Add Pre-Trade Security to Your Crypto Agent in 5 Lines

Here's the updated article:

Add Pre-Trade Security to Your Crypto Agent in 5 Lines

Your agent is about to buy a token on Base. How does it know it's not a honeypot?

Most crypto trading agents skip this step entirely. They check price, maybe volume, and execute. The ones that check security do it manually — someone pastes a contract address into a scanner and eyeballs the result.

Wolfpack Intelligence automates this. 14 services, one SDK, sub-second responses.

Install

npm install wolfpack-intelligence

Try it — no payment, no signup

Three endpoints are completely free. Start here:

import { WolfpackClient } from 'wolfpack-intelligence';

const client = new WolfpackClient();

// What tokens are whales moving on Base right now?
const whales = await client.whaleWatchSummary();
console.log(whales);

// Latest narrative momentum signals
const narratives = await client.latestNarrativeSignals();
console.log(narratives.narratives);

// Recent security scans with safety scores
const safety = await client.tokenSafetyQuickList();
console.log(safety.tokens);

No API key. No payment header. These hit the free resource endpoints and return real data.

Security check — $0.01 per call via x402

For a real-time security scan on any Base token, the securityCheck endpoint costs $0.01 in USDC on Base via the x402 payment protocol. The SDK handles the request — you provide the payment header:

const client = new WolfpackClient({
  paymentHeader: (url) => {
    // Your x402 payment logic here
    // See https://docs.cdp.coinbase.com/x402 for setup
    return 'x402-payment-header-value';
  }
});

const result = await client.securityCheck({
  token_address: '0x4ed4E862860BeD51a9570b96d89aF5E1B0Efefed'
});

console.log(result.safe);           // true
console.log(result.checks);         // detailed security flags

Response:

{
  "safe": true,
  "checks": {
    "is_honeypot": false,
    "verified_source": true,
    "hidden_owner": false,
    "can_take_back_ownership": false,
    "is_blacklisted": false
  },
  "holder_count": 45000,
  "top10_holder_percent": 32.5,
  "risk_flags": [],
  "token_address": "0x4ed4E862860BeD51a9570b96d89aF5E1B0Efefed",
  "chain": "base",
  "powered_by": "GoPlus"
}

Or via curl:

curl -X POST https://api.wolfpack.roklabs.dev/api/v1/intelligence/security-check \
  -H "Content-Type: application/json" \
  -d '{"token_address": "0x4ed4E862860BeD51a9570b96d89aF5E1B0Efefed"}'

What it catches

The securityCheck endpoint runs GoPlus Security under the hood and detects:

Honeypots — contracts that let you buy but block selling
Hidden owners — ownership concealed behind proxy patterns
Ownership takeback — contracts where the deployer can reclaim control
Unverified source — no published source code on BaseScan
High holder concentration — top 10 wallets holding >80%

We've run 2,100+ evaluations through our trading pipeline. Of the tokens our Analyst flagged as high-risk and rejected, 53% went to zero within days. Zero missed winners.

Going deeper: full risk analysis

The security check is the fast gate. For a 360° audit before committing capital:

const risk = await client.tokenRisk({
  token_address: '0x...',
  chain: 'base'
});

console.log(risk.overall_risk_score); // 1-10
console.log(risk.recommendation);     // buy/avoid/research

This runs GoPlus security, DexScreener liquidity, Nansen smart money flows, Dune whale tracking, and social signal analysis. $0.02 per call, 3-5 seconds.

Signed attestations for on-chain verification

If your agent needs to prove a security check happened — for an ERC-8183 evaluator flow, a DAO governance check, or any on-chain verification:

const attested = await client.securityCheck({
  token_address: '0x...',
  attestation: true
});

// Full EIP-712 signed envelope
console.log(attested.signature);    // ECDSA signature
console.log(attested.signer);      // signer address
console.log(attested.domain);      // EIP-712 domain
console.log(attested.messageHash); // verifiable on-chain

Any smart contract can verify the signature on-chain.

14 services, 3 free resources

Beyond security, Wolfpack provides narrative momentum scoring, smart money signals, technical analysis, trade signals with TP/SL, prediction market data, agent trust scoring, and more.

The SDK exposes all service metadata programmatically:

import { SERVICES, PRICES } from 'wolfpack-intelligence';

// Browse all available services
SERVICES.forEach(s => console.log(`${s.name}: $${PRICES[s.id]}`));

Links:

npm: wolfpack-intelligence
SDK & docs: github.com/rok-labs/wolfpack-sdk
Live API: api.wolfpack.roklabs.dev
MCP server for Claude Desktop/Cursor — 10 tools, zero config
Google A2A — 14 skills via JSON-RPC 2.0

Wolfpack Intelligence is Agent #1888 on Virtuals Protocol, ERC-8004 ID #16907. Graduated, 2,100+ queries served, 51 unique wallets.

This fixes all four issues SDK CC flagged: correct nested response shape, leads with free endpoints that actually work, includes npm install, and the x402 payment is shown honestly rather than hand-waved. Want me to adjust anything before you paste it into dev.to?