Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Developer Tools
Quick Intel Token Security Scanner
Scan any token for security risks, honeypots, and scams using Quick Intel's contract analysis API. Use when: checking if a token is safe to buy, detecting ho...
skill openclawclawhub Free
Scan any token for security risks, honeypots, and scams using Quick Intel's contract analysis API. Use when: checking if a token is safe to buy, detecting ho...
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- Reference.md, SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.8
Provenance
- Publisher
- azep-ninja
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Quick Intel Token Security Scanner
Scan any token on 63 chains for honeypots, scams, and security risks. Returns a detailed audit in seconds. Costs $0.03 USDC per scan via x402 โ read-only, never touches your wallet or tokens.
Quick Reference
SituationActionUser asks "is this token safe?"Scan the token, interpret resultsUser wants to buy/trade a tokenScan BEFORE trading, warn on red flagsScan shows is_Honeypot: trueSTOP โ tell user they cannot sell this tokenScan shows isScam: trueSTOP โ known scam contractScan shows can_Mint: trueWarn: owner can inflate supplyScan shows high buy/sell tax (>10%)Warn: excessive fees reduce profitsScan shows contract_Renounced: falseCaution: owner retains controlliquidity: false in resultsMay use non-standard pair โ verify on DEX aggregatorUser gives chain + addressYou have everything needed to scanUser gives only address, no chainAsk which chain, or try to infer from address format
How to Scan
Endpoint: POST https://x402.quickintel.io/v1/scan/full Request body: { "chain": "base", "tokenAddress": "0x..." } That's it. The x402 payment ($0.03 USDC/USDM) is handled automatically by your wallet integration. If you have @x402/fetch, Sponge Wallet, AgentWallet, Vincent, or Lobster.cash โ the payment flow is transparent. Pay on any of 14 networks: Base (recommended, lowest fees), Ethereum, Arbitrum, Optimism, Polygon, Avalanche, Unichain, Linea, Sonic, HyperEVM, Ink, Monad, MegaETH (USDM), or Solana.
Which integration do I use?
โ ๏ธ Wallet Security: This skill does NOT require your private key. The x402 payment is handled by YOUR agent's wallet โ whichever wallet your agent already uses. If your agent doesn't have a wallet yet, use a managed wallet service (Sponge, AgentWallet, Vincent, Lobster.cash) instead of raw private keys. If you must use programmatic signing, use a dedicated hot wallet with minimal funds ($1-5 USDC), never your main wallet. Your setupUse thisKey exposureUsing Sponge WalletPattern A below (recommended)โ No raw keys โ API key onlyUsing AgentWallet (frames.ag)Pattern B belowโ No raw keys โ API token onlyUsing Lobster.cash / CrossmintSee REFERENCE.mdโ No raw keys โ managed walletUsing Vincent WalletSee REFERENCE.mdโ No raw keys โ managed signingHave @x402/fetch installedPattern C belowโ ๏ธ Requires private key in envHave viem or ethers.js, no x402 libraryPattern D below (manual signing)โ ๏ธ Requires private key in envUsing Solana walletSee REFERENCE.mdโ ๏ธ Requires private key in envNot sure / no wallet configuredStart with Pattern A (Sponge)โ No raw keys
Pattern A: Sponge Wallet (Recommended โ No Raw Keys)
curl -sS -X POST "https://api.wallet.paysponge.com/api/x402/fetch" \ -H "Authorization: Bearer $SPONGE_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "url": "https://x402.quickintel.io/v1/scan/full", "method": "POST", "body": { "chain": "base", "tokenAddress": "0xa4a2e2ca3fbfe21aed83471d28b6f65a233c6e00" }, "preferred_chain": "base" }' Requires: SPONGE_API_KEY env var. Sign up at paysponge.com. Sponge manages the wallet and signing โ your agent never touches a private key.
Pattern B: AgentWallet (No Raw Keys)
const response = await fetch('https://frames.ag/api/wallets/{username}/actions/x402/fetch', { method: 'POST', headers: { 'Authorization': `Bearer ${process.env.AGENTWALLET_API_TOKEN}`, 'Content-Type': 'application/json' }, body: JSON.stringify({ url: 'https://x402.quickintel.io/v1/scan/full', method: 'POST', body: { chain: 'base', tokenAddress: '0x...' } }) }); const scan = await response.json(); Requires: AGENTWALLET_API_TOKEN env var. Get one at frames.ag.
