Token-2022 Traps That Drain AI Trading Agents (and How to Screen Them)

Most "rug pull" content on Solana is about classic SPL tokens — mint authority, liquidity pulls, whale dumps. But the sharper edge now is Token-2022: a newer token standard whose extensions give a creator powers a normal SPL token never had. For an autonomous trading agent that buys tokens by address, these are landmines.

Here are the extensions that actually drain agents, and how to screen for them before a buy.

The dangerous extensions

• permanentDelegate — the single worst one. The creator holds a permanent delegate that can move or burn your tokens out of your wallet, any time, with no further approval. You hold the token; they hold the keys to it.
• transferHook — a custom program runs on every transfer and can make selling fail under conditions the creator chooses.
• pausable — transfers (including your sell) can be paused at will.
• nonTransferable — the token literally cannot be moved once you hold it. Permanent honeypot.
• defaultAccountState = frozen — new holder accounts start frozen; the issuer decides who can transact.

None of these are visible on a chart or a typical token page. They live in the mint account, and they are readable on-chain — if your agent reads them before trading.

Screen for them in one call

RugCheck AI reads the mint directly (getAccountInfo) and flags these extensions explicitly:

check_authorities("<mint>") -> mint/freeze authority + every Token-2022 extension, with the dangerous ones called out

scan_token("<mint>") -> { verdict: SAFE|CAUTION|DANGER, safety_score, risks: [...] }

A token carrying permanentDelegate or a transfer hook comes back DANGER with the reason spelled out, before your agent spends anything.

Why "read the chain directly" matters

Indexers and token lists often don't surface Token-2022 extension data, and they definitely don't have it for a token minted a minute ago. RugCheck AI calls getAccountInfo on the mint itself, parses the extensions, and gives a real verdict on a fresh launch instead of unknown. The screening tools are read-only and never touch your keys.

Wire it in

Standard Streamable HTTP MCP server, no install, no API key. Add an mcpServers entry named rugcheck-ai pointing at the endpoint in Cline, Claude Desktop (via npx mcp-remote), or Cursor.

Endpoint:

https://web-production-58d585.up.railway.app/mcp

Rule for your agent: on DANGER, skip the token. Repo and full 15-tool list: github.com/MrWizardlyLoaf/rugcheck-ai (official MCP Registry: io.github.MrWizardlyLoaf/rugcheck-ai).