quickintel-scan

Scan any token for security risks, honeypots, and scams using Quick Intel's contract analysis API. Use when: checking if a token is safe to buy, detecting honeypots, analyzing contract ownership and permissions, finding hidden mint/blacklist functions, or evaluating token risk before trading. Triggers: 'is this token safe', 'scan token', 'check for honeypot', 'audit contract', 'rug pull check', 'token security', 'safe to buy', 'scam check'. Supports 63 chains including Base, Ethereum, Solana, Sui, Tron. Costs $0.03 USDC per scan via x402 payment protocol. Requires an x402-compatible wallet — recommended: managed wallet service (Sponge, AgentWallet) with no raw key exposure. Programmatic signing with dedicated hot wallet also supported. This skill is read-only and never accesses your tokens or assets.

3,891 stars

byopenclaw

View on GitHub Installation ↓

Best use case

quickintel-scan is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using quickintel-scan should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/quickintel-scan/SKILL.md --create-dirs "https://raw.githubusercontent.com/openclaw/skills/main/skills/azep-ninja/quickintel-scan/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/quickintel-scan/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How quickintel-scan Compares

Feature / Agent	quickintel-scan	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

Best AI Skills for ChatGPT

Find the best AI skills to adapt into ChatGPT workflows for research, writing, summarization, planning, and repeatable assistant tasks.

Best AI Skills for Claude

Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.

AI Agent for Product Research

Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.

SKILL.md Source

# Quick Intel Token Security Scanner

Scan any token on 63 chains for honeypots, scams, and security risks. Returns a detailed audit in seconds. Costs $0.03 USDC per scan via x402 — read-only, never touches your wallet or tokens.

## Quick Reference

| Situation | Action |
|-----------|--------|
| User asks "is this token safe?" | Scan the token, interpret results |
| User wants to buy/trade a token | Scan BEFORE trading, warn on red flags |
| Scan shows `is_Honeypot: true` | **STOP** — tell user they cannot sell this token |
| Scan shows `isScam: true` | **STOP** — known scam contract |
| Scan shows `can_Mint: true` | Warn: owner can inflate supply |
| Scan shows high buy/sell tax (>10%) | Warn: excessive fees reduce profits |
| Scan shows `contract_Renounced: false` | Caution: owner retains control |
| `liquidity: false` in results | May use non-standard pair — verify on DEX aggregator |
| User gives chain + address | You have everything needed to scan |
| User gives only address, no chain | Ask which chain, or try to infer from address format |

## How to Scan

**Endpoint:** `POST https://x402.quickintel.io/v1/scan/full`

**Request body:**
```json
{
  "chain": "base",
  "tokenAddress": "0x..."
}
```

**That's it.** The x402 payment ($0.03 USDC/USDM) is handled automatically by your wallet integration. If you have `@x402/fetch`, Sponge Wallet, AgentWallet, Vincent, or Lobster.cash — the payment flow is transparent. Pay on any of 14 networks: Base (recommended, lowest fees), Ethereum, Arbitrum, Optimism, Polygon, Avalanche, Unichain, Linea, Sonic, HyperEVM, Ink, Monad, MegaETH (USDM), or Solana.

### Which integration do I use?

> **⚠️ Wallet Security:** This skill does NOT require your private key. The x402 payment is handled by YOUR agent's wallet — whichever wallet your agent already uses. If your agent doesn't have a wallet yet, use a **managed wallet service** (Sponge, AgentWallet, Vincent, Lobster.cash) instead of raw private keys. If you must use programmatic signing, use a **dedicated hot wallet with minimal funds** ($1-5 USDC), never your main wallet.

