SicariusGuard
7-layer Solana safety oracle and security infrastructure for AI agents.
README
π‘οΈ SicariusGuard
Solana Token Safety Oracle for AI Agents & Trading Bots
Real-time token safety analysis combining byte-level on-chain inspection, market intelligence, and wallet reputation scoring. Built for autonomous AI agents, MCP-enabled LLMs, and trading infrastructure.
"Don't trade blind. Query SicariusGuard before every swap."
π Live API: https://sicarius-guard-640545264957.us-east4.run.app
# Try it now β no auth required (100 free calls/day)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/scan/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
π What It Does
SicariusGuard performs 7 layers of safety analysis on any Solana SPL token:
| Layer | Source | Detection |
|---|---|---|
| π Mint Authority | Raw SPL mint bytes | Can deployer print infinite tokens? |
| π§ Freeze Authority | SPL layout offset 46 | Can deployer freeze any wallet? |
| β οΈ Token-2022 Extensions | Extension type scan | PermanentDelegate, TransferHook, ConfidentialTransfers |
| π― Honeypot Detection | Jupiter sell simulation | Can you actually sell this token? |
| π Holder Concentration | getTokenLargestAccounts |
Top 5 wallets controlling >50% supply? |
| π Market Intelligence | Birdeye API | Liquidity, volume, wash trading, manipulation |
| π Wallet Reputation | Helius Identity + Funded-By | Is the deployer wallet a known scammer? |
Weighted Risk Scoring (60/25/15 Model)
finalScore = (onChainRisk Γ 0.60) + (marketRisk Γ 0.25) + (reputationRisk Γ 0.15)
0 β SAFE
1-15 β CAUTION
16-50 β HIGH_RISK
51-100 β CRITICAL
| Weight | Source | What It Catches |
|---|---|---|
| 60% | On-chain safety | Mint/freeze authority, honeypots, extensions |
| 25% | Birdeye market data | Low liquidity, wash trading, price manipulation |
| 15% | Helius wallet intel | Scammer wallets, suspicious funding chains |
π Quick Start
# Clone
git clone https://github.com/Chronolapse411/sicarius-guard.git
cd sicarius-guard
# Install
npm install
# Configure
cp .env.example .env
# Add your HELIUS_RPC_URL and optionally BIRDEYE_API_KEY
# Build & Run
npm run build
npm start
π‘ API Endpoints
REST API (Port 3400)
| Method | Endpoint | Description |
|---|---|---|
POST |
/v1/check |
Full on-chain safety analysis |
GET |
/v1/check/:mint |
Convenience GET for safety check |
POST |
/v1/scan |
Full analysis + Birdeye + Helius wallet intel |
GET |
/v1/scan/:mint |
Convenience GET for enriched scan |
POST |
/v1/honeypot |
Honeypot-only check (Jupiter sell sim) |
POST |
/v1/holders |
Holder concentration analysis |
GET |
/v1/pricing |
x402 payment pricing table |
GET |
/x402/stats |
Payment verification stats |
GET |
/health |
Service health check |
Example Request
# Basic safety check (BONK)
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/check/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
# Full scan with Birdeye + Helius enrichment
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/scan/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263
Example Response (/v1/scan)
{
"safety": {
"safe": true,
"riskScore": 0,
"verdict": "SAFE",
"reason": "SAFE β mint/freeze revoked, no dangerous extensions, supply OK",
"checks": {
"mintAuthority": { "status": "REVOKED", "safe": true },
"freezeAuthority": { "status": "REVOKED", "safe": true },
"token2022Extensions": { "status": "CLEAN", "safe": true },
"supplyConcentration": { "status": "OK", "safe": true }
}
},
"honeypot": {
"isHoneypot": false,
"sellable": true,
"reason": "Sellable via Raydium β Quantum"
},
"holders": {
"concentrated": false,
"stats": { "top10Pct": 8.2 }
},
"birdeye": {
"overview": {
"price": 0.0000075,
"liquidity": 3511099,
"marketCap": 631226030,
"holder": 999749
},
"marketRisk": { "verdict": "MARKET_SAFE", "flags": [] }
},
"walletIntel": {
"creatorAddress": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263",
"reputation": {
"verdict": "TRUSTED",
"riskScore": 0,
"flags": []
}
},
"combined": {
"safe": true,
"riskScore": 0,
"marketRiskScore": 0,
"reputationScore": 0,
"finalScore": 0,
"verdict": "SAFE",
"summary": "All checks passed β token appears safe"
}
}
π€ MCP Server (for AI Agents)
SicariusGuard exposes tools via the Model Context Protocol (MCP), enabling LLMs and agent frameworks to call safety checks natively.
