query-token-audit
Query token security audit to detect scams, honeypots, and malicious contracts before trading. Returns comprehensive security analysis including contract risks, trading risks, and scam detection. Use when users ask "is this token safe?", "check token security", "audit token", or before any swap.
Best use case
query-token-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Query token security audit to detect scams, honeypots, and malicious contracts before trading. Returns comprehensive security analysis including contract risks, trading risks, and scam detection. Use when users ask "is this token safe?", "check token security", "audit token", or before any swap.
Teams using query-token-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/binance-official-web3-query-token-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How query-token-audit Compares
| Feature / Agent | query-token-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Query token security audit to detect scams, honeypots, and malicious contracts before trading. Returns comprehensive security analysis including contract risks, trading risks, and scam detection. Use when users ask "is this token safe?", "check token security", "audit token", or before any swap.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Query Token Audit Skill
## Overview
| API | Function | Use Case |
|-----|---------------------|----------|
| Token Security Audit | Token security scan | Detect honeypot, rug pull, scam, malicious functions |
## Use Cases
1. **Pre-Trade Safety Check**: Verify token security before buying or swapping
2. **Scam Detection**: Identify honeypots, fake tokens, and malicious contracts
3. **Contract Analysis**: Check for dangerous ownership functions and hidden risks
4. **Tax Verification**: Detect unusual buy/sell taxes before trading
## Supported Chains
| Chain Name | chainId |
|------------|---------|
| BSC | 56 |
| Base | 8453 |
| Solana | CT_501 |
| Ethereum | 1 |
---
## API: Token Security Audit
### Method: POST
**URL**:
```
https://web3.binance.com/bapi/defi/v1/public/wallet-direct/security/token/audit
```
**Request Parameters**:
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| binanceChainId | string | Yes | Chain ID: `CT_501` (Solana), `56` (BSC), `8453` (Base), `1` (Ethereum) |
| contractAddress | string | Yes | Token contract address |
| requestId | string | Yes | Unique request ID (UUID v4 format) |
**Request Headers**:
```
Content-Type: application/json
Accept-Encoding: identity
User-Agent: binance-web3/1.4 (Skill)
```
**Example Request**:
```bash
curl --location 'https://web3.binance.com/bapi/defi/v1/public/wallet-direct/security/token/audit' \
--header 'Content-Type: application/json' \
--header 'source: agent' \
--header 'Accept-Encoding: identity' \
--header 'User-Agent: binance-web3/1.4 (Skill)' \
--data '{
"binanceChainId": "56",
"contractAddress": "0x55d398326f99059ff775485246999027b3197955",
"requestId": "'$(uuidgen)'"
}'
```
**Response Example**:
```json
{
"code": "000000",
"data": {
"requestId": "d6727c70-de6c-4fad-b1d7-c05422d5f26b",
"hasResult": true,
"isSupported": true,
"riskLevelEnum": "LOW",
"riskLevel": 1,
"extraInfo": {
"buyTax": "0",
"sellTax": "0",
"isVerified": true
},
"riskItems": [
{
"id": "CONTRACT_RISK",
"name": "Contract Risk",
"details": [
{
"title": "Honeypot Risk Not Found",
"description": "A honeypot is a token that can be bought but not sold",
"isHit": false,
"riskType": "RISK"
}
]
}
]
},
"success": true
}
```
**Response Fields**:
| Field | Type | Description |
|-----------------------------------|------|-----------------------------------------------------------|
| hasResult | boolean | Whether audit data is available |
| isSupported | boolean | Whether the token is supported for audit |
| riskLevelEnum | string | Risk level: `LOW`, `MEDIUM`, `HIGH` |
| riskLevel | number | Risk level number (1-5) |
| extraInfo.buyTax | string | Buy tax percentage (null if unknown) |
| extraInfo.sellTax | string | Sell tax percentage (null if unknown) |
| extraInfo.isVerified | boolean | Whether contract code is verified |
| riskItems[].id | string | Risk category: `CONTRACT_RISK`, `TRADE_RISK`, `SCAM_RISK` |
| riskItems[].details[].title | string | Risk check title |
| riskItems[].details[].description | string | Risk check description |
| riskItems[].details[].isHit | boolean | true = risk detected |
| riskItems[].details[].riskType | string | `RISK` (critical) or `CAUTION` (warning) |
**Risk Level Reference**:
| riskLevel | riskLevelEnum | Action | Description |
|-----------|---------------|--------|-------------|
| 0-1 | LOW | Proceed with caution | Lower risk detected, but NOT guaranteed safe. DYOR. |
| 2-3 | MEDIUM | Exercise caution | Moderate risks detected, review risk items carefully |
| 4 | HIGH | Avoid trading | Critical risks detected, high probability of loss |
| 5 | HIGH | Block transaction | Severe risks confirmed, do NOT proceed |
**IMPORTANT**: LOW risk does NOT mean "safe." Audit results are point-in-time snapshots. Project teams can modify contracts or restrict liquidity after purchase. These risks cannot be predicted in advance.
