SicariusGuard
SicariusGuard is a Solana token safety oracle for AI agents, trading bots, and developers, offering multi-layer risk analysis of SPL tokens before swapping or trading. It integrates natively with AI agents and LLMs via MCP for autonomous risk assessment, and supports pay-per-call micropayments using SOL via the x402 protocol.
check_token_safety: 5-layer on-chain safety check (mint authority, freeze authority, Token-2022 extensions, honeypot simulation, holder concentration) returning a risk score (0β100) and verdict (SAFE / CAUTION / HIGH_RISK / CRITICAL)check_honeypot: Simulate a sell order through Jupiter DEX to detect honeypot traps without real costcheck_holder_concentration: Analyze top holder distribution to flag concentrated supply (top-1 >50%, top-5 >80%, top-10 >90%) as rug pull indicatorsfull_token_scan: Most comprehensive 7-layer scan combining on-chain byte-level inspection with Birdeye market intelligence and Helius wallet reputation, using a weighted scoring model (60% on-chain / 25% market / 15% reputation)get_wallet_reputation: Investigate a Solana wallet's trustworthiness via Helius DAS identity, funding chain analysis, deployer age, and known entity classificationget_market_intel: Real-time Birdeye market data (price, 24h volume, liquidity depth, market cap, holder count) with risk flags such as wash trading or low liquiditybatch_scan: Scan up to 10 tokens in parallel for portfolio-level or watchlist risk assessment
Provides real-time Solana token safety analysis combining byte-level on-chain inspection, market intelligence, and wallet reputation scoring for AI agents and trading bots.
π‘οΈ SicariusGuard
Solana Token Safety Oracle for AI Agents & Trading Bots
Real-time token safety analysis combining byte-level on-chain inspection, market intelligence, and wallet reputation scoring. Built for autonomous AI agents, MCP-enabled LLMs, and trading infrastructure.
"Don't trade blind. Query SicariusGuard before every swap."
π Live API: https://sicarius-guard-640545264957.us-east4.run.app
# Try it now β no auth required (100 free calls/day)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/scan/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263π What It Does
SicariusGuard performs 7 layers of safety analysis on any Solana SPL token:
Layer | Source | Detection |
π Mint Authority | Raw SPL mint bytes | Can deployer print infinite tokens? |
π§ Freeze Authority | SPL layout offset 46 | Can deployer freeze any wallet? |
β οΈ Token-2022 Extensions | Extension type scan | PermanentDelegate, TransferHook, ConfidentialTransfers |
π― Honeypot Detection | Jupiter sell simulation | Can you actually sell this token? |
π Holder Concentration |
| Top 5 wallets controlling >50% supply? |
π Market Intelligence | Birdeye API | Liquidity, volume, wash trading, manipulation |
π Wallet Reputation | Helius Identity + Funded-By | Is the deployer wallet a known scammer? |
Weighted Risk Scoring (60/25/15 Model)
finalScore = (onChainRisk Γ 0.60) + (marketRisk Γ 0.25) + (reputationRisk Γ 0.15)
0 β SAFE
1-15 β CAUTION
16-50 β HIGH_RISK
51-100 β CRITICALWeight | Source | What It Catches |
60% | On-chain safety | Mint/freeze authority, honeypots, extensions |
25% | Birdeye market data | Low liquidity, wash trading, price manipulation |
15% | Helius wallet intel | Scammer wallets, suspicious funding chains |
Related MCP server: RAD Security
π Quick Start
# Clone
git clone https://github.com/Chronolapse411/sicarius-guard.git
cd sicarius-guard
# Install
npm install
# Configure
cp .env.example .env
# Add your HELIUS_RPC_URL and optionally BIRDEYE_API_KEY
# Build & Run
npm run build
npm startπ‘ API Endpoints
REST API (Port 3400)
Method | Endpoint | Description |
|
| Full on-chain safety analysis |
|
| Convenience GET for safety check |
|
| Full analysis + Birdeye + Helius wallet intel |
|
| Convenience GET for enriched scan |
|
| Honeypot-only check (Jupiter sell sim) |
|
| Holder concentration analysis |
|
| x402 payment pricing table |
|