| Your setup | Use this | Key exposure |
|-----------|----------|-------------|
| Using Sponge Wallet | **Pattern A** below (recommended) | ✅ No raw keys — API key only |
| Using AgentWallet (frames.ag) | **Pattern B** below | ✅ No raw keys — API token only |
| Using Lobster.cash / Crossmint | See `REFERENCE.md` | ✅ No raw keys — managed wallet |
| Using Vincent Wallet | See `REFERENCE.md` | ✅ No raw keys — managed signing |
| Have `@x402/fetch` installed | **Pattern C** below | ⚠️ Requires private key in env |
| Have viem or ethers.js, no x402 library | **Pattern D** below (manual signing) | ⚠️ Requires private key in env |
| Using Solana wallet | See `REFERENCE.md` | ⚠️ Requires private key in env |
| Not sure / no wallet configured | Start with **Pattern A** (Sponge) | ✅ No raw keys |

### Pattern A: Sponge Wallet (Recommended — No Raw Keys)

```bash
curl -sS -X POST "https://api.wallet.paysponge.com/api/x402/fetch" \
  -H "Authorization: Bearer $SPONGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://x402.quickintel.io/v1/scan/full",
    "method": "POST",
    "body": {
      "chain": "base",
      "tokenAddress": "0xa4a2e2ca3fbfe21aed83471d28b6f65a233c6e00"
    },
    "preferred_chain": "base"
  }'
```

Requires: `SPONGE_API_KEY` env var. Sign up at [paysponge.com](https://paysponge.com). Sponge manages the wallet and signing — your agent never touches a private key.

### Pattern B: AgentWallet (No Raw Keys)

```javascript
const response = await fetch('https://frames.ag/api/wallets/{username}/actions/x402/fetch', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.AGENTWALLET_API_TOKEN}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    url: 'https://x402.quickintel.io/v1/scan/full',
    method: 'POST',
    body: { chain: 'base', tokenAddress: '0x...' }
  })
});
const scan = await response.json();
```

Requires: `AGENTWALLET_API_TOKEN` env var. Get one at [frames.ag](https://frames.ag).

### Pattern C: @x402/fetch (Programmatic Signing)

> ⚠️ Uses a private key. Use a **dedicated hot wallet with minimal funds**, not your main wallet.

```javascript
import { x402Fetch } from '@x402/fetch';
import { createWallet } from '@x402/evm';

// Use a DEDICATED wallet with only payment funds ($1-5 USDC)
// NEVER use your main wallet or trading wallet private key here
const wallet = createWallet(process.env.X402_PAYMENT_KEY);

const response = await x402Fetch('https://x402.quickintel.io/v1/scan/full', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ chain: 'base', tokenAddress: '0x...' }),
  wallet,
  preferredNetwork: 'eip155:8453'
});

const scan = await response.json();
```

### Pattern D: Manual EVM Signing (viem)

> ⚠️ Uses a private key. Use a **dedicated hot wallet with minimal funds**, not your main wallet.

