Workflows & Recipes

Token security checks for AI agents

Written by Rishabh Narang, CEO, Hive IntelligenceLast updated

Your AI agent needs to decide what should happen before a user swaps: pass, block, or escalate based on risk evidence.

That sounds simple, but answering it responsibly means checking the token contract for honeypot traps, verifying the dApp is not a known phishing site, and simulating expected transaction effects before the request moves toward signing. Miss one step and your agent either blocks legitimate trades without evidence or passes a risky transaction to the next approval step.


Without Hive

Building this yourself means stitching together at least two providers with completely different auth models, schemas, and failure modes.

GoPlus for token security - sign up, get an API key, learn their query-parameter schema, handle their rate limits and error format.

Tenderly for transaction simulation - a separate account, a separate API key, a project-scoped URL, a different auth header (X-Access-Key), and a different response shape.

Then you write custom risk-scoring logic to combine both results into a risk policy or escalation decision.

python
import requests

# --- Provider 1: GoPlus token security ---
goplus_resp = requests.get(
    "https://api.gopluslabs.io/api/v1/token_security/1",
    params={
        "contract_addresses": "0xdAC17F958D2ee523a2206206994597C13D831ec7"
    },
)
goplus_data = goplus_resp.json()

is_honeypot = goplus_data["result"]["0xdac17f958d2ee523a2206206994597c13d831ec7"]["is_honeypot"]
buy_tax = goplus_data["result"]["0xdac17f958d2ee523a2206206994597c13d831ec7"]["buy_tax"]
sell_tax = goplus_data["result"]["0xdac17f958d2ee523a2206206994597c13d831ec7"]["sell_tax"]

# --- Provider 2: Tenderly simulation ---
tenderly_resp = requests.post(
    "https://api.tenderly.co/api/v1/account/ME/project/MY_PROJECT/simulate",
    headers={"X-Access-Key": "TENDERLY_API_KEY"},
    json={
        "network_id": "1",
        "from": "0xYOUR_WALLET",
        "to": "0xCONTRACT",
        "input": "0xSWAP_CALLDATA",
        "value": "0",
    },
)
sim_data = tenderly_resp.json()

# --- Custom risk logic combining both ---
# This is a policy input, not a guarantee.
passes_basic_policy = (
    is_honeypot == "0"
    and float(buy_tax) < 0.1
    and float(sell_tax) < 0.1
    and sim_data["transaction"]["status"]
)

That is roughly 35 lines before you add error handling, retries, or a third provider for phishing detection. You manage two API keys, two auth flows, two response formats, and a hand-rolled scoring function that breaks the moment either provider changes their schema.


With Hive

Two tool calls through one API key. Same endpoint, same auth header, same JSON shape.

python
import requests

def hive(tool: str, args: dict) -> dict:
    r = requests.post(
        "https://mcp.hiveintelligence.xyz/api/v1/execute",
        headers={"Authorization": "Bearer YOUR_HIVE_API_KEY"},
        json={"tool": tool, "args": args},
        timeout=30,
    )
    r.raise_for_status()
    payload = r.json()
    if not payload.get("ok", False):
        raise RuntimeError(payload.get("error", {}).get("message", "Hive call failed"))
    return payload["data"]

security = hive("get_token_security", {
    "chainId": "1",
    "contract_addresses": "0xdAC17F958D2ee523a2206206994597C13D831ec7",
})

simulation = hive("simulate_evm_transaction", {
    "chain_id": "1",
    "from": "0xYOUR_WALLET",
    "to": "0xCONTRACT",
    "data": "0xSWAP_CALLDATA",
})

Both responses come back in a consistent JSON envelope. Your agent reads the fields it needs without schema translation or a second set of credentials. Those responses give the agent risk evidence to evaluate against your policy. They do not provide a safety guarantee or authorize a swap.


Side-by-side comparison

Without HiveWith Hive
API keys2+ (GoPlus, Tenderly, ...)1
Auth flowsDifferent per providerOne header everywhere
Response formatsProvider-specificConsistent JSON envelope
Lines of code~35 before error handling~15 including the helper
Adding phishing checksThird provider, third keyOne more hive() call
Schema discoveryRead each provider's docstools/list or hive://tools

Available security tools

Hive bundles six security tools behind the same endpoint and auth:

ToolWhat it does
get_token_securityHoneypot detection, ownership analysis, buy/sell tax checks
check_dapp_securitydApp risk scoring against known threat databases
check_phishing_sitePhishing URL detection for any link your agent encounters
simulate_evm_transactionPre-execution simulation so your agent can inspect expected effects before the user signs
tenderly_trace_transactionDeep execution tracing for post-mortem or advanced inspection
detect_rugpullRug pull risk analysis based on contract patterns and liquidity signals

All six are available through the Security & Risk category endpoint (/hive_security_risk/mcp) or the root MCP endpoint.


Why Hive fits this workflow

The security use case shows the difference between a do-it-yourself integration and Hive clearly:

  • One API key vs three. Every additional provider is another secret to rotate, another dashboard to monitor, another billing account to manage.
  • One auth flow vs three. GoPlus uses query params. Tenderly uses X-Access-Key. Other providers use Bearer tokens. Hive uses one header for everything.
  • Consistent JSON vs three different response formats. Your agent parses one shape instead of writing adapter code per provider.
  • Runtime tool discovery vs static documentation. Your agent can call tools/list to inspect the current security-tool schemas instead of hand-maintaining provider wrappers.

For an AI agent that needs to decide whether a token should pass, block, or escalate at request time, fewer moving parts means fewer ways the check fails. Hive collapses the security stack into one connection.


Approval boundary

Hive security tools return risk signals and simulated effects. They are read-only data tools: they do not sign transactions, execute swaps, custody assets, or decide whether capital should be deployed.

Treat token security and simulation responses as inputs to your app's policy. Surface unknown, degraded, provider-unavailable, and rate-limited states to the user, then require explicit user or application approval before any downstream signing or exchange action.