Available MCP Tools (7)
| Tool | Description | Read-Only |
|---|---|---|
check_token_safety |
5-layer on-chain rug pull, honeypot, and holder analysis | β |
check_honeypot |
Jupiter DEX sell simulation β zero cost, quote-only | β |
check_holder_concentration |
Top holder distribution analysis with concentration flags | β |
full_token_scan |
7-layer scan: on-chain + Birdeye market + Helius wallet reputation | β |
get_wallet_reputation |
Helius DAS identity, funding chain, deployer age analysis | β |
get_market_intel |
Birdeye market data: price, volume, liquidity, risk flags | β |
batch_scan |
Parallel 7-layer scan of up to 10 tokens per call | β |
Usage with Claude Desktop / Cursor
{
"mcpServers": {
"sicarius-guard": {
"command": "node",
"args": ["dist/mcp-server.js"],
"cwd": "/path/to/sicarius-guard",
"env": {
"HELIUS_RPC_URL": "https://mainnet.helius-rpc.com/?api-key=YOUR_KEY",
"BIRDEYE_API_KEY": "your-birdeye-key"
}
}
}
}
Usage via npx
# Run directly without cloning
npx sicarius-guard
ποΈ Architecture
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SicariusGuard β
β β
β βββββββββββββββ βββββββββββββββ ββββββββββββββββββββββββ β
β β REST API β β MCP Server β β x402 Payment Gate β β
β β Express 5 β β stdio β β SOL Micropayments β β
β ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββββββ¬ββββββββββββ β
β β β β β
β ββββββββΌβββββββββββββββββΌββββββββββββββββββββββΌββββββββββββ β
β β Core Safety Engine β β
β β β β
β β ββββββββββββββ ββββββββββββ βββββββββββββββββββββββββ β β
β β β token_ β βhoneypot_ β β holder_ β β β
β β β safety.ts β βsim.ts β β analysis.ts β β β
β β ββββββββββββββ ββββββββββββ βββββββββββββββββββββββββ β β
β β β β
β β ββββββββββββββββββββββ ββββββββββββββββββββββββββββββ β β
β β β birdeye.ts β β helius_wallet.ts β β β
β β β Market Intelligenceβ β Wallet Reputation (15%) β β β
β β β β’ Price/Volume β β β’ Identity API β β β
β β β β’ Liquidity β β β’ Funded-By chain β β β
β β β β’ Wash trading β β β’ Scammer detection β β β
β β ββββββββββββββββββββββ ββββββββββββββββββββββββββββββ β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βββββββββββββββββΌββββββββββββββββ β
β βΌ βΌ βΌ β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β Solana RPC β β Birdeye API β β Helius DAS β β
β β (Helius) β β (Market) β β (Wallet) β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π° x402 Payment Protocol
SicariusGuard implements the x402 HTTP Payment Required protocol for machine-native micropayments. AI agents can pay per API call with SOL β no registration, no API keys, no accounts.