**Result Validity**:
Audit results are ONLY valid when both conditions are met:
- `hasResult: true` — Audit data is available
- `isSupported: true` — Token is supported for audit
When invalid, do NOT display risk level or security checks.
---
## User Agent Header
Include `User-Agent` header with the following string: `binance-web3/1.4 (Skill)`
## Notes
1. All numeric fields are string format, convert when using
2. Audit results are ONLY valid when `hasResult: true` AND `isSupported: true`
3. `riskLevel: 5` means transaction should be blocked; `riskLevel: 4` is high risk
4. Tax thresholds: >10% is critical, 5-10% is warning, <5% is acceptable
5. Generate unique UUID v4 for each audit request
6. Only output security check risk flags, do NOT provide any investment advice
7. Always end with disclaimer: `⚠️ This audit result is for reference only and does not constitute investment advice. Always conduct your own research.`Related Skills
okx-dex-token
Use this skill for token-level data: cluster overview, search tokens, trending/hot tokens (热门, 代币榜单), liquidity pools, holder distribution (whale/巨鲸, sniper, bundler percent), token safety and honeypot risk (貔貅盘, 'is this token a honeypot', 'is this safe to buy', 'rugged?', 'can I sell this'), who created a token, recent buy/sell activity, top profit addresses, trade history by wallet type, or holder cluster analysis (持仓集中度, rug pull probability/跑路风险, new wallet percentage/新钱包持仓比例, suspicious holding percentage/可疑持仓%, bundle hold percent, holder clusters, 'are top holders in same cluster'). Invoke on user intent; address can be provided after. Do NOT use for market-wide whale/signal tracking — use okx-dex-signal. Do NOT use for meme/pump.fun launch scanning, dev reputation, or bundle detection — use okx-dex-trenches. Do NOT use for personal DEX trade history or price charts — use okx-dex-market.
okx-audit-log
Use this skill when the user asks to export audit logs, find audit log location, view command history, 导出日志, 查看日志, 日志路径, 操作记录, 调用记录, 命令历史. Do NOT use for wallet balance, token search, swap, or any other on-chain operation — use the corresponding skill instead.
query-token-info
Query token details by keyword, contract address, or chain. Search tokens, get metadata and social links, retrieve real-time market data (price, price trend, volume, holders, liquidity), and fetch K-Line candlestick charts. Use this skill when users search tokens, check token prices, view market data, or request kline/candlestick charts.
query-address-info
Query any on-chain wallet address token balances and positions. Retrieves all token holdings for a specified wallet address on a given chain, including token name, symbol, price, 24h price change, and holding quantity. Use this skill when users ask about wallet balance, token holds, portfolio, or asset positions for any blockchain address.
tokr-tokenization-agent
Tokenization agent for the ERC-8004 ecosystem that automates token creation through on-chain feedback and matched token launches.
secureth-auditor
Autonomous AI agent specializing in smart contract security audits for EVM networks using symbolic execution for vulnerability detection.
audit-claw
Security and audit agent continuously monitoring smart contract interactions and scanning for vulnerabilities.
pay-with-any-token
Pay HTTP 402 payment challenges using tokens via the Tempo CLI and Uniswap Trading API. Use when the user encounters a 402 Payment Required response, needs to fulfill a machine payment, mentions "MPP", "Tempo payment", "pay for API access", "HTTP 402", "x402", "machine payment protocol", "pay-with-any-token", "use tempo", "tempo request", or "tempo wallet".
tokr-tokenization
Tokenization agent for ERC-8004 ecosystem automating token creation through on-chain feedback matching.
token-revoke-mcp
Check and revoke ERC-20 token allowances to secure wallets. Scan for risky unlimited approvals and generate revocation transactions.
rocketpool-tokens
Interact with Rocket Pool token contracts — RPL (governance/staking token) ERC-20 operations, inflation mechanics, old RPL swap, rocketVault balance queries, and L2 token addresses for rETH and RPL on Arbitrum, Optimism, Base, Polygon, zkSync Era, Scroll, Starknet, and Unichain. Supports cast (Foundry CLI) and Ethereum MCP tools on mainnet and Hoodi testnet.
hedera-token-mint
Create and manage tokens on Hedera (HTS). Use for: (1) Minting fungible tokens, (2) Creating NFTs (HTS), (3) Setting up token supplies, (4) Configuring token permissions.