Install
openclaw skills install @true402/true402-token-safetyRug-check a Base token before trading — real buy/sell honeypot simulation plus liquidity and ownership checks. Free daily checks; ~$0.01/call via x402 after.
openclaw skills install @true402/true402-token-safetyCheck any Base (chain 8453) ERC-20 token for rug-pull and honeypot risk before buying, sniping, or approving it. Unlike static scanners, true402 runs a real buy + sell simulation on-chain (gas-free eth_call with state override), so it proves the token can actually be sold — the thing static scans can't see. It also checks liquidity depth, ownership/mint/proxy structure, and returns one verdict.
Run:
npx -y @true402.dev/rugcheck 0x<token-address>
🛑 AVOID, ⚠️ CAUTION, or ✅ OK — with a 0–100 score and the specific on-chain reasons (e.g. "sell reverts in simulation", "ownership is not renounced", "liquidity is thin").npx -y @true402.dev/rugcheck 0x… && <buy command>.AVOID — do not buy. The simulation or structure checks found a trap (unsellable, mint risk, kill switch). Tell the user exactly which reasons were flagged.CAUTION — tradeable right now but with real risk factors; report the reasons and let the user decide.OK — no traps found on-chain at check time. Not financial advice; liquidity can still be pulled later.If PAYER_PRIVATE_KEY is set (a Base wallet holding a little USDC), the CLI pays per call over the x402 protocol (~$0.005–0.01, gas sponsored — the wallet needs only USDC). Never print or log the key. If the free trial is exhausted and no key is set, the CLI explains exactly how to enable payment; relay that to the user.
Every endpoint answers with HTTP 402 + machine-readable payment terms when unpaid; all are keyless:
# Full token report (simulation + liquidity + structure + deployer, one verdict)
curl -X POST https://true402.dev/api/v1/base/token-report -H 'content-type: application/json' -d '{"token":"0x…"}'
# Who deployed it — wallet age + fresh-throwaway flag
curl -X POST https://true402.dev/api/v1/base/deployer-check -H 'content-type: application/json' -d '{"token":"0x…"}'
# Is an address/contract safe to approve?
curl -X POST https://true402.dev/api/v1/base/address-safety -H 'content-type: application/json' -d '{"address":"0x…"}'
Full catalog: https://true402.dev/api/v1/services · OpenAPI: https://true402.dev/openapi.json · Docs: https://true402.dev/docs/api