{ "schemaVersion": "1.0", "item": { "slug": "quickintel-scan", "name": "Quick Intel Token Security Scanner", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/azep-ninja/quickintel-scan", "canonicalUrl": "https://clawhub.ai/azep-ninja/quickintel-scan", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/quickintel-scan", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=quickintel-scan", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "Reference.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "quickintel-scan", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T18:53:56.652Z", "expiresAt": "2026-05-14T18:53:56.652Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=quickintel-scan", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=quickintel-scan", "contentDisposition": "attachment; filename=\"quickintel-scan-1.0.8.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "quickintel-scan" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/quickintel-scan" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/quickintel-scan", "agentPageUrl": "https://openagent3.xyz/skills/quickintel-scan/agent", "manifestUrl": "https://openagent3.xyz/skills/quickintel-scan/agent.json", "briefUrl": "https://openagent3.xyz/skills/quickintel-scan/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Quick Intel Token Security Scanner", "body": "Scan any token on 63 chains for honeypots, scams, and security risks. Returns a detailed audit in seconds. Costs $0.03 USDC per scan via x402 — read-only, never touches your wallet or tokens." }, { "title": "Quick Reference", "body": "SituationActionUser asks \"is this token safe?\"Scan the token, interpret resultsUser wants to buy/trade a tokenScan BEFORE trading, warn on red flagsScan shows is_Honeypot: trueSTOP — tell user they cannot sell this tokenScan shows isScam: trueSTOP — known scam contractScan shows can_Mint: trueWarn: owner can inflate supplyScan shows high buy/sell tax (>10%)Warn: excessive fees reduce profitsScan shows contract_Renounced: falseCaution: owner retains controlliquidity: false in resultsMay use non-standard pair — verify on DEX aggregatorUser gives chain + addressYou have everything needed to scanUser gives only address, no chainAsk which chain, or try to infer from address format" }, { "title": "How to Scan", "body": "Endpoint: POST https://x402.quickintel.io/v1/scan/full\n\nRequest body:\n\n{\n \"chain\": \"base\",\n \"tokenAddress\": \"0x...\"\n}\n\nThat's it. The x402 payment ($0.03 USDC/USDM) is handled automatically by your wallet integration. If you have @x402/fetch, Sponge Wallet, AgentWallet, Vincent, or Lobster.cash — the payment flow is transparent. Pay on any of 14 networks: Base (recommended, lowest fees), Ethereum, Arbitrum, Optimism, Polygon, Avalanche, Unichain, Linea, Sonic, HyperEVM, Ink, Monad, MegaETH (USDM), or Solana." }, { "title": "Which integration do I use?", "body": "⚠️ Wallet Security: This skill does NOT require your private key. The x402 payment is handled by YOUR agent's wallet — whichever wallet your agent already uses. If your agent doesn't have a wallet yet, use a managed wallet service (Sponge, AgentWallet, Vincent, Lobster.cash) instead of raw private keys. If you must use programmatic signing, use a dedicated hot wallet with minimal funds ($1-5 USDC), never your main wallet.