If you don't have `@x402/fetch`, handle the payment flow manually:

```javascript
import { keccak256, toHex } from 'viem';
import { privateKeyToAccount } from 'viem/accounts';

// Use a DEDICATED wallet with only payment funds ($1-5 USDC)
const account = privateKeyToAccount(process.env.X402_PAYMENT_KEY);
const SCAN_URL = 'https://x402.quickintel.io/v1/scan/full';

// Step 1: Hit endpoint, get 402 with payment requirements
const scanBody = JSON.stringify({ chain: 'base', tokenAddress: '0x...' });
const initialRes = await fetch(SCAN_URL, {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: scanBody,
});

if (initialRes.status !== 402) throw new Error(`Expected 402, got ${initialRes.status}`);
const paymentRequired = await initialRes.json();

// Step 2: Find preferred network in accepts array
const networkInfo = paymentRequired.accepts.find(a => a.network === 'eip155:8453');
if (!networkInfo) throw new Error('Base network not available');

// Step 3: Sign EIP-712 TransferWithAuthorization
const nonce = keccak256(toHex(`${Date.now()}-${Math.random()}`));
const validBefore = BigInt(Math.floor(Date.now() / 1000) + 3600);

const signature = await account.signTypedData({
  domain: {
    name: networkInfo.extra.name,
    version: networkInfo.extra.version,
    chainId: 8453,
    verifyingContract: networkInfo.asset,
  },
  types: {
    TransferWithAuthorization: [
      { name: 'from', type: 'address' },
      { name: 'to', type: 'address' },
      { name: 'value', type: 'uint256' },
      { name: 'validAfter', type: 'uint256' },
      { name: 'validBefore', type: 'uint256' },
      { name: 'nonce', type: 'bytes32' },
    ],
  },
  primaryType: 'TransferWithAuthorization',
  message: {
    from: account.address,
    to: networkInfo.payTo,
    value: BigInt(networkInfo.amount),
    validAfter: 0n,
    validBefore,
    nonce,
  },
});

// Step 4: Build PAYMENT-SIGNATURE header
// CRITICAL: signature is a SIBLING of authorization, NOT nested inside it
// CRITICAL: value/validAfter/validBefore must be DECIMAL STRINGS
const paymentPayload = {
  x402Version: 2,
  scheme: 'exact',
  network: 'eip155:8453',
  payload: {
    signature,                         // ← Direct child of payload
    authorization: {
      from: account.address,
      to: networkInfo.payTo,
      value: networkInfo.amount,                  // Decimal string: "30000"
      validAfter: '0',                            // Decimal string
      validBefore: validBefore.toString(),         // Decimal string
      nonce,
    },
  },
};

const paymentHeader = Buffer.from(JSON.stringify(paymentPayload)).toString('base64');

// Step 5: Retry with payment
const paidRes = await fetch(SCAN_URL, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'PAYMENT-SIGNATURE': paymentHeader,
  },
  body: scanBody,
});

const scan = await paidRes.json();
```

> **Common mistakes that cause payment failures:**
> - `signature` nested inside `authorization` instead of as a sibling → "Cannot read properties of undefined"
> - Missing `x402Version: 2` at top level
> - Using hex (`"0x7530"`) or raw numbers instead of decimal strings (`"30000"`) for value/validAfter/validBefore
> - Wrong endpoint path (`/v1/scan/auditfull` instead of `/v1/scan/full`)

> For ethers.js, Solana, Vincent, Lobster.cash, and other wallet patterns, see `REFERENCE.md`.

## Supported Chains (63)

**EVM:** eth, base, arbitrum, optimism, polygon, bsc, avalanche, fantom, linea, scroll, zksync, blast, mantle, mode, zora, manta, sonic, berachain, unichain, abstract, monad, megaeth, hyperevm, shibarium, pulse, core, opbnb, polygonzkevm, metis, kava, klaytn, astar, oasis, iotex, conflux, canto, velas, grove, lightlink, bitrock, loop, besc, energi, maxx, degen, inevm, viction, nahmii, real, xlayer, worldchain, apechain, morph, ink, soneium, plasma

**Non-EVM:** solana, sui, radix, tron, injective

Use exact chain names as shown (e.g., `"eth"` not `"ethereum"`, `"bsc"` not `"binance"`).

## Reading Scan Results

### Red Flags — DO NOT BUY

| Field | Value | Meaning |
|-------|-------|---------|
| `tokenDynamicDetails.is_Honeypot` | `true` | **Cannot sell** — funds are trapped |
| `isScam` | `true` | Known scam contract |
| `isAirdropPhishingScam` | `true` | Phishing attempt |
| `quickiAudit.has_Scams` | `true` | Contains scam patterns |
| `quickiAudit.can_Potentially_Steal_Funds` | `true` | Has theft mechanisms |

If ANY of these are true, **tell the user not to buy and explain why.**

### Warnings — Proceed With Caution

| Field | Value | Risk |
|-------|-------|------|
| `buy_Tax` or `sell_Tax` | `> 10` | High fees eat profits |
| `quickiAudit.can_Mint` | `true` | Owner can create more tokens, diluting value |
| `quickiAudit.can_Blacklist` | `true` | Owner can block wallets from selling |
| `quickiAudit.can_Pause_Trading` | `true` | Owner can freeze all trading |
| `quickiAudit.can_Update_Fees` | `true` | Taxes could increase after you buy |
| `quickiAudit.hidden_Owner` | `true` | Real owner is obscured |
| `quickiAudit.contract_Renounced` | `false` | Owner retains control over contract |
| `quickiAudit.is_Proxy` | `true` | Contract code can be changed |

