Windsurf is Codeium's AI-native IDE with the Cascade agent and native MCP support. Once Hive is registered in Windsurf's MCP config, Cascade can call get_token_security and detect_rugpull on any contract address before recommending a swap or generating transaction code. This is a pre-signing risk check — the agent grounds its advice in GoPlus + on-chain state instead of training-cutoff knowledge that may be months stale. Windsurf's strength here is its agentic coding workflow: you can instruct it to inspect token-risk evidence first and block transaction-code generation when the token fails your security policy.

Client: Windsurf · Workflow: Token security

Hive tools used

get_token_security — GoPlus security report — honeypot, taxes, owner permissions, transfer restrictions.
detect_rugpull — Aggregated rugpull risk score with structured signal flags.
check_malicious_address — Address-level security context for counterparties and contracts.

Steps

Register Hive in ~/.codeium/windsurf/mcp_config.json
Open Windsurf Settings -> Cascade -> MCP, or directly edit the config file. Use the remote serverUrl config from the Windsurf install guide so Cascade connects to Hive without a local Node wrapper.
```
{
  "mcpServers": {
    "hive": {
      "serverUrl": "https://mcp.hiveintelligence.xyz/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_HIVE_API_KEY"
      }
    }
  }
}
```
Confirm Cascade sees Hive tools
Open the Cascade panel (Cmd-Shift-L) and type "list available Hive tools." Cascade should see Hive's compact discovery tools; use search_tools or hive://tools for the wider catalog. If Hive is missing entirely, check the config file syntax and reload.
Make security gating part of your prompts
When asking Cascade to write transaction code for a new token, include "first inspect token-risk evidence with Hive security tools and return pass, block, or escalate." Cascade will call get_token_security before generating any transaction-signing code.
Refuse on red flags
If is_honeypot is true, owner_change_balance is true, or rugpull_risk_score is over 70, Cascade should refuse to write the code and explain why. Tune your project rules in Windsurf to enforce this — the rule lives in .windsurf-rules at the project root.
Make the audit trail visible
Hive execution metadata includes fetched_at. Have Cascade emit the returned timestamp into a project log so you have a record of which security state the agent was reasoning over at decision time.

Example prompt

I want to swap ETH for token 0x...xyz on Base. Write the transaction code, but first inspect token-risk evidence with Hive and return pass, block, or escalate. Refuse if it's a honeypot or has high rugpull risk.

Example output shape

Example output shape (illustrative values; run the tools for live data):

Before writing swap code I checked token-risk evidence with Hive security tools and captured the fetched_at timestamp.

- is_honeypot: false
- buy_tax: 0%, sell_tax: 0%
- transfer_pausable: false
- owner_change_balance: false
- can_take_back_ownership: false
- rugpull_risk_score: 18/100 (low risk in this example)

The example token passes the configured security policy, so the agent can generate transaction code with an explicit amount cap, slippage limit, deadline, and a comment recording the security-check timestamp. If the live check returns red flags, the agent should refuse to generate signing code.

Pre-signing token risk checks from Windsurf

Hive tools used

Steps

Example prompt

Example output shape

Related glossary terms

Related recipes

See also