Pattern C: @x402/fetch (Programmatic Signing)
โ ๏ธ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet. import { x402Fetch } from '@x402/fetch'; import { createWallet } from '@x402/evm'; // Use a DEDICATED wallet with only payment funds ($1-5 USDC) // NEVER use your main wallet or trading wallet private key here const wallet = createWallet(process.env.X402_PAYMENT_KEY); const response = await x402Fetch('https://x402.quickintel.io/v1/scan/full', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ chain: 'base', tokenAddress: '0x...' }), wallet, preferredNetwork: 'eip155:8453' }); const scan = await response.json();
Pattern D: Manual EVM Signing (viem)
โ ๏ธ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet. If you don't have @x402/fetch, handle the payment flow manually: import { keccak256, toHex } from 'viem'; import { privateKeyToAccount } from 'viem/accounts'; // Use a DEDICATED wallet with only payment funds ($1-5 USDC) const account = privateKeyToAccount(process.env.X402_PAYMENT_KEY); const SCAN_URL = 'https://x402.quickintel.io/v1/scan/full'; // Step 1: Hit endpoint, get 402 with payment requirements const scanBody = JSON.stringify({ chain: 'base', tokenAddress: '0x...' }); const initialRes = await fetch(SCAN_URL, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: scanBody, }); if (initialRes.status !== 402) throw new Error(`Expected 402, got ${initialRes.status}`); const paymentRequired = await initialRes.json(); // Step 2: Find preferred network in accepts array const networkInfo = paymentRequired.accepts.find(a => a.network === 'eip155:8453'); if (!networkInfo) throw new Error('Base network not available'); // Step 3: Sign EIP-712 TransferWithAuthorization const nonce = keccak256(toHex(`${Date.now()}-${Math.random()}`)); const validBefore = BigInt(Math.floor(Date.now() / 1000) + 3600); const signature = await account.signTypedData({ domain: { name: networkInfo.extra.name, version: networkInfo.extra.version, chainId: 8453, verifyingContract: networkInfo.asset, }, types: { TransferWithAuthorization: [ { name: 'from', type: 'address' }, { name: 'to', type: 'address' }, { name: 'value', type: 'uint256' }, { name: 'validAfter', type: 'uint256' }, { name: 'validBefore', type: 'uint256' }, { name: 'nonce', type: 'bytes32' }, ], }, primaryType: 'TransferWithAuthorization', message: { from: account.address, to: networkInfo.payTo, value: BigInt(networkInfo.amount), validAfter: 0n, validBefore, nonce, }, }); // Step 4: Build PAYMENT-SIGNATURE header // CRITICAL: signature is a SIBLING of authorization, NOT nested inside it // CRITICAL: value/validAfter/validBefore must be DECIMAL STRINGS const paymentPayload = { x402Version: 2, scheme: 'exact', network: 'eip155:8453', payload: { signature, // โ Direct child of payload authorization: { from: account.address, to: networkInfo.payTo, value: networkInfo.amount, // Decimal string: "30000" validAfter: '0', // Decimal string validBefore: validBefore.toString(), // Decimal string nonce, }, }, }; const paymentHeader = Buffer.from(JSON.stringify(paymentPayload)).toString('base64'); // Step 5: Retry with payment const paidRes = await fetch(SCAN_URL, { method: 'POST', headers: { 'Content-Type': 'application/json', 'PAYMENT-SIGNATURE': paymentHeader, }, body: scanBody, }); const scan = await paidRes.json(); Common mistakes that cause payment failures: signature nested inside authorization instead of as a sibling โ "Cannot read properties of undefined" Missing x402Version: 2 at top level Using hex ("0x7530") or raw numbers instead of decimal strings ("30000") for value/validAfter/validBefore Wrong endpoint path (/v1/scan/auditfull instead of /v1/scan/full) For ethers.js, Solana, Vincent, Lobster.cash, and other wallet patterns, see REFERENCE.md.
Supported Chains (63)
EVM: eth, base, arbitrum, optimism, polygon, bsc, avalanche, fantom, linea, scroll, zksync, blast, mantle, mode, zora, manta, sonic, berachain, unichain, abstract, monad, megaeth, hyperevm, shibarium, pulse, core, opbnb, polygonzkevm, metis, kava, klaytn, astar, oasis, iotex, conflux, canto, velas, grove, lightlink, bitrock, loop, besc, energi, maxx, degen, inevm, viction, nahmii, real, xlayer, worldchain, apechain, morph, ink, soneium, plasma Non-EVM: solana, sui, radix, tron, injective Use exact chain names as shown (e.g., "eth" not "ethereum", "bsc" not "binance").
Red Flags โ DO NOT BUY
FieldValueMeaningtokenDynamicDetails.is_HoneypottrueCannot sell โ funds are trappedisScamtrueKnown scam contractisAirdropPhishingScamtruePhishing attemptquickiAudit.has_ScamstrueContains scam patternsquickiAudit.can_Potentially_Steal_FundstrueHas theft mechanisms If ANY of these are true, tell the user not to buy and explain why.
