Cabal-Hunter
Provides on-chain safety analysis for Solana tokens, detecting coordinated wallet cabals, rug pulls, and exit-liquidity risk through funding traces and bundle detection.
Solana Safe Sniper — MCP Template
Stop your AI trading agents getting rugged by coordinated wallet cabals. Drop-in template for Claude Code, Cursor, and ElizaOS.
▶ Try it now: live bubble map of any Solana token → — no signup.
Cabal-Hunter is a free on-chain Solana token safety scanner and rug checker. It detects coordinated wallet cabals, same-block Jito bundle buys, serial-rug deployers and coordinated dumps on any Solana mint (pump.fun, PumpSwap, Raydium) — and answers the one question that matters before you ape: are you the exit liquidity? Use it via MCP (Claude, Cursor, ElizaOS), a REST API, or a free visual bubble map.
The Problem
Your autonomous trading agent is reading rug.check scores, liquidity locks, and contract audits.
None of that catches a cabal.
A cabal is 15 fresh wallets — all funded from the same master wallet, all buying in the first 90 seconds of launch — quietly accumulating 25-40% of supply before your bot sees the first candle. Contract clean. LP burned. Everything green.
Then they dump. Simultaneously. Into your liquidity.
This template integrates Cabal-Hunter — a live on-chain funding tracer — as a pre-trade safety check so your agent catches coordinated launches before it signs a swap.
Related MCP server: MadeOnSol — Solana memecoin intelligence
The one question it answers: are YOU the exit liquidity?
On Solana, over half of pump.fun launches are sniped in the creation block by wallets the deployer funded — they buy at the bottom and dump on the retail (and bots) that pile in after. Cabal-Hunter's headline output is a single Exit-Liquidity Risk verdict (LOW | ELEVATED | HIGH) that synthesises every signal below into the only thing that matters before you sign a swap: are the insiders positioned to dump on you?
What Cabal-Hunter Does — Six Detection Layers
Token mint address
↓
0. EXIT-LIQUIDITY RISK — the headline verdict. Synthesises the layers
below (bundle, concentration, shared funder, coordinated dump, serial-
rug dev) into LOW | ELEVATED | HIGH: are insiders set up to dump on
a buyer? The one number a trading agent needs.
↓
1. FUNDING TRACE — top holders walked back to launch: who was funded
by the same source wallet? (classic cabal signature). Every cluster
carries evidence_txs[] — the actual funding transactions on Solscan.
↓
2. SAME-BLOCK BUNDLE DETECTION — holders whose token accounts were
created in the EXACT same slot bought in one Jito bundle. Catches
stealth launches that route funding through intermediaries to
evade layer 1. Returned as `time_sync: true`.
↓
3. COORDINATED DUMP DETECTION — ≥2 holders that SOLD a meaningful chunk
(≥25% of their bag each) in the EXACT same block — a cabal exiting in
real time. `coordinated_exit: true`, with sold_pct = % of supply
dumped and the sell transactions linked. Same-slot + meaningful-size +
distinct wallets = near-zero false positives.
↓
4. DEPLOYER TRACK RECORD — the creator wallet is resolved on-chain
(bonding curve pre-graduation, pump-amm pool after — works on any
age token), their full launch history pulled, and every previous
token checked: alive or dead?
↓
5. CEX-NOISE FILTER — holders funded from a shared exchange or
high-volume infra wallet are NOT a cabal. They're excluded from the
score and surfaced transparently in filtered_clusters[], so you never
get a false positive from people who just withdrew from Binance.
↓
Returns: Cabal Score (0-100) + cluster map + deployer verdict
+ on-chain receipts + hard verdictThe deployer layer is the one cabals can't dodge: wallets rotate, deployers leave a paper trail. A response of "deployer": {"verdict": "SERIAL_RUGGER", "tokens_launched": 14, "dead": 13} tells you everything before the first candle.
Receipts, not magic. Every cluster and red flag links to the underlying Solscan transaction (evidence_txs[], holders[].funding_tx) — verify the trail yourself instead of trusting a score.
Response in <100ms on pre-indexed tokens — every pump.fun graduation is scanned and cached automatically as it happens.
Free tier: 100 queries/month per IP. Then $0.02 USDC per query, paid natively on Solana. No account. No API key. No subscription.
