--- name: quickintel-scan description: "Scan any token for security risks, honeypots, and scams using Quick Intel's contract analysis API. Use when: checking if a token is safe to buy, detecting honeypots, analyzing contract ownership and permissions, finding hidden mint/blacklist functions, or evaluating token risk before trading. Triggers: 'is this token safe', 'scan token', 'check for honeypot', 'audit contract', 'rug pull check', 'token security', 'safe to buy', 'scam check'. Supports 63 chains including Base, Ethereum, Solana, Sui, Tron. Costs $0.03 USDC per scan via x402 payment protocol. Requires an x402-compatible wallet — recommended: managed wallet service (Sponge, AgentWallet) with no raw key exposure. Programmatic signing with dedicated hot wallet also supported. This skill is read-only and never accesses your tokens or assets." credentials: recommended: - name: SPONGE_API_KEY description: "Sponge Wallet API key (no raw private key needed). Get at paysponge.com" - name: AGENTWALLET_API_TOKEN description: "AgentWallet API token (no raw private key needed). Get at frames.ag" advanced: - name: X402_PAYMENT_KEY description: "Private key for a DEDICATED hot wallet with minimal funds ($1-5 USDC). NEVER use your main wallet key. Only needed if not using a managed wallet service." ---

Quick Intel Token Security Scanner

Scan any token on 63 chains for honeypots, scams, and security risks. Returns a detailed audit in seconds. Costs $0.03 USDC per scan via x402 — read-only, never touches your wallet or tokens.

Quick Reference

| Situation | Action | |-----------|--------| | User asks "is this token safe?" | Scan the token, interpret results | | User wants to buy/trade a token | Scan BEFORE trading, warn on red flags | | Scan shows is_Honeypot: true | STOP — tell user they cannot sell this token | | Scan shows isScam: true | STOP — known scam contract | | Scan shows can_Mint: true | Warn: owner can inflate supply | | Scan shows high buy/sell tax (>10%) | Warn: excessive fees reduce profits | | Scan shows contract_Renounced: false | Caution: owner retains control | | liquidity: false in results | May use non-standard pair — verify on DEX aggregator | | User gives chain + address | You have everything needed to scan | | User gives only address, no chain | Ask which chain, or try to infer from address format |

How to Scan

Endpoint: POST https://x402.quickintel.io/v1/scan/full

Request body:

{
  "chain": "base",
  "tokenAddress": "0x..."
}

That's it. The x402 payment ($0.03 USDC/USDM) is handled automatically by your wallet integration. If you have @x402/fetch, Sponge Wallet, AgentWallet, Vincent, or Lobster.cash — the payment flow is transparent. Pay on any of 14 networks: Base (recommended, lowest fees), Ethereum, Arbitrum, Optimism, Polygon, Avalanche, Unichain, Linea, Sonic, HyperEVM, Ink, Monad, MegaETH (USDM), or Solana.

Which integration do I use?

> ⚠️ Wallet Security: This skill does NOT require your private key. The x402 payment is handled by YOUR agent's wallet — whichever wallet your agent already uses. If your agent doesn't have a wallet yet, use a managed wallet service (Sponge, AgentWallet, Vincent, Lobster.cash) instead of raw private keys. If you must use programmatic signing, use a dedicated hot wallet with minimal funds ($1-5 USDC), never your main wallet.

| Your setup | Use this | Key exposure | |-----------|----------|-------------| | Using Sponge Wallet | Pattern A below (recommended) | ✅ No raw keys — API key only | | Using AgentWallet (frames.ag) | Pattern B below | ✅ No raw keys — API token only | | Using Lobster.cash / Crossmint | See REFERENCE.md | ✅ No raw keys — managed wallet | | Using Vincent Wallet | See REFERENCE.md | ✅ No raw keys — managed signing | | Have @x402/fetch installed | Pattern C below | ⚠️ Requires private key in env | | Have viem or ethers.js, no x402 library | Pattern D below (manual signing) | ⚠️ Requires private key in env | | Using Solana wallet | See REFERENCE.md | ⚠️ Requires private key in env | | Not sure / no wallet configured | Start with Pattern A (Sponge) | ✅ No raw keys |

Pattern A: Sponge Wallet (Recommended — No Raw Keys)

curl -sS -X POST "https://api.wallet.paysponge.com/api/x402/fetch" \
  -H "Authorization: Bearer $SPONGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://x402.quickintel.io/v1/scan/full",
    "method": "POST",
    "body": {
      "chain": "base",
      "tokenAddress": "0xa4a2e2ca3fbfe21aed83471d28b6f65a233c6e00"
    },
    "preferred_chain": "base"
  }'

Requires: SPONGE_API_KEY env var. Sign up at paysponge.com. Sponge manages the wallet and signing — your agent never touches a private key.

Pattern B: AgentWallet (No Raw Keys)

const response = await fetch('https://frames.ag/api/wallets/{username}/actions/x402/fetch', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.AGENTWALLET_API_TOKEN}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    url: 'https://x402.quickintel.io/v1/scan/full',
    method: 'POST',
    body: { chain: 'base', tokenAddress: '0x...' }
  })
});
const scan = await response.json();

Requires: AGENTWALLET_API_TOKEN env var. Get one at frames.ag.

Pattern C: @x402/fetch (Programmatic Signing)

> ⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet.

import { x402Fetch } from '@x402/fetch';
import { createWallet } from '@x402/evm';

// Use a DEDICATED wallet with only payment funds ($1-5 USDC)
// NEVER use your main wallet or trading wallet private key here
const wallet = createWallet(process.env.X402_PAYMENT_KEY);

const response = await x402Fetch('https://x402.quickintel.io/v1/scan/full', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ chain: 'base', tokenAddress: '0x...' }),
  wallet,
  preferredNetwork: 'eip155:8453'
});

const scan = await response.json();

Pattern D: Manual EVM Signing (viem)

> ⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet.

If you don't have @x402/fetch, handle the payment flow manually:

import { keccak256, toHex } from 'viem';
import { privateKeyToAccount } from 'viem/accounts';

// Use a DEDICATED wallet with only payment funds ($1-5 USDC)
const account = privateKeyToAccount(process.env.X402_PAYMENT_KEY);
const SCAN_URL = 'https://x402.quickintel.io/v1/scan/full';

// Step 1: Hit endpoint, get 402 with payment requirements
const scanBody = JSON.stringify({ chain: 'base', tokenAddress: '0x...' });
const initialRes = await fetch(SCAN_URL, {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: scanBody,
});

if (initialRes.status !== 402) throw new Error(`Expected 402, got ${initialRes.status}`);
const paymentRequired = await initialRes.json();

// Step 2: Find preferred network in accepts array
const networkInfo = paymentRequired.accepts.find(a => a.network === 'eip155:8453');
if (!networkInfo) throw new Error('Base network not available');

// Step 3: Sign EIP-712 TransferWithAuthorization
const nonce = keccak256(toHex(`${Date.now()}-${Math.random()}`));
const validBefore = BigInt(Math.floor(Date.now() / 1000) + 3600);

const signature = await account.signTypedData({
  domain: {
    name: networkInfo.extra.name,
    version: networkInfo.extra.version,
    chainId: 8453,
    verifyingContract: networkInfo.asset,
  },
  types: {
    TransferWithAuthorization: [
      { name: 'from', type: 'address' },
      { name: 'to', type: 'address' },

...