trongrid-token-scanner
Deep analysis of any specific TRC-20 or TRC-10 token on TRON including supply, price, holder distribution, contract details, activity metrics, and safety ass...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 79 · 0 current installs · 0 all-time installs
by@greason
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (TRC-20/TRC-10 token analysis) match the instructions: calls to getTrc20Info, getContract, holders, transactions and web searches for market data. No unrelated binaries, env vars, or config paths are requested. One small note: the skill assumes access to a TronGrid/MCP endpoint (declared as mcp-server: trongrid) but does not declare any API key — likely relying on platform-provided MCP connectivity.
Instruction Scope
SKILL.md steps are narrowly scoped to on-chain queries and web searches for market data. It does not instruct reading local files, unrelated environment variables, or transmitting arbitrary local data. Web searches for off-chain price/listings are expected for market-data enrichment.
Install Mechanism
This is instruction-only with no install spec and no code files to write or execute. Lowest-risk install profile.
Credentials
The skill requests no environment variables or credentials in its metadata. That is proportionate for an instruction-only analyzer that appears to rely on platform MCP access. If your agent/platform requires separate TronGrid credentials, those are not declared here and would need to be provided by the platform, not the skill.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or modify other skill configs. Autonomous invocation is allowed by default but not combined with other privileged requests here.
Scan Findings in Context
[no-findings] expected: Regex-based scanner found nothing because this is an instruction-only skill with no code files to analyze. This is expected for a skills that only describes API calls.
Assessment
This skill appears coherent for TRON token due diligence: it performs on-chain MCP calls and web searches for market data and does not ask for secrets or install code. Before installing, confirm how your agent/platform provides access to the TronGrid (MCP) server — the skill assumes such access but does not declare an API key. Also note the skill's source/homepage is unknown; if provenance matters to you, ask the publisher for a homepage or source repo. Finally, be aware the skill will perform web searches and on-chain queries (public data) when invoked; if you prefer stricter control, limit autonomous invocation or review outputs before acting on high-risk recommendations.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Token Scanner
In-depth analysis of any specific TRC-20 or TRC-10 token — supply, market data, holder distribution, contract details, transaction activity, and safety scoring.
MCP Server
- Prerequisite: TronGrid MCP Guide
Instructions
Step 1: Identify the Token
- TRC-20: Identified by contract address (e.g.,
TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6tfor USDT) - TRC-10: Identified by numeric token ID or name
Step 2: Fetch Token Metadata
TRC-20 (run in parallel):
getTrc20Info— Name, symbol, decimals, standard, total supplygetContractInfo— Deployer, energy settings, creation timegetContract— ABI (for standard compliance check), bytecode
TRC-10:
getAssetByIdentifierorgetAssetByName— Name, abbreviation, total supply, precision, issuer, issue time, URL, frozen supply
Step 3: Analyze Holder Distribution
For TRC-20, call getTrc20TokenHolders:
- Top holders and balances
- Concentration: what % do top 10/50/100 holders control
- Identify if whale addresses are exchanges or known entities
Step 4: Examine Activity
getContractTransactions— Recent contract interactions, transaction patternsgetEventsByContractAddress— Transfer events, approvals, etc.- Analyze: daily volume, active addresses, organic vs. bot patterns
Step 5: Fetch Market Data
Web search for off-chain data:
- Price (USD, BTC), 24h volume, market cap, FDV
- Exchange listings, price trends
Step 6: Safety Assessment
Evaluate across dimensions:
| Dimension | Check | Tool |
|---|---|---|
| Contract verified | ABI available? | getContract |
| Holder concentration | Top 10 hold >80%? | getTrc20TokenHolders |
| Liquidity | Volume vs. market cap ratio | Web search |
| Permissions | mint/pause/blacklist functions? | ABI analysis |
| Activity | Organic or artificial patterns? | getContractTransactions |
Step 7: Compile Token Report
## Token Report: [Name] ([Symbol])
### Basic Info
- Contract/ID: [address or ID]
- Standard: TRC-20 / TRC-10
- Decimals: [X]
- Issuer: [address]
- Issue Date: [date]
### Supply & Market
- Total Supply: [amount]
- Price: $[X.XXXX]
- Market Cap: $[X.XX M/B]
- 24h Volume: $[X.XX M]
### Holders
- Total: [count]
- Top 10 Concentration: [X.X%]
- Largest Holder: [address] ([X.X%])
### Activity
- Daily Transactions: ~[count]
- 7-day Trend: [increasing/stable/decreasing]
### Safety Score: [Low/Medium/High Risk]
- Contract Verified: [Yes/No]
- Holder Concentration: [Low/Medium/High]
- Liquidity: [Good/Fair/Poor]
- Red Flags: [list if any]
Error Handling
| Error | Cause | Resolution |
|---|---|---|
| Token not found | Invalid contract address or token ID | Ask user to verify; suggest searching by name with getAssetByName |
| No holders data | New token or API limitation | Note "Holder data unavailable", continue with other metrics |
| ABI unavailable | Unverified contract | Flag as risk factor, proceed with transaction-based analysis |
| TRC-10 name collision | Multiple TRC-10 tokens share same name | Use getAssetByIdentifier with numeric ID instead |
| No market data | Unlisted token | Report on-chain data only, note "Not listed on price aggregators" |
Examples
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…