Quick Start
1. Claude Code / Claude Desktop
Add to your MCP config (~/.claude/mcp.json or project .mcp.json):
{
"mcpServers": {
"cabal-hunter": {
"url": "https://api.cabal-hunter.com/mcp"
}
}
}That's it. Claude will now call check_cabal_risk automatically when you ask it to analyse a Solana token.
Example prompt:
"Before we buy into this token, check if there are any coordinated wallets:
EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
Claude calls the tool, pays $0.02 USDC from your connected wallet, and returns the full analysis.
2. Cursor
Add to .cursor/mcp.json in your project root:
{
"mcpServers": {
"cabal-hunter": {
"url": "https://api.cabal-hunter.com/mcp"
}
}
}3. ElizaOS (with automatic x402 payment)
If you're using ElizaOS with @hugen/plugin-x402-solana, payment is handled automatically. Add to your agent config:
{
"plugins": ["@hugen/plugin-x402-solana"],
"mcpServers": {
"cabal-hunter": {
"url": "https://api.cabal-hunter.com/mcp"
}
}
}Your agent will call check_cabal_risk(mintAddress) before any swap and abort if cabalScore >= 35 or isControlled === true.
4. Direct REST API
For headless scripts, custom bots, or any language:
Step 1 — Request analysis (get payment instructions):
curl -X POST https://api.cabal-hunter.com/api/scan-cabal \
-H "Content-Type: application/json" \
-d '{"mintAddress": "YOUR_MINT_ADDRESS"}'Response (HTTP 402):
{
"error": "payment_required",
"payment": {
"recipient": "ATYjZ1kWoHWhj74umGJ8wFqUeW1yeSGBbLi1UQpahPxt",
"amount_usdc": 0.02,
"memo_required": "ch-xxxx-xxxx-xxxx",
"instructions": "Send 0.02 USDC with this memo, then resubmit with X-Payment-Signature header"
}
}Step 2 — Pay & resubmit:
curl -X POST https://api.cabal-hunter.com/api/scan-cabal \
-H "Content-Type: application/json" \
-H "X-Payment-Signature: YOUR_TX_SIGNATURE" \
-d '{"mintAddress": "YOUR_MINT_ADDRESS"}'Response (HTTP 200):
{
"mint": "YOUR_MINT",
"token_name": "EXAMPLE",
"risk": "HIGH",
"cabal_score": 72.4,
"is_controlled": true,
"time_sync": true,
"verdict": "AVOID — 4 wallets bought in the EXACT same block (bundled launch), controlling 34.1% of supply. DEPLOYER ALERT: this creator has launched 14 tokens, 13 of 13 checked are dead (100%).",
"coordinated_clusters": [
{
"type": "funding",
"master_full": "FvbEKF...9RUg",
"master_short": "FvbEKF…9RUg",
"wallet_count": 4,
"combined_pct": 34.1,
"risk": "HIGH",
"evidence_txs": ["4Y8auc5G...", "2XQx9LFv...", "AAbJ7rej..."]
}
],
"filtered_clusters": [
{
"funder_label": "high-volume wallet",
"master_short": "43ViqZ…Z6iy",
"wallet_count": 2,
"combined_pct": 4.4
}
],
"deployer": {
"creator": "5TbRN6...full address...",
"creator_short": "5TbRN6…2TGC",
"tokens_launched": 14,
"dead": 13,
"sampled": 13,
"dead_pct": 100.0,
"verdict": "SERIAL_RUGGER"
},
"holders": [
{ "rank": 1, "address": "...", "pct": 12.4, "cluster_id": 0, "funding_tx": "4Y8auc5G..." }
],
"wallets_checked": 12,
"analysis_time_ms": 487,
"source": "real_time"
}5. Run the MCP server locally (Docker / Node)
Prefer to run the connector yourself instead of hitting the hosted /mcp
endpoint? This repo ships a thin stdio MCP server that exposes
check_cabal_risk(mintAddress) and proxies to the Cabal-Hunter API (free tier
works with no key; paid scans use x402 at call time):
# Node 18+
npm install
node server/index.mjs
# or Docker
docker build -t cabal-hunter-mcp .
docker run -i cabal-hunter-mcpThen point any MCP client at the local command:
{
"mcpServers": {
"cabal-hunter": {
"command": "node",
"args": ["server/index.mjs"]
}
}
}Integrate into Your Trading Logic
import requests
def is_safe_to_buy(mint_address: str, payment_sig: str) -> bool:
"""Returns True if token passes cabal check."""