### Positive Signs

| Field | Value | Meaning |
|-------|-------|---------|
| `quickiAudit.contract_Renounced` | `true` | No owner control |
| `contractVerified` | `true` | Source code is public |
| `quickiAudit.can_Mint` | `false` | Fixed supply |
| `quickiAudit.can_Blacklist` | `false` | No blocking capability |
| `buy_Tax` and `sell_Tax` | `0` or low | Minimal fees |

### Liquidity Check

`tokenDynamicDetails.liquidity` indicates whether a liquidity pool was detected.

- **`liquidity: false`** does NOT always mean illiquid — Quick Intel checks major pairs (WETH, USDC, USDT) but may miss non-standard pairings. Verify independently on a DEX aggregator.
- **`liquidity: true`** — still check `lp_Locks` for lock status. Unlocked liquidity = rug pull risk.

## Example: Interpreting a Scan

```json
{
  "tokenDetails": {
    "tokenName": "Example Token",
    "tokenSymbol": "EX",
    "tokenDecimals": 18,
    "tokenSupply": 1000000000
  },
  "tokenDynamicDetails": {
    "is_Honeypot": false,
    "buy_Tax": "0.0",
    "sell_Tax": "0.0",
    "liquidity": true
  },
  "isScam": null,
  "contractVerified": true,
  "quickiAudit": {
    "contract_Renounced": true,
    "can_Mint": false,
    "can_Blacklist": false,
    "can_Pause_Trading": false,
    "has_Scams": false,
    "hidden_Owner": false
  }
}
```

**Your assessment:** "This token looks relatively safe. It's not a honeypot, has no scam patterns, contract is renounced with no mint or blacklist capability, and taxes are 0%. Liquidity is detected. However, always treat scan results as one data point — contract behavior can change if it uses upgradeable proxies."

## Security Model

```
YOUR SIDE                          QUICK INTEL'S SIDE
─────────────                      ──────────────────
• Private keys (never shared)      • Receives: token address + chain
• Payment auth ($0.03 USDC)        • Analyzes: contract bytecode
• Decision to trade or not         • Returns: read-only audit data

Quick Intel NEVER receives your private key.
Quick Intel NEVER interacts with your tokens.
Quick Intel is READ-ONLY — no transactions, no approvals.
```

**NEVER paste private keys, seed phrases, or wallet credentials into any prompt.** Quick Intel only needs the token's contract address and chain.

## Error Handling

| Error | Cause | Fix |
|-------|-------|-----|
| `402 Payment Required` | No payment header sent | Ensure wallet is configured and has $0.03+ USDC |
| `402 Payment verification failed` | Bad signature or low balance | Check payload structure (see REFERENCE.md) |
| `400 Invalid Chain` | Chain name not recognized | Use exact names from supported chains list |
| `400 Invalid Address` | Malformed address | Check format (0x... for EVM, base58 for Solana) |
| `404 Token Not Found` | Token doesn't exist on that chain | Verify address and chain match |

## Important Notes

- **Scan results are point-in-time snapshots.** A safe token today could change tomorrow if ownership isn't renounced or if it's a proxy contract. Re-scan periodically for tokens you hold.
- **Payment is charged regardless of outcome.** Even if the scan returns limited data. Use `payment-identifier` extension for safe retries (see REFERENCE.md).
- **Not financial advice.** Quick Intel provides data to inform decisions, not recommendations.
- **Cross-reference for high-value trades.** Verify on block explorers, check holder distribution, confirm liquidity on DEX aggregators.

