Skip to main content
Glama
dbe006

rugguard-mcp

by dbe006

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
RUGGUARD_API_URLNoOverride for staging / self-hosted API URLhttps://rugguard.redfleet.fr
RUGGUARD_MCP_DEMONoSet to 1 to run in demo mode without real scans0
RUGGUARD_MCP_WALLET_PATHNoPath to the wallet file~/.rugguard/wallet.json
RUGGUARD_X402_PRIVATE_KEYNoLegacy fallback private key (if not using wallet file)
RUGGUARD_MCP_SPEND_LOG_PATHNoPath to the spend log file~/.rugguard/spend_log.json
RUGGUARD_MCP_DISABLE_TELEMETRYNoSet to 1 to disable anonymous telemetry in demo mode0
RUGGUARD_MCP_DAILY_SPEND_CAP_USDNoRolling 24-hour spend cap in USD10.0
RUGGUARD_MCP_SESSION_SPEND_CAP_USDNoPer-session spend cap in USD5.0

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
scan_tokenA

Run a pre-trade rug-pull risk scan on a token contract.

Returns a structured risk report. Pays $0.01 USDC on Base behind the scenes via x402. The spend is tracked against per-session and 24 h caps configured in the MCP server — if a cap is breached the call returns a spend_cap_exceeded error WITHOUT signing.

Args: chain: Chain identifier. base for Base mainnet EVM token (14 heuristics). solana for Solana SPL mint (5 heuristics). address: Token contract address — 0x... for EVM, base58 mint address for Solana.

Returns: On success: {score: 0-100, verdict: safe|low_risk|medium_risk|high_risk|critical|uncertain, score_confidence: high|medium|low|insufficient_data, rug_probability_30d: 0.0-1.0, flags: [{code, severity, evidence}, ...], scan_id: uuid for follow-up via explain_scan(...)}. On failure: {error, message}. error is one of missing_credentials, spend_cap_exceeded, payment_failed, request_failed, non_200.

In demo mode (RUGGUARD_MCP_DEMO=1 or `--demo`): returns one of three
canned scenarios deterministically by `address[-1]`. Response has
`_demo: true` — never trade on this. No wallet, no network call.
pretrade_checkA

Pre-trade firewall: returns a prescriptive block | caution | allow decision plus a clamped max_suggested_exposure_usd, given a token, a trade size, and the agent's risk policy.

Costs $0.01 USDC on Base via x402 (same price as scan_token). Returns a signed JSON report when the deployment has signing configured — the signature and key_fingerprint fields prove what RugGuard said at the moment of trade, verifiable offline via the rugguard-verify CLI (pip install rugguard-verify) or against GET /v1/pubkey.

Args: chain: base or solana. address: Token contract address (EVM 0x… or Solana base58). intended_trade_usd: Trade size in USD. Used to clamp the returned max_suggested_exposure_usd. Must be > 0 and ≤ $1B. policy: Agent risk tolerance. One of: - conservative — block at medium_risk or worse (score ≥ 51) - balanced — block at high_risk or worse (score ≥ 71) [default] - aggressive — block at critical only (score ≥ 91) An uncertain verdict (sparse data) returns caution in all modes — absence of evidence is not evidence of safety.

Returns: On success: { scan_id, chain, contract, policy_recommendation: block | caution | allow, policy, risk_score: 0-100, verdict, confidence, reason: [{code, severity}, ...], # top 3 flags max_suggested_exposure_usd: float, # 100% if allow, 20% if caution, 0 if block intended_trade_usd, scanned_at, disclaimer, signature, key_fingerprint # null when signing is unconfigured } On failure: {error, message}. Same error codes as scan_token.

Disclaimer integrity: the disclaimer field is inside the signed bytes. Stripping or rewriting it breaks signature verification by design — a downstream proxy that drops the disclaimer will cause rugguard-verify to reject the report. That is the point.

explain_scanA

Fetch the per-heuristic audit trail of a previous scan.

Costs $0.005 USDC. Use this when you need to know why a scan returned a specific verdict — e.g. for compliance, post-mortems, or building a user-visible explanation.

Args: scan_id: UUID returned by a prior scan_token call.

Returns: On success: {scan_id, scanned_at, score, verdict, heuristic_results: [...]}. On failure: {error, message}. Same error codes as scan_token.

In demo mode: returns a canned audit trail keyed by the scan_id
suffix (`demo-safe-01`, `demo-caution-01`, `demo-critical-01`).
Unknown scan_ids return a demo-safe trail. Response has `_demo: true`.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription
RugGuard live recallReturn RugGuard's live empirical recall + per-chain sample counts. Free (no x402 payment). Sources from `/v1/metrics` on the public API. The body is the same JSON shape as the HTTP endpoint, suitable for parsing by the agent or display in a chat for a human reviewer. Use this to: - Check the per-heuristic recall before pointing your funded wallet at the paid `scan_token` tool. - Audit what fraction of confirmed rugs each heuristic catches (the workhorse is `TOP10_CONCENTRATION_HIGH` at ~94 % on Base). - Read the methodology warning: HONEYPOT_* underperforms on the post-rug census (the contract is dead by the time we re-measure), but the forward sampler's T+30 follow-up gives the real product-time precision.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dbe006/rugguard-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server