Security & Risk Tools
19 tools for token security analysis, honeypot detection, transaction simulation, and risk assessment.
MCP Endpoint: POST /hive_security_risk/mcp
Data Source: GoPlus Security
Token Security
get_token_security
Comprehensive token security analysis.
| Parameter | Type | Required | Description |
|---|---|---|---|
| contract_addresses | string | Yes | Token contract address |
| chain_id | string | Yes | Chain ID (1=ETH, 56=BSC, etc.) |
Example:
curl -X POST https://api.hiveintelligence.xyz/api/execute \
-H "Content-Type: application/json" \
-d '{
"toolName": "get_token_security",
"arguments": {
"contract_addresses": "0x...",
"chain_id": "1"
}
}'
Response:
{
"is_honeypot": false,
"is_open_source": true,
"is_proxy": false,
"is_mintable": false,
"can_take_back_ownership": false,
"owner_change_balance": false,
"hidden_owner": false,
"selfdestruct": false,
"external_call": false,
"buy_tax": "0",
"sell_tax": "0",
"is_blacklisted": false,
"is_whitelisted": false,
"is_anti_whale": false,
"trading_cooldown": false,
"transfer_pausable": false,
"holder_count": 15000,
"total_supply": "1000000000",
"creator_address": "0x...",
"creator_balance": "0",
"creator_percent": "0"
}
Security Risk Indicators
| Risk Factor | Description | Severity |
|---|---|---|
| is_honeypot | Cannot sell tokens | Critical |
| is_mintable | Owner can mint new tokens | High |
| hidden_owner | Ownership is hidden | High |
| can_take_back_ownership | Owner can reclaim ownership | High |
| selfdestruct | Contract can be destroyed | Critical |
| transfer_pausable | Transfers can be paused | Medium |
| is_blacklisted | Blacklist functionality | Medium |
| trading_cooldown | Cooldown between trades | Low |
| is_anti_whale | Anti-whale mechanisms | Low |
NFT Security
get_nft_security
Security analysis for NFT contracts.
| Parameter | Type | Required | Description |
|---|---|---|---|
| contract_address | string | Yes | NFT contract address |
| chain_id | string | Yes | Chain ID |
Checks include:
- Contract verification
- Ownership structure
- Minting controls
- Transfer restrictions
- Royalty enforcement
Address Analysis
check_malicious_address
Check if an address is associated with known risks.
| Parameter | Type | Required | Description |
|---|---|---|---|
| address | string | Yes | Address to check |
| chain_id | string | Yes | Chain ID |
Checks for:
- Known scam addresses
- Mixer/tumbler usage
- Sanctioned addresses
- Phishing addresses
- Contract risks
Approval Security
check_approval_security
Check token approval risks for an address.
| Parameter | Type | Required | Description |
|---|---|---|---|
| address | string | Yes | Wallet address to check |
| chain_id | string | Yes | Chain ID |
Response:
{
"risky_approvals": [
{
"token": "0x...",
"spender": "0x...",
"allowance": "unlimited",
"risk_level": "high",
"risk_reason": "Unknown contract"
}
]
}
get_wallet_approvals
Get all token approvals for a wallet.
| Parameter | Type | Required | Description |
|---|---|---|---|
| address | string | Yes | Wallet address |
| chain_id | string | Yes | Chain ID |
dApp & Site Security
check_dapp_security
Check security of a decentralized application.
| Parameter | Type | Required | Description |
|---|---|---|---|
| url | string | Yes | dApp URL |
check_phishing_site
Check if a site is a known phishing site.
| Parameter | Type | Required | Description |
|---|---|---|---|
| url | string | Yes | URL to check |
ABI Decoding
decode_abi
Decode contract ABI data.
| Parameter | Type | Required | Description |
|---|---|---|---|
| data | string | Yes | Encoded ABI data |
| chain_id | string | Yes | Chain ID |
Supported Chains
| Chain | ID | Coverage |
|---|---|---|
| Ethereum | 1 | Full |
| BNB Chain | 56 | Full |
| Polygon | 137 | Full |
| Arbitrum | 42161 | Full |
| Optimism | 10 | Full |
| Avalanche | 43114 | Full |
| Base | 8453 | Full |
| Fantom | 250 | Full |
Security Best Practices
Always Check Before Trading
- Run security checks before buying any new token
- Check both buy and sell taxes
- Verify the contract is open source
- Look for red flags like hidden owners or pausable transfers
- Check holder distribution for concentration risks
Quick Reference
| Tool | Description |
|---|---|
| get_token_security | Comprehensive token analysis |
| get_nft_security | NFT contract security |
| check_malicious_address | Address risk check |
| check_approval_security | Token approval risks |
| get_wallet_approvals | All wallet approvals |
| check_dapp_security | dApp security check |
| check_phishing_site | Phishing site detection |
| decode_abi | ABI data decoding |
Frequently Asked Questions
Q: How accurate is honeypot detection? A: GoPlus uses simulation-based detection with 95%+ accuracy by actually testing buy/sell transactions. However, some sophisticated honeypots may use time-delayed or conditional logic that can evade detection.
Q: What if the contract isn't verified (is_open_source: false)? A: Unverified contracts are a moderate risk flag since you can't inspect the code. Many legitimate projects verify their contracts, so unverified status warrants extra caution.
Q: Are high taxes always a red flag? A: Not necessarily. Some legitimate projects use taxes for treasury, burns, or reflections. However, taxes above 10% warrant extra scrutiny. Always check if taxes match what's advertised by the project.
Q: How often is the security database updated? A: GoPlus maintains real-time updates for their security database, including new scam addresses, phishing sites, and vulnerability patterns.
Q: Can I check multiple tokens at once? A: Yes, pass comma-separated contract addresses to get_token_security. This is useful for portfolio-wide security scans.
Q: What chains are supported for security checks? A: Ethereum, BSC, Polygon, Arbitrum, Optimism, Avalanche, Base, Fantom, and Solana are fully supported with comprehensive security analysis.
Related Categories
- DEX Analytics - Filter pools by security flags
- Token & Contract - Token holder and contract data
- Portfolio & Wallet - Wallet approvals and holdings
- Search & Discovery - Find tokens to analyze