Skip to main content
Glama
cassh100k

ScanHood MCP Server

by cassh100k

ScanHood — open-source safety layer

This is the actual code running live behind scanhood.xyz, a safety and analytics layer for Robinhood Chain (chain ID 4663). Published so the detection logic can be read and audited directly, instead of trusted as a black box.

No external security API covers this chain (GoPlus rejects chain 4663, GMGN's API is walled off), so every check here runs on-chain, from scratch.

What's in here

  • honeypot/scan.js — the honeypot/rug detector. Simulates a real buy + sell round-trip via a single eth_call (no gas spent, nothing deployed): it constructs a small contract whose constructor buys the token, tries to sell it, and reverts with the encoded result. That revert-with-data trick is the whole mechanism — read the file, it's under 150 lines.

  • api/server.js — the REST API (/api/scan, /api/safe-launches, /api/search, /api/ohlcv, /api/quote, /api/launch, /api/watchlist). Composes the honeypot result with an LP-lock check (who actually controls the liquidity), contract-verification status, and deployer-reputation lookup into one PASS / CAUTION / DANGER verdict.

  • mcp/server.js — a Model Context Protocol server exposing the same API as native tools, so an agent (Claude, etc.) can call scan_token, safe_launches, build_launch_tx, etc. directly instead of hand-rolling HTTP calls.

Live docs with request/response examples: https://scanhood.xyz/docs

Related MCP server: aegis-defi

Architecture, honestly

            ┌─────────────┐
  agents ──▶│ mcp/server  │──▶  api/server  ──▶  honeypot/scan (eth_call sim)
  humans ──▶│  (MCP)      │        │        ├──▶ Blockscout (verification, LP holders)
            └─────────────┘        │        └──▶ DexScreener (price/liquidity/volume)
                                    ▼
                    optional data feeds (deployer reputation,
                    other-launchpad allowlists, RWA issuer set —
                    each is a separate cron-refreshed collector,
                    not included in this repo, degrades gracefully
                    to "unknown" if absent)

Everything marked "optional" in .env.example is a static JSON file your own cron/collector can produce in whatever shape matches the field names read in api/server.js — the API itself never assumes a specific pipeline for them.

Run it

npm install
cp .env.example .env   # optional — every feature has a working default
npm run api            # http://127.0.0.1:8946
npm run mcp             # http://127.0.0.1:8948/mcp
node honeypot/scan.js 0xYourTokenAddress   # CLI, standalone

What's not in here, and why

  • The launchpad contracts. ScanHood's no-rug launchpad is a fork of the open-source Pons locked-LP factory — that's upstream's code to publish, not ours to re-vendor here. api/server.js's /api/launch just needs a factory address + fee in .env; point it at any factory with the same launchToken/predictTokenAddress signature.

  • The frontend. This repo is the audit surface (the "how do we decide PASS/CAUTION/DANGER" logic) — not the site's UI.

  • Trade execution / custody. Nothing here holds a private key. /api/launch and /api/quote only ever return unsigned transactions or read-only quotes for you to sign yourself.

Disclaimer

These are automated on-chain heuristics. They reduce risk; they are not a guarantee. "Sellable" means the honeypot simulation passed, not "safe to buy." Always do your own research.

A
license - permissive license
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cassh100k/scanhood'

If you have feedback or need assistance with the MCP directory API, please join our Discord server