| Payment verification stats |
|
| Service health check |
Example Request
# Basic safety check (BONK)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/check/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
# Full scan with Birdeye + Helius enrichment
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/scan/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263Example Response (/v1/scan)
{
"safety": {
"safe": true,
"riskScore": 0,
"verdict": "SAFE",
"reason": "SAFE β mint/freeze revoked, no dangerous extensions, supply OK",
"checks": {
"mintAuthority": { "status": "REVOKED", "safe": true },
"freezeAuthority": { "status": "REVOKED", "safe": true },
"token2022Extensions": { "status": "CLEAN", "safe": true },
"supplyConcentration": { "status": "OK", "safe": true }
}
},
"honeypot": {
"isHoneypot": false,
"sellable": true,
"reason": "Sellable via Raydium β Quantum"
},
"holders": {
"concentrated": false,
"stats": { "top10Pct": 8.2 }
},
"birdeye": {
"overview": {
"price": 0.0000075,
"liquidity": 3511099,
"marketCap": 631226030,
"holder": 999749
},
"marketRisk": { "verdict": "MARKET_SAFE", "flags": [] }
},
"walletIntel": {
"creatorAddress": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263",
"reputation": {
"verdict": "TRUSTED",
"riskScore": 0,
"flags": []
}
},
"combined": {
"safe": true,
"riskScore": 0,
"marketRiskScore": 0,
"reputationScore": 0,
"finalScore": 0,
"verdict": "SAFE",
"summary": "All checks passed β token appears safe"
}
}π€ MCP Server (for AI Agents)
SicariusGuard exposes tools via the Model Context Protocol (MCP), enabling LLMs and agent frameworks to call safety checks natively.
Available MCP Tools (7)
Tool | Description | Read-Only |
| 5-layer on-chain rug pull, honeypot, and holder analysis | β |
| Jupiter DEX sell simulation β zero cost, quote-only | β |
| Top holder distribution analysis with concentration flags | β |
| 7-layer scan: on-chain + Birdeye market + Helius wallet reputation | β |
| Helius DAS identity, funding chain, deployer age analysis | β |
| Birdeye market data: price, volume, liquidity, risk flags | β |
| Parallel 7-layer scan of up to 10 tokens per call | β |
Usage with Claude Desktop / Cursor
{
"mcpServers": {
"sicarius-guard": {
"command": "node",
"args": ["dist/mcp-server.js"],
"cwd": "/path/to/sicarius-guard",
"env": {
"HELIUS_RPC_URL": "https://mainnet.helius-rpc.com/?api-key=YOUR_KEY",
"BIRDEYE_API_KEY": "your-birdeye-key"
}
}
}
}Usage via npx
# Run directly without cloning
npx sicarius-guardποΈ Architecture
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SicariusGuard β
β β
β βββββββββββββββ βββββββββββββββ ββββββββββββββββββββββββ β
β β REST API β β MCP Server β β x402 Payment Gate β β
β β Express 5 β β stdio β β SOL Micropayments β β
β ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββββββ¬ββββββββββββ β
β β β β β
β ββββββββΌβββββββββββββββββΌββββββββββββββββββββββΌββββββββββββ β
β β Core Safety Engine β β
β β β β
β β ββββββββββββββ ββββββββββββ βββββββββββββββββββββββββ β β
β β β token_ β βhoneypot_ β β holder_ β β β
β β β safety.ts β βsim.ts β β analysis.ts β β β
β β ββββββββββββββ ββββββββββββ βββββββββββββββββββββββββ β β
β β β β
β β ββββββββββββββββββββββ ββββββββββββββββββββββββββββββ β β
β β β birdeye.ts β β helius_wallet.ts β β β
β β β Market Intelligenceβ β Wallet Reputation (15%) β β β
β β β β’ Price/Volume β β β’ Identity API β β β
β β β β’ Liquidity β β β’ Funded-By chain β β β
β β β β’ Wash trading β β β’ Scammer detection β β β
β β ββββββββββββββββββββββ ββββββββββββββββββββββββββββββ β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βββββββββββββββββΌββββββββββββββββ β
β βΌ βΌ βΌ β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β Solana RPC β β Birdeye API β β Helius DAS β β
β β (Helius) β β (Market) β β (Wallet) β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββπ° x402 Payment Protocol
SicariusGuard implements the x402 HTTP Payment Required protocol for machine-native micropayments. AI agents can pay per API call with SOL β no registration, no API keys, no accounts.
