SUPAH Token Guardian

v1.3.0

Pre-trade token safety scanner for 21+ EVM chains. 6-layer deep scan: contract safety, liquidity health, deployer profiling, holder distribution, trading pat...

⭐ 0· 154·1 current·1 all-time

by@supah-based

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for supah-based/supah-token-guardian.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "SUPAH Token Guardian" (supah-based/supah-token-guardian) from ClawHub.
Skill page: https://clawhub.ai/supah-based/supah-token-guardian
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: SUPAH_API_BASE
Required binaries: curl, node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install supah-token-guardian

ClawHub CLI

Package manager switcher

npx clawhub@latest install supah-token-guardian

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name, description, required binaries (curl, node) and outbound host (api.supah.ai) match the declared purpose of calling a remote token-scanning API and formatting results locally. One minor inconsistency: the registry metadata lists SUPAH_API_BASE as a required env var, while SKILL.md describes it as optional (an override of the default API endpoint).

ℹ

Instruction Scope

Runtime instructions and the included script only call the stated api.supah.ai endpoint, parse results, and output a report; they do not request other system credentials or read unrelated files. Two items to note: (1) the skill assumes an 'x402-compatible' agent that will automatically perform an on-chain USDC payment — this may result in unexpected charges if you enable the skill on an agent with a funded wallet; (2) the script writes the API JSON to /tmp/guardian-result.json (local persistence), which could be visible to other local users on multi-user systems and thus leak scan results or inferred trading intent.

✓

Install Mechanism

No install spec (instruction-only) and a single small shell + Node parsing script are included. Nothing is downloaded or extracted at install time by the skill itself, which is lower risk.

ℹ

Credentials

The skill requests only SUPAH_API_BASE (used to override the API base URL). It does not request API keys or wallet/private-key credentials. However, functional usage requires that the agent has a funded wallet with USDC on Base to satisfy x402 micropayments; that financial requirement is external to the skill but relevant to privacy/expense risk. The SUPAH payTo address is declared in metadata (visible), so verify you trust the recipient before enabling automatic payments.

✓

Persistence & Privilege

The skill does not request always:true and does not modify other skills or global agent configuration. It does write output to /tmp but otherwise requires no special system privileges.

Assessment

This skill appears to do what it says: it calls api.supah.ai to run a token safety scan and prints a report. Before installing, consider: (1) x402 micropayments — each scan costs $0.08 USDC on Base and the skill assumes your agent/wallet will pay automatically; ensure you understand and trust that automatic payment flow and that your agent wallet is not inadvertently funded. (2) Privacy — token addresses and chain info are sent to a remote service (api.supah.ai); if you care about revealing trading intent, review the provider. (3) Local file writes — results are saved to /tmp/guardian-result.json which could be readable by other local users on multi-user hosts. (4) Minor metadata mismatch — SUPAH_API_BASE is marked required in registry metadata but described as optional in SKILL.md; you can ignore unless you need to override the default endpoint. If you decide to proceed, review the included scripts (scripts/guardian-scan.sh) and confirm the api.supah.ai host and the payTo address are acceptable, and test with a single known token to verify behavior and charges.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis

Binscurl, node

EnvSUPAH_API_BASE

latestvk970xhd4r9qp5f22f5fyzh6evh83day4

154downloads

0stars

4versions

Updated 1mo ago

v1.3.0

MIT-0

SUPAH Token Guardian

The most comprehensive pre-trade token safety scanner on ClawHub.

Before you buy ANY token — run it through the Guardian. One command, full picture.

$0.08 USDC per scan — paid via x402 micropayment on Base. Your agent pays automatically per call. No API keys. Just USDC in your agent wallet on Base. How x402 works

What It Does

Token Guardian performs a 6-layer deep scan on any token across 21+ EVM chains:

Contract Safety — Honeypot detection, mint authority, proxy risk, ownership renounced
Liquidity Analysis — Pool depth, lock status, LP concentration, rugpull probability
Deployer Profiling — Wallet age, deployment history, serial rugger detection
Holder Distribution — Top 10 concentration, insider clustering, wash trading flags
Trading Pattern — Buy/sell ratio, volume authenticity, sandwich attack exposure
Social Signals — Community size, organic vs botted engagement, team doxxing

Returns a single Guardian Score (0-100) with a clear BUY / CAUTION / AVOID verdict.

Usage

Ask your agent naturally:

"Is 0x28538b9e45d1f40b801375bf3e6a378ec80a8a52 safe to buy?"
"Run a safety check on $OTTIE on Base"
"Should I ape into this token? [paste address]"
"Guardian scan 0x... on Ethereum"
"Check if this contract is a honeypot: 0x..."
"Full security report on $PEPE"

Supported Chains

Base, Ethereum, BSC, Polygon, Arbitrum, Optimism, Avalanche, Fantom, Cronos, Gnosis, Celo, Moonbeam, Harmony, zkSync Era, Linea, Scroll, Mantle, Blast, Mode, Manta, and more.

Example Output

🛡️ SUPAH GUARDIAN REPORT
━━━━━━━━━━━━━━━━━━━━━━━

Token: Ottie ($OTTIE)
Chain: Base
Address: 0x2853...8a52

GUARDIAN SCORE: 72/100 ⚠️ CAUTION

┌─────────────────────────────────┐
│ Contract Safety     ██████░░ 78 │
│ Liquidity Health    █████░░░ 65 │
│ Deployer Trust      ███████░ 85 │
│ Holder Distribution █████░░░ 62 │
│ Trading Patterns    ██████░░ 74 │
│ Social Signals      ██████░░ 70 │
└─────────────────────────────────┘

⚠️ RISKS DETECTED:
• Top 10 holders control 45% of supply
• Liquidity not locked (LP tokens in deployer wallet)
• Buy tax: 0% | Sell tax: 0% (clean)
• Contract not renounced (owner can modify)

✅ POSITIVE SIGNALS:
• No honeypot detected
• Deployer has clean history (3 prior tokens, none rugged)
• Organic trading volume ($4.4M/24h)
• Active community (2.1K holders)

VERDICT: CAUTION — Tradeable but monitor LP lock status.
Small position only. Set stop-loss.

NFA / DYOR — Data from GoPlusLabs, DexScreener, on-chain.

How It Works

The skill calls api.supah.ai via x402 USDC micropayments on Base. Your agent pays $0.08 per scan automatically — no API keys, no setup.

SUPAH's backend aggregates data from multiple sources:

GoPlusLabs — Contract security analysis (honeypot, taxes, ownership)
DexScreener — Price, liquidity, volume, trading pairs
Moralis — On-chain data indexing, token transfers, wallet activity
Block Explorers — Deployer history, contract verification, holder data

SUPAH is built on and utilizes Moralis for its foundational on-chain data layer, adding proprietary 5-gate scoring, ML predictions, and narrative analysis on top.

All data is fetched in parallel for speed (typically <5 seconds).

Requirements

curl — HTTP client (pre-installed on most systems)
node — Node.js v18+ runtime (for JSON parsing)
USDC on Base — Your agent wallet must hold USDC on Base network for x402 micropayments ($0.08/scan)
x402-compatible HTTP client — Payment happens automatically per call via the x402 protocol

Optional: Set SUPAH_API_BASE environment variable to override the default API endpoint (default: https://api.supah.ai).

Install

clawhub install supah-token-guardian

Or manually:

cd ~/.openclaw/skills
git clone https://github.com/supah-based/supah-token-guardian.git

Comments

Loading comments...