\n\nYour setupUse thisKey exposureUsing Sponge WalletPattern A below (recommended)✅ No raw keys — API key onlyUsing AgentWallet (frames.ag)Pattern B below✅ No raw keys — API token onlyUsing Lobster.cash / CrossmintSee REFERENCE.md✅ No raw keys — managed walletUsing Vincent WalletSee REFERENCE.md✅ No raw keys — managed signingHave @x402/fetch installedPattern C below⚠️ Requires private key in envHave viem or ethers.js, no x402 libraryPattern D below (manual signing)⚠️ Requires private key in envUsing Solana walletSee REFERENCE.md⚠️ Requires private key in envNot sure / no wallet configuredStart with Pattern A (Sponge)✅ No raw keys" }, { "title": "Pattern A: Sponge Wallet (Recommended — No Raw Keys)", "body": "curl -sS -X POST \"https://api.wallet.paysponge.com/api/x402/fetch\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"url\": \"https://x402.quickintel.io/v1/scan/full\",\n \"method\": \"POST\",\n \"body\": {\n \"chain\": \"base\",\n \"tokenAddress\": \"0xa4a2e2ca3fbfe21aed83471d28b6f65a233c6e00\"\n },\n \"preferred_chain\": \"base\"\n }'\n\nRequires: SPONGE_API_KEY env var. Sign up at paysponge.com. Sponge manages the wallet and signing — your agent never touches a private key." }, { "title": "Pattern B: AgentWallet (No Raw Keys)", "body": "const response = await fetch('https://frames.ag/api/wallets/{username}/actions/x402/fetch', {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${process.env.AGENTWALLET_API_TOKEN}`,\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify({\n url: 'https://x402.quickintel.io/v1/scan/full',\n method: 'POST',\n body: { chain: 'base', tokenAddress: '0x...' }\n })\n});\nconst scan = await response.json();\n\nRequires: AGENTWALLET_API_TOKEN env var. Get one at frames.ag." }, { "title": "Pattern C: @x402/fetch (Programmatic Signing)", "body": "⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet.\n\nimport { x402Fetch } from '@x402/fetch';\nimport { createWallet } from '@x402/evm';\n\n// Use a DEDICATED wallet with only payment funds ($1-5 USDC)\n// NEVER use your main wallet or trading wallet private key here\nconst wallet = createWallet(process.env.X402_PAYMENT_KEY);\n\nconst response = await x402Fetch('https://x402.quickintel.io/v1/scan/full', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ chain: 'base', tokenAddress: '0x...' }),\n wallet,\n preferredNetwork: 'eip155:8453'\n});\n\nconst scan = await response.json();" }, { "title": "Pattern D: Manual EVM Signing (viem)", "body": "⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet.\n\nIf you don't have @x402/fetch, handle the payment flow manually:\n\nimport { keccak256, toHex } from 'viem';\nimport { privateKeyToAccount } from 'viem/accounts';\n\n// Use a DEDICATED wallet with only payment funds ($1-5 USDC)\nconst account = privateKeyToAccount(process.env.X402_PAYMENT_KEY);\nconst SCAN_URL = 'https://x402.quickintel.io/v1/scan/full';\n\n// Step 1: Hit endpoint, get 402 with payment requirements\nconst scanBody = JSON.stringify({ chain: 'base', tokenAddress: '0x...' });\nconst initialRes = await fetch(SCAN_URL, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: scanBody,\n});\n\nif (initialRes.status !== 402) throw new Error(`Expected 402, got ${initialRes.status}`);\nconst paymentRequired = await initialRes.json();\n\n// Step 2: Find preferred network in accepts array\nconst networkInfo = paymentRequired.accepts.find(a => a.network === 'eip155:8453');\nif (!networkInfo) throw new Error('Base network not available');\n\n// Step 3: Sign EIP-712 TransferWithAuthorization\nconst nonce = keccak256(toHex(`${Date.now()}-${Math.random()}`));\nconst validBefore = BigInt(Math.floor(Date.now() / 1000) + 3600);\n\nconst signature = await account.signTypedData({\n domain: {\n name: networkInfo.extra.name,\n version: networkInfo.extra.version,\n chainId: 8453,\n verifyingContract: networkInfo.asset,\n },\n types: {\n TransferWithAuthorization: [\n { name: 'from', type: 'address' },\n { name: 'to', type: 'address' },\n { name: 'value', type: 'uint256' },\n { name: 'validAfter', type: 'uint256' },\n { name: 'validBefore', type: 'uint256' },\n { name: 'nonce', type: 'bytes32' },\n ],\n },\n primaryType: 'TransferWithAuthorization',\n message: {\n from: account.address,\n to: networkInfo.payTo,\n value: BigInt(networkInfo.amount),\n validAfter: 0n,\n validBefore,\n nonce,\n },\n});\n\n// Step 4: Build PAYMENT-SIGNATURE header\n// CRITICAL: signature is a SIBLING of authorization, NOT nested inside it\n// CRITICAL: value/validAfter/validBefore must be DECIMAL STRINGS\nconst paymentPayload = {\n x402Version: 2,\n scheme: 'exact',\n network: 'eip155:8453',\n payload: {\n signature, // ← Direct child of payload\n authorization: {\n from: account.address,\n to: networkInfo.payTo,\n value: networkInfo.amount, // Decimal string: \"30000\"\n validAfter: '0', // Decimal string\n validBefore: validBefore.toString(), // Decimal string\n nonce,\n },\n },\n};\n\nconst paymentHeader = Buffer.from(JSON.stringify(paymentPayload)).toString('base64');\n\n// Step 5: Retry with payment\nconst paidRes = await fetch(SCAN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'PAYMENT-SIGNATURE': paymentHeader,\n },\n body: scanBody,\n});\n\nconst scan = await paidRes.json();\n\nCommon mistakes that cause payment failures:\n\nsignature nested inside authorization instead of as a sibling → \"Cannot read properties of undefined\"\nMissing x402Version: 2 at top level\nUsing hex (\"0x7530\") or raw numbers instead of decimal strings (\"30000\") for value/validAfter/validBefore\nWrong endpoint path (/v1/scan/auditfull instead of /v1/scan/full)\n\nFor ethers.js, Solana, Vincent, Lobster.cash, and other wallet patterns, see REFERENCE.md." }, { "title": "Supported Chains (63)", "body": "EVM: eth, base, arbitrum, optimism, polygon, bsc, avalanche, fantom, linea, scroll, zksync, blast, mantle, mode, zora, manta, sonic, berachain, unichain, abstract, monad, megaeth, hyperevm, shibarium, pulse, core, opbnb, polygonzkevm, metis, kava, klaytn, astar, oasis, iotex, conflux, canto, velas, grove, lightlink, bitrock, loop, besc, energi, maxx, degen, inevm, viction, nahmii, real, xlayer, worldchain, apechain, morph, ink, soneium, plasma\n\nNon-EVM: solana, sui, radix, tron, injective\n\nUse exact chain names as shown (e.g., \"eth\" not \"ethereum\", \"bsc\" not \"binance\")." }, { "title": "Red Flags — DO NOT BUY", "body": "FieldValueMeaningtokenDynamicDetails.is_HoneypottrueCannot sell — funds are trappedisScamtrueKnown scam contractisAirdropPhishingScamtruePhishing attemptquickiAudit.has_ScamstrueContains scam patternsquickiAudit.can_Potentially_Steal_FundstrueHas theft mechanisms\n\nIf ANY of these are true, tell the user not to buy and explain why." }, { "title": "Warnings — Proceed With Caution", "body": "FieldValueRiskbuy_Tax or sell_Tax> 10High fees eat profitsquickiAudit.can_MinttrueOwner can create more tokens, diluting valuequickiAudit.can_BlacklisttrueOwner can block wallets from sellingquickiAudit.can_Pause_TradingtrueOwner can freeze all tradingquickiAudit.can_Update_FeestrueTaxes could increase after you buyquickiAudit.hidden_OwnertrueReal owner is obscuredquickiAudit.contract_RenouncedfalseOwner retains control over contractquickiAudit.is_ProxytrueContract code can be changed" }, { "title": "Positive Signs", "body": "FieldValueMeaningquickiAudit.contract_RenouncedtrueNo owner controlcontractVerifiedtrueSource code is publicquickiAudit.can_MintfalseFixed supplyquickiAudit.can_BlacklistfalseNo blocking capabilitybuy_Tax and sell_Tax0 or lowMinimal fees" }, { "title": "Liquidity Check", "body": "tokenDynamicDetails.liquidity indicates whether a liquidity pool was detected.\n\nliquidity: false does NOT always mean illiquid — Quick Intel checks major pairs (WETH, USDC, USDT) but may miss non-standard pairings. Verify independently on a DEX aggregator.