Stop your AI trading bot from getting rugged.
The Problem: Your Bot Can't Tell a Rug Pull from a Blue Chip
If you're building AI agents that interact with Solana DeFi — sniping pools, executing swaps, managing portfolios — you have a fundamental problem: your agent has no way to evaluate token safety before committing capital.
Existing tools like RugCheck and GoPlus check metadata. That's table stakes. The real rug pulls don't happen in metadata — they happen in the on-chain byte structure of the token mint account. An active freeze authority. A live mint authority. Supply concentration in a single wallet. These are the mechanisms that drain your LP in seconds.
I built SicariusGuard to solve this — a Solana token safety oracle that AI agents can call natively via the Model Context Protocol (MCP).
Architecture: 7 Layers of Defense
SicariusGuard doesn't just check one thing. It runs every token through 7 independent safety layers and produces a composite risk score:
Layer 1: SPL Mint Deserialization
Direct byte-level parsing of the Solana SPL token mint account. Not an API call — raw getAccountInfo data, deserialized against the SPL token layout:
// Raw 82-byte SPL Token Mint layout
// Bytes 0-3: Mint Authority Option (COption<Pubkey>)
// Bytes 4-35: Mint Authority Pubkey
// Bytes 36-43: Supply (u64, little-endian)
// Bytes 44-44: Decimals (u8)
// Bytes 45-45: isInitialized (bool)
// Bytes 46-49: Freeze Authority Option (COption<Pubkey>)
// Bytes 50-81: Freeze Authority Pubkey
This catches what metadata scrapers miss: a token can have a clean description, verified logo, and still have an active mint authority that lets the creator inflate supply to zero.
Layer 2: Authority Analysis
- Freeze Authority: Can the creator freeze your tokens in-place? If COption equals 1, it's active.
- Mint Authority: Can the creator print unlimited tokens? Same check.
- Upgrade Authority: For program-owned tokens, can the contract be rewritten?
Layer 3: Supply Distribution
Query the top holders via Helius DAS API. If any single wallet holds more than 50% of circulating supply, that's a ticking time bomb. The risk scoring scales non-linearly.
Layer 4: Liquidity Depth (Birdeye)
Pull real-time liquidity data from Birdeye:
- Total liquidity in USD
- 24h volume
- Volume-to-liquidity ratio (low ratio means you can't exit)
- Price change velocity
A token with $500 in liquidity and $10K in market cap is a mathematical certainty of a rug.
Layer 5: Holder Analysis
- Total unique holders
- Holder growth velocity (new holders/hour)
- Concentration metrics (Gini coefficient on top 10 wallets)
Layer 6: Metadata Validation
- Token metadata account exists and is valid
- URI points to real content (not a dead IPFS hash)
- Name/symbol don't match known scam patterns
Layer 7: Composite Risk Scoring
All layers feed into a weighted scoring model that produces:
- Risk Score: 0.0 (safe) to 10.0 (certain scam)
- Verdict: SAFE, CAUTION, DANGEROUS, or CRITICAL
- Individual Flags: Array of specific risk indicators with severity
The MCP Integration: Why AI Agents Need This
The Model Context Protocol (MCP) is an open standard for connecting AI models to external tools. Instead of hardcoding API calls, your AI agent discovers and invokes tools through a standardized protocol.
SicariusGuard implements MCP's stdio transport. Any MCP-compatible client (Claude Desktop, Cursor, Cline, etc.) can install it with one command:
npx sicarius-guard
Once connected, the agent gets access to these tools:
| Tool | What it does |
|---|---|
| check_token | Quick safety check returns verdict and risk score |
| scan_token | Deep 7-layer analysis with all flags |
| check_pricing | Birdeye market data (price, volume, liquidity) |
| get_risk_report | Full report with actionable recommendations |
Real-World Agent Workflow
User: "Swap 10 SOL for token XYZ123..."
Agent: [calls check_token("XYZ123...")]
SicariusGuard: { verdict: "CRITICAL", risk: 9.2 }
Agent: "I checked token XYZ123 and it's extremely dangerous."
Without SicariusGuard, the agent would have blindly executed the swap.
Production Deployment
SicariusGuard runs on Google Cloud Run with:
- Rate limiting: 100 free scans/day per IP (Upstash Redis)
- SEO: robots.txt, sitemap.xml, OpenGraph meta tags
- Monitoring: Cloud Run structured logging with request attribution
- CI/CD: GitHub Actions to Cloud Run deployment pipeline
The API is publicly accessible with no API key needed for the free tier.
What's Next
- EVM chain support (Ethereum, Base, Arbitrum)
- Historical rug pattern matching
- Real-time websocket alerts for watched tokens
- Integration with Jupiter/Raydium for pre-swap safety gates
Try It
npx sicarius-guard
GitHub: https://github.com/Chronolapse411/sicarius-guard
Glama: https://glama.ai/mcp/servers/Chronolapse411/sicarius-guard
MIT Licensed. Star it if you build on Solana.
Top comments (0)