How It Works
1. Agent hits /v1/scan β gets 402 + payment instructions
2. Agent sends SOL to treasury wallet
3. Agent retries with X-PAYMENT: <tx_signature>
4. Server verifies on-chain β returns safety data
Pricing
| Endpoint | Price (SOL) |
|---|---|
/v1/check |
0.001 |
/v1/scan |
0.002 |
/v1/honeypot |
0.0005 |
/v1/holders |
0.0005 |
Example (Paid Request)
# Step 1: Get pricing + treasury address
curl https://sicarius-guard-640545264957.us-east4.run.app/v1/pricing
# Step 2: Send SOL to treasury address (returned in pricing response)
solana transfer <TREASURY_ADDRESS> 0.002
# Step 3: Use tx signature as payment proof
curl -X POST https://sicarius-guard-640545264957.us-east4.run.app/v1/scan \
-H "Content-Type: application/json" \
-H "X-PAYMENT: <your_tx_signature>" \
-d '{"mint": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263"}'
Security
- On-chain verification β Every payment is verified against Solana mainnet
- Replay protection β Each tx signature can only be used once
- Amount validation β Exact SOL amount must match endpoint pricing
- Freshness check β Transactions older than 10 minutes are rejected
- Verified live on mainnet β Tested with real SOL transfers
Access Tiers
| Tier | Auth Method | Rate Limit |
|---|---|---|
| Free | None | 100 calls/day per IP |
| x402 Pay-Per-Call | X-PAYMENT header (SOL tx sig) |
Unlimited |
π§ Configuration
| Variable | Description | Default |
|---|---|---|
HELIUS_RPC_URL |
Solana RPC endpoint (Helius recommended) | https://api.mainnet-beta.solana.com |
PORT |
API server port | 3400 |
HOST |
Bind address | 0.0.0.0 |
BIRDEYE_API_KEY |
Birdeye API key (optional, enriches scans) | β |
TREASURY_WALLET |
SOL payment recipient (x402) | β |
CACHE_TTL_SECONDS |
Cache duration | 300 |
FREE_TIER_CALLS_PER_DAY |
Free tier rate limit | 100 |
UPSTASH_REDIS_REST_URL |
Upstash Redis URL for persistent rate limiting | β |
UPSTASH_REDIS_REST_TOKEN |
Upstash Redis auth token | β |
π Performance
Tested with 50-token bulk scan on Solana mainnet:
| Metric | Value |
|---|---|
| Success rate | 50/50 (100%) |
| Avg response time | 5.4s |
| x402 payment verification | Verified live on mainnet |
π¦ Tech Stack
- Runtime: Node.js 22+ (ESM)
- Language: TypeScript 5.9
- Blockchain: @solana/web3.js (direct RPC, no wrapper SDKs)
- API: Express 5
- MCP: @modelcontextprotocol/sdk
- Market Data: Birdeye API v3
- Wallet Intel: Helius DAS / Identity / Funded-By APIs
π‘οΈ Why SicariusGuard?
Most token safety tools rely on third-party APIs that can be gamed. SicariusGuard reads raw mint account bytes directly from the blockchain β the same data the Solana runtime uses to execute transactions. No middleman, no stale data, no API that can be fooled.
| Feature | SicariusGuard | RugCheck | GoPlus |
|---|---|---|---|
| Byte-level SPL analysis | β | β | β |
| Token-2022 extension scanning | β | β | Partial |
| Jupiter honeypot simulation | β | β | β |
| Helius wallet reputation | β | β | β |
| Weighted multi-source scoring | β | β | β |
| MCP server for AI agents | β | β | β |
| x402 pay-per-call (SOL) | β | β | β |
| Self-hosted (no vendor lock-in) | β | β | β |
| Birdeye market enrichment | β | β | β |
| Sub-6s full scan | β | β | β |
π Related MCP Servers
Build powerful agentic workflows by combining SicariusGuard with these complementary MCP servers:
| Server | Description | Use With SicariusGuard |
|---|---|---|
| Pentagonal | AI-powered smart contract auditing for Solidity & Anchor/Rust | Audit the contract β scan the token with SicariusGuard |
| Desk3 | Real-time cryptocurrency market data | Get macro market context β validate token safety |
| AgentForge | DeFi safety layer β SPL approval scans & contract registry | Check approvals β scan token safety with SicariusGuard |
| Financial Datasets | Stock & market data for AI assistants | Cross-market correlation analysis |
π License
MIT β Built by Chronolapse411
π Links
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.