\nliquidity: true — still check lp_Locks for lock status. Unlocked liquidity = rug pull risk." }, { "title": "Example: Interpreting a Scan", "body": "{\n \"tokenDetails\": {\n \"tokenName\": \"Example Token\",\n \"tokenSymbol\": \"EX\",\n \"tokenDecimals\": 18,\n \"tokenSupply\": 1000000000\n },\n \"tokenDynamicDetails\": {\n \"is_Honeypot\": false,\n \"buy_Tax\": \"0.0\",\n \"sell_Tax\": \"0.0\",\n \"liquidity\": true\n },\n \"isScam\": null,\n \"contractVerified\": true,\n \"quickiAudit\": {\n \"contract_Renounced\": true,\n \"can_Mint\": false,\n \"can_Blacklist\": false,\n \"can_Pause_Trading\": false,\n \"has_Scams\": false,\n \"hidden_Owner\": false\n }\n}\n\nYour assessment: \"This token looks relatively safe. It's not a honeypot, has no scam patterns, contract is renounced with no mint or blacklist capability, and taxes are 0%. Liquidity is detected. However, always treat scan results as one data point — contract behavior can change if it uses upgradeable proxies.\"" }, { "title": "Security Model", "body": "YOUR SIDE QUICK INTEL'S SIDE\n───────────── ──────────────────\n• Private keys (never shared) • Receives: token address + chain\n• Payment auth ($0.03 USDC) • Analyzes: contract bytecode\n• Decision to trade or not • Returns: read-only audit data\n\nQuick Intel NEVER receives your private key.\nQuick Intel NEVER interacts with your tokens.\nQuick Intel is READ-ONLY — no transactions, no approvals.\n\nNEVER paste private keys, seed phrases, or wallet credentials into any prompt. Quick Intel only needs the token's contract address and chain." }, { "title": "Error Handling", "body": "ErrorCauseFix402 Payment RequiredNo payment header sentEnsure wallet is configured and has $0.03+ USDC402 Payment verification failedBad signature or low balanceCheck payload structure (see REFERENCE.md)400 Invalid ChainChain name not recognizedUse exact names from supported chains list400 Invalid AddressMalformed addressCheck format (0x... for EVM, base58 for Solana)404 Token Not FoundToken doesn't exist on that chainVerify address and chain match" }, { "title": "Important Notes", "body": "Scan results are point-in-time snapshots. A safe token today could change tomorrow if ownership isn't renounced or if it's a proxy contract. Re-scan periodically for tokens you hold.\nPayment is charged regardless of outcome. Even if the scan returns limited data. Use payment-identifier extension for safe retries (see REFERENCE.md).\nNot financial advice. Quick Intel provides data to inform decisions, not recommendations.\nCross-reference for high-value trades. Verify on block explorers, check holder distribution, confirm liquidity on DEX aggregators." }, { "title": "Discovery Endpoint", "body": "Query accepted payments and schemas before making calls:\n\nGET https://x402.quickintel.io/accepted" }, { "title": "Cross-Reference", "body": "For trading tokens after scanning, see the tator-trade skill.\nFor detailed x402 payment implementation, wallet-specific patterns, and troubleshooting, see REFERENCE.md." }, { "title": "About Quick Intel", "body": "Quick Intel's endpoint (x402.quickintel.io) is operated by Quick Intel LLC, a registered US-based cryptocurrency security company.\n\nOver 50 million token scans processed across 40+ blockchain networks\nSecurity scanning APIs power DexTools, DexScreener, and Tator Trader\nOperational since April 2023\nMore info: quickintel.io" }, { "title": "Resources", "body": "Quick Intel Docs: https://docs.quickintel.io\nx402 Protocol: https://www.x402.org\nGateway Discovery: https://x402.quickintel.io/accepted\nSupport: https://t.me/Quicki_TG" } ], "body": "Quick Intel Token Security Scanner\n\nScan any token on 63 chains for honeypots, scams, and security risks. Returns a detailed audit in seconds. Costs $0.03 USDC per scan via x402 — read-only, never touches your wallet or tokens.