## Discovery Endpoint

Query accepted payments and schemas before making calls:

```
GET https://x402.quickintel.io/accepted
```

## Cross-Reference

- For **trading tokens** after scanning, see the **tator-trade** skill.
- For **detailed x402 payment implementation**, wallet-specific patterns, and troubleshooting, see `REFERENCE.md`.

## About Quick Intel

Quick Intel's endpoint (`x402.quickintel.io`) is operated by **Quick Intel LLC**, a registered US-based cryptocurrency security company.

- Over **50 million token scans** processed across 40+ blockchain networks
- Security scanning APIs power **DexTools**, **DexScreener**, and **Tator Trader**
- Operational since **April 2023**
- More info: [quickintel.io](https://quickintel.io)

## Resources

- Quick Intel Docs: https://docs.quickintel.io
- x402 Protocol: https://www.x402.org
- Gateway Discovery: https://x402.quickintel.io/accepted
- Support: https://t.me/Quicki_TG

Related Skills

etherscan

3891

from openclaw/skills

Query EVM chain data via Etherscan API v2. Use for on-chain lookups where Etherscan v2 applies: balances, transactions, token transfers (ERC-20/721/1155), contract source/ABI, gas prices, event logs, and verification of transaction completion. Also trigger when another tool submits a transaction and you need to confirm it finalized on-chain.

Data & Research

isnad-scan

3891

from openclaw/skills

Scan AI agent skills for security vulnerabilities — detects code injection, prompt injection, credential exfiltration, supply chain attacks, and 69+ threat patterns. Use when installing new skills, auditing existing ones, reviewing untrusted code, or validating packages before publishing.

Security

nmap-pentest-scans

3891

from openclaw/skills

Plan and orchestrate authorized Nmap host discovery, port and service enumeration, NSE profiling, and reporting artifacts for in-scope targets.

Security

Contract Reviewer - AI Legal Document Risk Scanner

3891

from openclaw/skills

Upload any contract or legal document and get a structured risk analysis with flagged clauses, plain-language explanations, and negotiation suggestions.

AURA Security Scanner

3891

from openclaw/skills

Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them

lora-cad-scanner

3891

from openclaw/skills

LoRa Channel Activity Detection (CAD) scanner for LilyGo T3 v1.6 (ESP32-PICO-D4 + SX1276) with HackRF One support. Scans a configurable frequency range using multiple BW/SF combinations, displays live progress on the SSD1306 OLED, stores detected channels in device RAM, emits structured 15-minute reports over Serial, and sends Telegram notifications for new detections via an OpenClaw cron pipeline. Use when scanning for LoRa devices in a frequency band, setting up a LilyGo T3 as a LoRa scanner/sniffer, building RF monitoring pipelines with Telegram alerting, or doing RF reconnaissance with HackRF + LilyGo together.

secrets-scan

3891

from openclaw/skills

Detect hardcoded secrets (API keys, tokens, passwords) in text or code

cve-scan

3891

from openclaw/skills

Scan SBOM for known CVE vulnerabilities

net-vuln-scan

3891

from openclaw/skills

网络安全漏洞检测工具。用于检测本地网络和主机的常见安全漏洞，包括： (1) 开放端口检测与风险评估 (2) 弱密码和默认凭证检测 (3) SSL/TLS 证书问题 (4) 常见服务漏洞检测 (5) 网络配置安全检查 (6) 敏感端口暴露检测。适用于：安全审计、渗透测试前自查、系统加固、服务器上线检查。注意：仅用于授权的安全检测，禁止未授权扫描他人系统。

network-scan

3891

from openclaw/skills

## Description

securevibes-scanner

3891

from openclaw/skills

Run AI-powered application security scans on codebases. Use when asked to scan code for security vulnerabilities, generate threat models, review code for security issues, run incremental security scans, or set up continuous security monitoring via cron. Supports full scans (one-shot) and incremental scans (cron-driven, only new commits).

aws-secrets-scanner

3891

from openclaw/skills

Detect hardcoded secrets, exposed API keys, and credential misconfigurations in IaC and config files