resp = requests.post(
"https://api.cabal-hunter.com/api/scan-cabal",
json={"mintAddress": mint_address},
headers={"X-Payment-Signature": payment_sig}
)
if resp.status_code != 200:
return False # fail-safe: don't buy on error
data = resp.json()
# Block on: coordinated control, high score, bundled launch,
# or a deployer with a history of dead tokens
deployer_verdict = (data.get("deployer") or {}).get("verdict", "UNKNOWN")
return (
not data.get("is_controlled")
and data.get("cabal_score", 100) < 35
and not data.get("time_sync")
and deployer_verdict not in ("SERIAL_RUGGER", "POOR_TRACK_RECORD")
)
# In your bot's buy logic:
if is_safe_to_buy(token_mint, my_payment_sig):
execute_swap(token_mint, sol_amount)
else:
print(f"Cabal detected — skipping {token_mint}")Visual Bubble Map (Free)
See exactly what the analysis found — coloured clusters, funding connections, holder distribution:
https://api.cabal-hunter.com/map?mint=ANY_SOLANA_MINTFree to view. Share this URL when you catch a rug. Every holder bubble is clickable and links to Solscan for deep-dive research.
Pricing
Queries | Cost |
First 100 / month | Free (per IP, no signup) |
Per query | $0.02 USDC |
100 queries | $2.00 USDC |
1,000 queries | $20.00 USDC |
10,000 queries | $200.00 USDC |
One avoided rug typically saves 10–100× the cost of a month's queries.
Payment is native on Solana — no credit card, no account, no subscription.
API Reference
Endpoint | Description | Auth |
| Full cabal analysis | $0.02 USDC |
| GET version | $0.02 USDC |
| Visual bubble map | Free |
| Per-exchange funding breakdown (which CEXes funded holders, % each) | Free |
| Cohort PnL (Team/Snipers/Insiders) + wash-trading score + exit-liquidity price impact, one call | Free |
| Register an emergency dump webhook for a mint (push on dump/rug start) | Free |
| Pricing, endpoints | Free |
Emergency dump webhook (auto-exit)
Instead of polling, let your bot subscribe to a token it holds — we push the moment a coordinated dump or liquidity drain starts:
curl -X POST https://api.cabal-hunter.com/api/watch \
-H "Content-Type: application/json" \
-d '{"mint":"YOUR_MINT","webhook_url":"https://your-bot.com/dump-alert"}'Your endpoint receives:
{ "event":"dump_detected", "mint":"...", "reason":"price −34% since last check",
"coordinated": true, "price_usd": 0.0001, "liquidity_usd": 4200,
"action":"consider_immediate_exit", "ts": 1781370000 }| GET /health | Uptime check | Free |
| POST /mcp | MCP tool endpoint | $0.02 USDC per call |
Infrastructure
RPC: Dedicated Helius node (Frankfurt) — fastest Solana data available
Hosting: AWS EC2 Frankfurt — low latency for EU/global
Analysis: Real on-chain data — no scrapers, no caches of cached caches
Uptime: 99.9% target — monitored, auto-restart via systemd
FAQ
What is a Solana cabal? A group of wallets — often funded from the same source and buying in the same block — that quietly accumulate a large share of a token's supply before retail, then dump simultaneously into everyone who buys after launch.
How do I check if a Solana token is a rug?
Scan the mint with Cabal-Hunter (MCP, REST API, or the free bubble map). It traces holder funding back to shared sources, detects same-block bundle buys, flags serial-rug deployers and live coordinated dumps, and returns an Exit-Liquidity Risk verdict: LOW, ELEVATED, or HIGH.
Is it free? Yes — 100 queries/month per IP, with no signup or API key. Beyond that it's $0.02 USDC per query, paid natively on Solana.
Can AI trading agents use it?
Yes — that's the whole point. The MCP server (api.cabal-hunter.com/mcp) lets Claude, Cursor and ElizaOS agents call check_cabal_risk(mintAddress) automatically before any swap, and a REST API covers any other language.
License
MIT — fork it, build on it, integrate it. If you build something with this, share it.
Built by PF Capital · Powered by Helius · Contact: api.cabal-hunter.com/api/info
Maintenance
Tools
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/paulf280-ui/solana-safe-sniper-mcp-template'
If you have feedback or need assistance with the MCP directory API, please join our Discord server