Token Scan

{skillDir}/scripts/token_scan.py

When to use this skill

• Analyze token contract security risk
• Review high-risk findings and alert severity
• Interpret buy or sell tax fields
• Check holder concentration and LP lock status

Supported chains

bsc

eth

solana

arbitrum

base

polygon

avax

tron

ton

plasma

sui

Workflow

1. Confirm the chain is supported.
2. Validate the address format when the chain format is obvious from the input.
3. Prefer the bundled Python script for execution.
4. If Python is unavailable, use the documented

   curl

   fallback.
5. If the result is still running, report that the scan is in progress instead of pretending the scan is complete.
6. Return the result in this order:
   • risk overview
   • alert list
   • additional token signals such as tax, holder concentration, and LP lock
7. Only include raw fields when the user explicitly asks for audit-level detail.

Execution

Important:

--chain

only supports

bsc|eth|solana|arbitrum|base|polygon|avax|tron|ton|plasma|sui

. If the user provides a chain outside this list, do not call the API. Reply that the chain is not supported yet and include the supported chain list so the user can switch.

python3 scripts/token_scan.py --chain "bsc" --contract "0x..."

curl

curl -sG "https://open.api.certik.com/token-scan" \
  -H "Accept: application/json, text/plain, */*" \
  --data-urlencode "chain=bsc" \
  --data-urlencode "address=0x..."

Output requirements

1. Risk overview must include

   score

   ,

   alert_count

   , and the highest alert level.
2. Alert list must be sorted by

   Critical -> Major -> Medium -> Minor

   and show up to 8 items.
3. If

   alert_count > 8

   , explicitly say:

   Total N alerts, showing the top 8 highest-priority items

   .
4. Clarify that values like

   skyknight_score.details.buy_tax

   and

   skyknight_score.details.sell_tax

   are deduction factors, not the real tax percentage.
5. Prefer the real buy or sell tax value from

   security_summary.*.extended_data.*

   when it exists.

Public API

• Endpoint:

  GET https://open.api.certik.com/token-scan

• Query parameters:

  • chain

    (required)

  • address

    (required)

curl -sG "https://open.api.certik.com/token-scan" \
  -H "Accept: application/json, text/plain, */*" \
  --data-urlencode "chain=eth" \
  --data-urlencode "address=0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984"

• arbitrum

  : EVM hex

  0x...

  with 42 chars

• avax

  : EVM hex

  0x...

  with 42 chars

• base

  : EVM hex

  0x...

  with 42 chars

• bsc

  : EVM hex

  0x...

  with 42 chars

• eth

  : EVM hex

  0x...

  with 42 chars

• plasma

  : EVM hex

  0x...

  with 42 chars

• polygon

  : EVM hex

  0x...

  with 42 chars

• solana

  : Base58 public key

• sui

  : Hex

  0x...

  with module path

• ton

  :

  EQ

  or

  UQ

  prefix, 46-48 chars

• tron

  : Base58check, starts with

  T

  , 34 chars

Result notes

• If

  message

  is

  in progress

  , the scan has not finished.
• If

  message

  is

  success

  , the scan is complete and can be summarized.
• If

  message

  is

  error

  , return the upstream error information.

• skyknight_score.details.buy_tax

  and

  skyknight_score.details.sell_tax

  are deduction factors, not literal tax percentages.
• Prefer actual tax values from:

  • security_summary.buy_tax.extended_data.buy_tax

  • security_summary.sell_tax.extended_data.sell_tax