\n\nQuick Reference\nSituation\tAction\nUser asks \"is this token safe?\"\tScan the token, interpret results\nUser wants to buy/trade a token\tScan BEFORE trading, warn on red flags\nScan shows is_Honeypot: true\tSTOP — tell user they cannot sell this token\nScan shows isScam: true\tSTOP — known scam contract\nScan shows can_Mint: true\tWarn: owner can inflate supply\nScan shows high buy/sell tax (>10%)\tWarn: excessive fees reduce profits\nScan shows contract_Renounced: false\tCaution: owner retains control\nliquidity: false in results\tMay use non-standard pair — verify on DEX aggregator\nUser gives chain + address\tYou have everything needed to scan\nUser gives only address, no chain\tAsk which chain, or try to infer from address format\nHow to Scan\n\nEndpoint: POST https://x402.quickintel.io/v1/scan/full\n\nRequest body:\n\n{\n \"chain\": \"base\",\n \"tokenAddress\": \"0x...\"\n}\n\n\nThat's it. The x402 payment ($0.03 USDC/USDM) is handled automatically by your wallet integration. If you have @x402/fetch, Sponge Wallet, AgentWallet, Vincent, or Lobster.cash — the payment flow is transparent. Pay on any of 14 networks: Base (recommended, lowest fees), Ethereum, Arbitrum, Optimism, Polygon, Avalanche, Unichain, Linea, Sonic, HyperEVM, Ink, Monad, MegaETH (USDM), or Solana.\n\nWhich integration do I use?\n\n⚠️ Wallet Security: This skill does NOT require your private key. The x402 payment is handled by YOUR agent's wallet — whichever wallet your agent already uses. If your agent doesn't have a wallet yet, use a managed wallet service (Sponge, AgentWallet, Vincent, Lobster.cash) instead of raw private keys. If you must use programmatic signing, use a dedicated hot wallet with minimal funds ($1-5 USDC), never your main wallet.\n\nYour setup\tUse this\tKey exposure\nUsing Sponge Wallet\tPattern A below (recommended)\t✅ No raw keys — API key only\nUsing AgentWallet (frames.ag)\tPattern B below\t✅ No raw keys — API token only\nUsing Lobster.cash / Crossmint\tSee REFERENCE.md\t✅ No raw keys — managed wallet\nUsing Vincent Wallet\tSee REFERENCE.md\t✅ No raw keys — managed signing\nHave @x402/fetch installed\tPattern C below\t⚠️ Requires private key in env\nHave viem or ethers.js, no x402 library\tPattern D below (manual signing)\t⚠️ Requires private key in env\nUsing Solana wallet\tSee REFERENCE.md\t⚠️ Requires private key in env\nNot sure / no wallet configured\tStart with Pattern A (Sponge)\t✅ No raw keys\nPattern A: Sponge Wallet (Recommended — No Raw Keys)\ncurl -sS -X POST \"https://api.wallet.paysponge.com/api/x402/fetch\" \\\n -H \"Authorization: Bearer $SPONGE_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"url\": \"https://x402.quickintel.io/v1/scan/full\",\n \"method\": \"POST\",\n \"body\": {\n \"chain\": \"base\",\n \"tokenAddress\": \"0xa4a2e2ca3fbfe21aed83471d28b6f65a233c6e00\"\n },\n \"preferred_chain\": \"base\"\n }'\n\n\nRequires: SPONGE_API_KEY env var. Sign up at paysponge.com. Sponge manages the wallet and signing — your agent never touches a private key.\n\nPattern B: AgentWallet (No Raw Keys)\nconst response = await fetch('https://frames.ag/api/wallets/{username}/actions/x402/fetch', {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${process.env.AGENTWALLET_API_TOKEN}`,\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify({\n url: 'https://x402.quickintel.io/v1/scan/full',\n method: 'POST',\n body: { chain: 'base', tokenAddress: '0x...' }\n })\n});\nconst scan = await response.json();\n\n\nRequires: AGENTWALLET_API_TOKEN env var. Get one at frames.ag.