I Built an AI Agent That Checks If a Solana Token Is a Rug Pull — Before You Buy

The ugly truth: a large percentage of new Solana tokens are scams or honeypots — industry estimates range from 60-80%, depending on the data source and time period. I learned this the hard way. So I built an MCP server that checks any token's risk score in real-time — and makes AI agents actually use it before trading.

---

The Problem

I was building an AI trading agent. It was supposed to be smart: analyze tokens, detect trends, execute trades.

Then I fed it a token that looked legitimate. Clean contract. Decent liquidity. A website with a roadmap and a Telegram link that had 5,000 members.

The agent bought in.

The token was a rug pull. $2,400 gone in 11 minutes.

That's when I understood the uncomfortable truth: AI agents can analyze sentiment, write code, and debug — but they can't verify if a token is a scam. They have no way to check:

• Is the liquidity locked or burnable?
• Does the contract have a mint function that lets the owner print infinite tokens?
• Are top holders dumping on the community?

Existing tools exist for humans. RugCheck.xyz. DexScreener. GoPlus Security. But they're all separate APIs, different response formats, and none of them expose an interface an AI agent can actually use autonomously.

So I built one.

---

What I Built: Token RugCheck MCP Server

token-rugcheck is an MCP server that gives AI agents the ability to audit any Solana token before trading. It's a middleware that:

1. Fetches from 3 data sources in parallel: RugCheck.xyz, DexScreener, and GoPlus Security
2. Runs deterministic risk rules: 10 rules covering mint authority, liquidity protection, holder concentration, sell pressure, and more
3. Returns a three-layer report: Machine-readable verdict + LLM-friendly analysis + raw evidence for humans to verify

Your AI Agent          Token RugCheck
      │                      │
      │  GET /v1/audit/{mint}│
      ├─────────────────────▶│
      │                      │
      │  402 Payment (0.02 USDC)
      │◀─────────────────────┤
      │                      │
      │  USDC on Solana      │
      ├─────────────────────▶│
      │                      │
      │  200 OK + Report    │
      │◀─────────────────────┤
      │                      │
      │ is_safe: false      │
      │ risk_score: 85      │
      │ risk_level: CRITICAL│
      │ red_flags: [...]    │

The Three-Layer Report

Most token scanners give you a number. I wanted more:

Layer	For	Content
Action	Machines	is_safe (bool), risk_score (0-100), risk_level (SAFE/LOW/MEDIUM/HIGH/CRITICAL)
Analysis	LLMs	Summary, red flags, green flags — in natural language the agent can reason about
Evidence	Humans	Raw numbers: liquidity, holder distribution, mint/freeze authority, price, volume

The agent can read the summary and make a decision, but a human can also verify the raw data to catch edge cases the rules might miss.

---

How the Risk Engine Works

I didn't want to rely on an LLM for the core judgment. LLMs are great for analysis, but they're inconsistent for binary safety decisions. Instead, I implemented 10 deterministic rules that have been validated against the real Solana ecosystem:

Critical Rules (any = extreme danger)

• Mintable (+40): Contract has active mint authority — owner can inflate supply at will
• LP Unprotected (+35): Liquidity pool is neither burned nor sufficiently locked
• Freezable (+30): Contract has freeze authority — owner can freeze any holder's tokens

High Rules

• Top 10 Concentrated (+25): Top 10 holders control >80% of supply
• Low Liquidity (+20): Less than $10K liquidity — easily manipulated
• Sell Pressure (+15): 24h sells >3x buys — possible coordinated dump

Medium Rules

• Very New Pair (+10): Trading pair created <24 hours ago
• Low Volume (+5): 24h volume <$1,000

Low Rules (informational)

• Metadata Mutable (+3): Token metadata can be changed (common on Solana)
• Closable (+3): Contract has close authority (usually for rent reclamation)

Liquidity exemption: Tokens with ≥$1M liquidity are exempt from LP-protection and holder-concentration rules. High liquidity itself is a strong anti-rug signal for established tokens like BONK, WIF, and JUP.

---

Pricing: $0.02 USDC Per Audit

The service costs $0.02 USDC per audit, powered by ag402 — a payment layer that implements Coinbase's x402 protocol on Solana.

Why this price point?

• It's 50% cheaper than the closest competitor (rug-munch-mcp charges $0.04 for basic checks)
• It's enough to prevent spam/abuse but not so high that users hesitate
• It's automated: the AI agent pays automatically via the x402 protocol, no API keys required

There's also a free tier: 20 requests per IP per day, for users who just want to check a few tokens.

---

Integration: One Line of Code

The whole point is that the agent actually uses it before trading. Here's what that looks like in practice:

import ag402_core
ag402_core.enable()  # Auto-handles 402 → pay → retry

async with httpx.AsyncClient() as client:
    resp = await client.get(
        "https://rugcheck.aethercore.dev/v1/audit/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263"
    )
    report = resp.json()

    if report["action"]["is_safe"]:
        # Execute the trade
        await execute_trade(report["action"]["risk_score"])
    else:
        print(f"SKIPPED — {report['analysis']['summary']}")
        for flag in report["analysis"]["red_flags"]:
            print(f"  🚩 {flag['message']}")

The agent receives the report, reads the summary, and makes a decision. The safety check is no longer optional — it's built into the flow.

---

What I Got Wrong (And Fixed)

Building this taught me some hard lessons:

1. Data source priority matters: I initially merged data arbitrarily, but discovered RugCheck's liquidity data is more reliable than DexScreener's for older pairs, while DexScreener has better real-time volume data. I now use a priority merge: RugCheck → DexScreener → GoPlus.

2. Graceful degradation is critical: If all three upstream APIs fail, returning is_safe: true would be catastrophic. I now return a degraded report with risk_score: 100 and a warning when all sources fail, forcing human intervention.

3. Solana's "closable" is misunderstood: Many scanners flag "closable" as HIGH risk, but on Solana this typically refers to rent reclamation, not token theft. I demoted it to LOW.

4. Cache TTL matters for rug pulls: By the time a rug pull happens, the token's data might still be cached. I use a 3-second TTL for non-degraded reports and a 10-second TTL for degraded reports — short enough to catch rapid changes, long enough to reduce upstream API load.

---

The Bigger Picture

This isn't just about my tool. It's about a fundamental capability gap: AI agents can execute financial transactions but can't verify if they're safe.

We're building trillion-dollar agent economies, but the safety infrastructure is missing. Before agents can trade autonomously, they need:

• ✅ Identity verification (who owns the wallet?)
• ✅ Risk assessment (is this token a scam?)
• ✅ Limit enforcement (how much can I lose?)

Token RugCheck solves the second problem. What's next — wallet reputation scoring? Transaction simulation? I'd love to hear what you'd build on top.

---

Try It Now

No signup required. 20 free audits per day:

curl https://rugcheck.aethercore.dev/v1/audit/DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263

Or install the MCP server and give your AI agent autonomous audit capabilities:

pip install "ag402-core[crypto]" httpx
python -m rugcheck.main &  # Start the server

The code is open source (MIT). Build on it. Break it. Improve it.

• GitHub: AetherCore-Dev/token-rugcheck
• Live API: rugcheck.aethercore.dev
• Glama: glama.ai/mcp/servers/AetherCore-Dev/token-rugcheck

---

Disclaimer: Not financial advice. Automated token analysis has limitations — always do your own research.