /v1/scan β gets 402 + payment instructions
2. Agent sends SOL to treasury wallet
3. Agent retries with X-PAYMENT: <tx_signature>
4. Server verifies on-chain β returns safety dataPricing
Endpoint | Price (SOL) | Description |
| 0.001 | On-chain safety check |
| 0.002 | Full 12-layer scan |
| 0.0005 | Honeypot simulation |
| 0.0005 | Holder analysis |
| 0.001 | NFT safety check |
Example (Paid Request)
# Step 1: Get pricing + treasury address
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/pricing
# Step 2: Send SOL to treasury address (returned in pricing response)
solana transfer <TREASURY_ADDRESS> 0.002
# Step 3: Use tx signature as payment proof
curl -X POST https://sicarius-guard-640545264957.us-east4.run.app/v1/scan \
-H "Content-Type: application/json" \
-H "X-PAYMENT: <your_tx_signature>" \
-d '{"mint": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263"}'Security
On-chain verification β Every payment is verified against Solana mainnet
Replay protection β Each tx signature can only be used once
Amount validation β Exact SOL amount must match endpoint pricing
Freshness check β Transactions older than 10 minutes are rejected
Verified live on mainnet β Tested with real SOL transfers
Access Tiers
Tier | Auth Method | Rate Limit |
Free | None | 100 calls/day per IP |
x402 Pay-Per-Call |
| Unlimited |
π§ Configuration
Variable | Description | Default |
| Solana RPC endpoint (Helius recommended) |
|
| API server port |
|
| Bind address |
|
| Birdeye API key (optional, enriches scans) | β |
| SOL payment recipient (x402) | β |
| Cache duration |
|
| Free tier rate limit |
|
| Upstash Redis URL for persistent rate limiting | β |
| Upstash Redis auth token | β |
π Performance
Tested with 50-token bulk scan on Solana mainnet:
Metric | Value |
Success rate | 50/50 (100%) |
Avg response time | 5.4s |
x402 payment verification | Verified live on mainnet |
π¦ Tech Stack
Runtime: Node.js 22+ (ESM)
Language: TypeScript 5.9
Blockchain: @solana/web3.js (direct RPC, no wrapper SDKs)
API: Express 5
MCP: @modelcontextprotocol/sdk
Market Data: Birdeye API v3
NFT Data: Magic Eden v2 API (free tier)
Wallet Intel: Helius DAS / Identity / Funded-By APIs
Pool Data: GeckoTerminal API + Raydium V4 byte decode
π‘οΈ Why SicariusGuard?
Most token safety tools rely on third-party APIs that can be gamed. SicariusGuard reads raw mint account bytes directly from the blockchain β the same data the Solana runtime uses to execute transactions. No middleman, no stale data, no API that can be fooled.
Feature | SicariusGuard | RugCheck | GoPlus |
Byte-level SPL analysis | β | β | β |
Token-2022 extension scanning | β | β | Partial |
Jupiter honeypot simulation | β | β | β |
LP lock/burn detection | β | β | β |
Raydium V4 byte decode | β | β | β |
Token age analysis | β | β | β |
Deployer serial scammer detection | β | β | β |
NFT fraud detection | β | β | β |
Helius wallet reputation | β | β | β |
12-layer weighted scoring | β | β | β |
MCP server for AI agents | β | β | β |
x402 pay-per-call (SOL) | β | β | β |
Self-hosted (no vendor lock-in) | β | β | β |
Birdeye market enrichment | β | β | β |
Sub-6s full scan | β | β | β |
π Related MCP Servers
Build powerful agentic workflows by combining SicariusGuard with these complementary MCP servers:
Server | Description | Use With SicariusGuard |
AI-powered smart contract auditing for Solidity & Anchor/Rust | Audit the contract β scan the token with SicariusGuard | |
Real-time cryptocurrency market data | Get macro market context β validate token safety | |
DeFi safety layer β SPL approval scans & contract registry | Check approvals β scan token safety with SicariusGuard | |
Stock & market data for AI assistants | Cross-market correlation analysis |
β Star History
π License
MIT β Built by Chronolapse411
π Links
Twitter/X: @chronolapse411
Author: @Chronolapse411
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Chronolapse411/sicarius-guard'
If you have feedback or need assistance with the MCP directory API, please join our Discord server