\n\nPattern C: @x402/fetch (Programmatic Signing)\n\n⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet.\n\nimport { x402Fetch } from '@x402/fetch';\nimport { createWallet } from '@x402/evm';\n\n// Use a DEDICATED wallet with only payment funds ($1-5 USDC)\n// NEVER use your main wallet or trading wallet private key here\nconst wallet = createWallet(process.env.X402_PAYMENT_KEY);\n\nconst response = await x402Fetch('https://x402.quickintel.io/v1/scan/full', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ chain: 'base', tokenAddress: '0x...' }),\n wallet,\n preferredNetwork: 'eip155:8453'\n});\n\nconst scan = await response.json();\n\nPattern D: Manual EVM Signing (viem)\n\n⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet.\n\nIf you don't have @x402/fetch, handle the payment flow manually:\n\nimport { keccak256, toHex } from 'viem';\nimport { privateKeyToAccount } from 'viem/accounts';\n\n// Use a DEDICATED wallet with only payment funds ($1-5 USDC)\nconst account = privateKeyToAccount(process.env.X402_PAYMENT_KEY);\nconst SCAN_URL = 'https://x402.quickintel.io/v1/scan/full';\n\n// Step 1: Hit endpoint, get 402 with payment requirements\nconst scanBody = JSON.stringify({ chain: 'base', tokenAddress: '0x...' });\nconst initialRes = await fetch(SCAN_URL, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: scanBody,\n});\n\nif (initialRes.status !== 402) throw new Error(`Expected 402, got ${initialRes.status}`);\nconst paymentRequired = await initialRes.json();\n\n// Step 2: Find preferred network in accepts array\nconst networkInfo = paymentRequired.accepts.find(a => a.network === 'eip155:8453');\nif (!networkInfo) throw new Error('Base network not available');\n\n// Step 3: Sign EIP-712 TransferWithAuthorization\nconst nonce = keccak256(toHex(`${Date.now()}-${Math.random()}`));\nconst validBefore = BigInt(Math.floor(Date.now() / 1000) + 3600);\n\nconst signature = await account.signTypedData({\n domain: {\n name: networkInfo.extra.name,\n version: networkInfo.extra.version,\n chainId: 8453,\n verifyingContract: networkInfo.asset,\n },\n types: {\n TransferWithAuthorization: [\n { name: 'from', type: 'address' },\n { name: 'to', type: 'address' },\n { name: 'value', type: 'uint256' },\n { name: 'validAfter', type: 'uint256' },\n { name: 'validBefore', type: 'uint256' },\n { name: 'nonce', type: 'bytes32' },\n ],\n },\n primaryType: 'TransferWithAuthorization',\n message: {\n from: account.address,\n to: networkInfo.payTo,\n value: BigInt(networkInfo.amount),\n validAfter: 0n,\n validBefore,\n nonce,\n },\n});\n\n// Step 4: Build PAYMENT-SIGNATURE header\n// CRITICAL: signature is a SIBLING of authorization, NOT nested inside it\n// CRITICAL: value/validAfter/validBefore must be DECIMAL STRINGS\nconst paymentPayload = {\n x402Version: 2,\n scheme: 'exact',\n network: 'eip155:8453',\n payload: {\n signature, // ← Direct child of payload\n authorization: {\n from: account.address,\n to: networkInfo.payTo,\n value: networkInfo.amount, // Decimal string: \"30000\"\n validAfter: '0', // Decimal string\n validBefore: validBefore.toString(), // Decimal string\n nonce,\n },\n },\n};\n\nconst paymentHeader = Buffer.from(JSON.stringify(paymentPayload)).toString('base64');\n\n// Step 5: Retry with payment\nconst paidRes = await fetch(SCAN_URL, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'PAYMENT-SIGNATURE': paymentHeader,\n },\n body: scanBody,\n});\n\nconst scan = await paidRes.json();\n\n\nCommon mistakes that cause payment failures:\n\nsignature nested inside authorization instead of as a sibling → \"Cannot read properties of undefined\"\nMissing x402Version: 2 at top level\nUsing hex (\"0x7530\") or raw numbers instead of decimal strings (\"30000\") for value/validAfter/validBefore\nWrong endpoint path (/v1/scan/auditfull instead of /v1/scan/full)\n\nFor ethers.js, Solana, Vincent, Lobster.cash, and other wallet patterns, see REFERENCE.md.