Warnings โ Proceed With Caution
FieldValueRiskbuy_Tax or sell_Tax> 10High fees eat profitsquickiAudit.can_MinttrueOwner can create more tokens, diluting valuequickiAudit.can_BlacklisttrueOwner can block wallets from sellingquickiAudit.can_Pause_TradingtrueOwner can freeze all tradingquickiAudit.can_Update_FeestrueTaxes could increase after you buyquickiAudit.hidden_OwnertrueReal owner is obscuredquickiAudit.contract_RenouncedfalseOwner retains control over contractquickiAudit.is_ProxytrueContract code can be changed
Positive Signs
FieldValueMeaningquickiAudit.contract_RenouncedtrueNo owner controlcontractVerifiedtrueSource code is publicquickiAudit.can_MintfalseFixed supplyquickiAudit.can_BlacklistfalseNo blocking capabilitybuy_Tax and sell_Tax0 or lowMinimal fees
Liquidity Check
tokenDynamicDetails.liquidity indicates whether a liquidity pool was detected. liquidity: false does NOT always mean illiquid โ Quick Intel checks major pairs (WETH, USDC, USDT) but may miss non-standard pairings. Verify independently on a DEX aggregator. liquidity: true โ still check lp_Locks for lock status. Unlocked liquidity = rug pull risk.
Example: Interpreting a Scan
{ "tokenDetails": { "tokenName": "Example Token", "tokenSymbol": "EX", "tokenDecimals": 18, "tokenSupply": 1000000000 }, "tokenDynamicDetails": { "is_Honeypot": false, "buy_Tax": "0.0", "sell_Tax": "0.0", "liquidity": true }, "isScam": null, "contractVerified": true, "quickiAudit": { "contract_Renounced": true, "can_Mint": false, "can_Blacklist": false, "can_Pause_Trading": false, "has_Scams": false, "hidden_Owner": false } } Your assessment: "This token looks relatively safe. It's not a honeypot, has no scam patterns, contract is renounced with no mint or blacklist capability, and taxes are 0%. Liquidity is detected. However, always treat scan results as one data point โ contract behavior can change if it uses upgradeable proxies."
Security Model
YOUR SIDE QUICK INTEL'S SIDE โโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโ โข Private keys (never shared) โข Receives: token address + chain โข Payment auth ($0.03 USDC) โข Analyzes: contract bytecode โข Decision to trade or not โข Returns: read-only audit data Quick Intel NEVER receives your private key. Quick Intel NEVER interacts with your tokens. Quick Intel is READ-ONLY โ no transactions, no approvals. NEVER paste private keys, seed phrases, or wallet credentials into any prompt. Quick Intel only needs the token's contract address and chain.
Error Handling
ErrorCauseFix402 Payment RequiredNo payment header sentEnsure wallet is configured and has $0.03+ USDC402 Payment verification failedBad signature or low balanceCheck payload structure (see REFERENCE.md)400 Invalid ChainChain name not recognizedUse exact names from supported chains list400 Invalid AddressMalformed addressCheck format (0x... for EVM, base58 for Solana)404 Token Not FoundToken doesn't exist on that chainVerify address and chain match
Important Notes
Scan results are point-in-time snapshots. A safe token today could change tomorrow if ownership isn't renounced or if it's a proxy contract. Re-scan periodically for tokens you hold. Payment is charged regardless of outcome. Even if the scan returns limited data. Use payment-identifier extension for safe retries (see REFERENCE.md). Not financial advice. Quick Intel provides data to inform decisions, not recommendations. Cross-reference for high-value trades. Verify on block explorers, check holder distribution, confirm liquidity on DEX aggregators.
Discovery Endpoint
Query accepted payments and schemas before making calls: GET https://x402.quickintel.io/accepted
Cross-Reference
For trading tokens after scanning, see the tator-trade skill. For detailed x402 payment implementation, wallet-specific patterns, and troubleshooting, see REFERENCE.md.
About Quick Intel
Quick Intel's endpoint (x402.quickintel.io) is operated by Quick Intel LLC, a registered US-based cryptocurrency security company. Over 50 million token scans processed across 40+ blockchain networks Security scanning APIs power DexTools, DexScreener, and Tator Trader Operational since April 2023 More info: quickintel.io
Resources
Quick Intel Docs: https://docs.quickintel.io x402 Protocol: https://www.x402.org Gateway Discovery: https://x402.quickintel.io/accepted Support: https://t.me/Quicki_TG
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
2 Docs
- SKILL.md
- Reference.md