io.github.lordbasilaiassistant-sudo/base-security-scanner-mcp
安全与合规by lordbasilaiassistant-sudo
供 AI agents 使用的 MCP 服务器,可在 Base 上扫描并审计智能合约中的安全漏洞。
什么是 io.github.lordbasilaiassistant-sudo/base-security-scanner-mcp?
供 AI agents 使用的 MCP 服务器,可在 Base 上扫描并审计智能合约中的安全漏洞。
README
base-security-scanner-mcp
MCP server for AI agents to scan smart contracts on Base mainnet for security vulnerabilities. Detect honeypots, rug pulls, hidden mints, proxy patterns, and generate full audit reports -- all read-only, no private key needed.
Install
npx -y base-security-scanner-mcp
Configure (Claude Desktop / Cursor)
{
"mcpServers": {
"base-security-scanner": {
"command": "npx",
"args": ["-y", "base-security-scanner-mcp"]
}
}
}
Tools (8)
| Tool | Description |
|---|---|
scan_contract | Analyze a contract for security issues (reentrancy, access control, hidden mints, proxy patterns) |
check_honeypot | Check if a token is a honeypot by simulating buy+sell via Uniswap V2 |
detect_rug_risk | Score rug pull risk 0-100 based on ownership, liquidity, permissions, honeypot status |
analyze_bytecode | Disassemble bytecode, identify contract type (proxy, AMM, ERC-20, diamond, etc.) |
check_token_permissions | Check owner permissions: mint, pause, blacklist, change fees, disable trading |
get_contract_info | Basic contract metadata: verified status, bytecode size, ETH balance, token info |
compare_bytecode | Clone detection -- check if two contracts share the same bytecode |
audit_report | Full security audit combining all checks into one comprehensive report |
Environment Variables
| Variable | Default | Description |
|---|---|---|
RPC_URL | https://mainnet.base.org | Base mainnet RPC endpoint |
How It Works
- Bytecode Analysis: Extracts PUSH4 opcodes to find function selectors, matches against 30+ known dangerous patterns
- Opcode Scanning: Detects DELEGATECALL, SELFDESTRUCT, CREATE, CREATE2
- Honeypot Detection: Simulates ETH->Token->ETH round-trip via Uniswap V2 router getAmountsOut
- Rug Scoring: Weighted algorithm combining ownership, liquidity depth, dangerous permissions, honeypot status
- Clone Detection: Jaccard similarity on function selector sets
Related MCP Servers
| Package | Tools | What it does |
|---|---|---|
obsd-launchpad-mcp | 14 | Deploy tokens, trade, earn OBSD |
base-security-scanner-mcp | 8 | Scan contracts for vulnerabilities |
base-price-oracle-mcp | 7 | On-chain price feeds from DEX pools |
base-multi-wallet-mcp | 8 | Coordinated multi-wallet trading |
base-gasless-deploy-mcp | 5 | Gasless ERC-20 token deployment |
base-flash-arb-mcp | 7 | Detect arbitrage opportunities |
base-token-sniper-mcp | 5 | Discover & trade new launches |
base-wallet-toolkit-mcp | 7 | Wallet balances, gas, tokens |
base-contract-reader-mcp | 6 | Read any smart contract (free) |
create-mcp-server-cli | - | Scaffold a new MCP server |
License
MIT
常见问题
io.github.lordbasilaiassistant-sudo/base-security-scanner-mcp 是什么?
供 AI agents 使用的 MCP 服务器,可在 Base 上扫描并审计智能合约中的安全漏洞。
相关 Skills
安全专家
by alirezarezvani
覆盖威胁建模、漏洞评估、安全架构设计、代码审计与渗透测试,内置 STRIDE、OWASP、加密模式和安全扫描流程,适合系统设计评审与上线前安全排查。
✎ 安全专家把威胁建模、漏洞分析到渗透测试串成一套流程,内置 STRIDE 与 OWASP 指南,做安全设计和排查更省心。
安全运营
by alirezarezvani
覆盖应用安全、漏洞管理与合规审计,支持代码/依赖扫描、CVE 评估、Secrets 检测和安全自动化,适合做安全基线落地、漏洞响应、审计检查与安全开发治理。
✎ 应用安全、漏洞管理和合规检查一套打通,还能自动化扫描与响应,帮团队更早发现并收敛风险。
安全审计
by alirezarezvani
安装前审计 Claude Code Skill 的代码执行、Prompt 注入和依赖供应链风险,支持本地目录或 Git 仓库扫描,输出 PASS/WARN/FAIL 结论及修复建议
✎ 把代码审查、漏洞扫描和合规检查串成一条线,帮团队更早发现风险,做安全治理更省心。
相关 MCP Server
by Sentry
搜索和分析 Sentry 错误报告,辅助调试。
✎ 把零散的 Sentry 错误报告变成可检索线索,帮你在海量报错里更快定位线上故障,排障调试明显省时。
by sinewaveai
为 AI agents 提供安全层:拦截 prompt injection、识别伪造 packages,并扫描漏洞风险。
✎ 给 AI Agent 补上关键安全层,能拦截 prompt 注入、识别伪造包并扫描漏洞风险,把防护前置更省心。
by pantheon-security
强化安全性的 NotebookLM MCP,集成 post-quantum encryption,提升数据防护能力。