How It Works
1. Agent hits /v1/scan β gets 402 + payment instructions
2. Agent sends SOL to treasury wallet
3. Agent retries with X-PAYMENT: <tx_signature>
4. Server verifies on-chain β returns safety dataPricing
Endpoint | Price (SOL) |
| 0.001 |
| 0.002 |
| 0.0005 |
| 0.0005 |
Example (Paid Request)
# Step 1: Get pricing + treasury address
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/pricing
# Step 2: Send SOL to treasury address (returned in pricing response)
solana transfer <TREASURY_ADDRESS> 0.002
# Step 3: Use tx signature as payment proof
curl -X POST https://sicarius-guard-640545264957.us-east4.run.app/v1/scan \
-H "Content-Type: application/json" \
-H "X-PAYMENT: <your_tx_signature>" \
-d '{"mint": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263"}'Security
On-chain verification β Every payment is verified against Solana mainnet
Replay protection β Each tx signature can only be used once
Amount validation β Exact SOL amount must match endpoint pricing
Freshness check β Transactions older than 10 minutes are rejected
Verified live on mainnet β Tested with real SOL transfers
Access Tiers
Tier | Auth Method | Rate Limit |
Free | None | 100 calls/day per IP |
x402 Pay-Per-Call |
| Unlimited |
π§ Configuration
Variable | Description | Default |
| Solana RPC endpoint (Helius recommended) |
|
| API server port |
|
| Bind address |
|
| Birdeye API key (optional, enriches scans) | β |
| SOL payment recipient (x402) | β |
| Cache duration |
|
| Free tier rate limit |
|
| Upstash Redis URL for persistent rate limiting | β |
| Upstash Redis auth token | β |
π Performance
Tested with 50-token bulk scan on Solana mainnet:
Metric | Value |
Success rate | 50/50 (100%) |
Avg response time | 5.4s |
x402 payment verification | Verified live on mainnet |
π¦ Tech Stack
Runtime: Node.js 22+ (ESM)
Language: TypeScript 5.9
Blockchain: @solana/web3.js (direct RPC, no wrapper SDKs)
API: Express 5
MCP: @modelcontextprotocol/sdk
Market Data: Birdeye API v3
Wallet Intel: Helius DAS / Identity / Funded-By APIs
π‘οΈ Why SicariusGuard?
Most token safety tools rely on third-party APIs that can be gamed. SicariusGuard reads raw mint account bytes directly from the blockchain β the same data the Solana runtime uses to execute transactions. No middleman, no stale data, no API that can be fooled.
Feature | SicariusGuard | RugCheck | GoPlus |
Byte-level SPL analysis | β | β | β |
Token-2022 extension scanning | β | β | Partial |
Jupiter honeypot simulation | β | β | β |
Helius wallet reputation | β | β | β |
Weighted multi-source scoring | β | β | β |
MCP server for AI agents | β | β | β |
x402 pay-per-call (SOL) | β | β | β |
Self-hosted (no vendor lock-in) | β | β | β |
Birdeye market enrichment | β | β | β |
Sub-6s full scan | β | β | β |
π License
MIT β Built by Chronolapse411
π Links
Author: @Chronolapse411
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Chronolapse411/sicarius-guard'
If you have feedback or need assistance with the MCP directory API, please join our Discord server