\n\nSupported Chains (63)\n\nEVM: eth, base, arbitrum, optimism, polygon, bsc, avalanche, fantom, linea, scroll, zksync, blast, mantle, mode, zora, manta, sonic, berachain, unichain, abstract, monad, megaeth, hyperevm, shibarium, pulse, core, opbnb, polygonzkevm, metis, kava, klaytn, astar, oasis, iotex, conflux, canto, velas, grove, lightlink, bitrock, loop, besc, energi, maxx, degen, inevm, viction, nahmii, real, xlayer, worldchain, apechain, morph, ink, soneium, plasma\n\nNon-EVM: solana, sui, radix, tron, injective\n\nUse exact chain names as shown (e.g., \"eth\" not \"ethereum\", \"bsc\" not \"binance\").\n\nReading Scan Results\nRed Flags — DO NOT BUY\nField\tValue\tMeaning\ntokenDynamicDetails.is_Honeypot\ttrue\tCannot sell — funds are trapped\nisScam\ttrue\tKnown scam contract\nisAirdropPhishingScam\ttrue\tPhishing attempt\nquickiAudit.has_Scams\ttrue\tContains scam patterns\nquickiAudit.can_Potentially_Steal_Funds\ttrue\tHas theft mechanisms\n\nIf ANY of these are true, tell the user not to buy and explain why.\n\nWarnings — Proceed With Caution\nField\tValue\tRisk\nbuy_Tax or sell_Tax\t> 10\tHigh fees eat profits\nquickiAudit.can_Mint\ttrue\tOwner can create more tokens, diluting value\nquickiAudit.can_Blacklist\ttrue\tOwner can block wallets from selling\nquickiAudit.can_Pause_Trading\ttrue\tOwner can freeze all trading\nquickiAudit.can_Update_Fees\ttrue\tTaxes could increase after you buy\nquickiAudit.hidden_Owner\ttrue\tReal owner is obscured\nquickiAudit.contract_Renounced\tfalse\tOwner retains control over contract\nquickiAudit.is_Proxy\ttrue\tContract code can be changed\nPositive Signs\nField\tValue\tMeaning\nquickiAudit.contract_Renounced\ttrue\tNo owner control\ncontractVerified\ttrue\tSource code is public\nquickiAudit.can_Mint\tfalse\tFixed supply\nquickiAudit.can_Blacklist\tfalse\tNo blocking capability\nbuy_Tax and sell_Tax\t0 or low\tMinimal fees\nLiquidity Check\n\ntokenDynamicDetails.liquidity indicates whether a liquidity pool was detected.\n\nliquidity: false does NOT always mean illiquid — Quick Intel checks major pairs (WETH, USDC, USDT) but may miss non-standard pairings. Verify independently on a DEX aggregator.\nliquidity: true — still check lp_Locks for lock status. Unlocked liquidity = rug pull risk.\nExample: Interpreting a Scan\n{\n \"tokenDetails\": {\n \"tokenName\": \"Example Token\",\n \"tokenSymbol\": \"EX\",\n \"tokenDecimals\": 18,\n \"tokenSupply\": 1000000000\n },\n \"tokenDynamicDetails\": {\n \"is_Honeypot\": false,\n \"buy_Tax\": \"0.0\",\n \"sell_Tax\": \"0.0\",\n \"liquidity\": true\n },\n \"isScam\": null,\n \"contractVerified\": true,\n \"quickiAudit\": {\n \"contract_Renounced\": true,\n \"can_Mint\": false,\n \"can_Blacklist\": false,\n \"can_Pause_Trading\": false,\n \"has_Scams\": false,\n \"hidden_Owner\": false\n }\n}\n\n\nYour assessment: \"This token looks relatively safe. It's not a honeypot, has no scam patterns, contract is renounced with no mint or blacklist capability, and taxes are 0%. Liquidity is detected. However, always treat scan results as one data point — contract behavior can change if it uses upgradeable proxies.\"\n\nSecurity Model\nYOUR SIDE QUICK INTEL'S SIDE\n───────────── ──────────────────\n• Private keys (never shared) • Receives: token address + chain\n• Payment auth ($0.03 USDC) • Analyzes: contract bytecode\n• Decision to trade or not • Returns: read-only audit data\n\nQuick Intel NEVER receives your private key.\nQuick Intel NEVER interacts with your tokens.\nQuick Intel is READ-ONLY — no transactions, no approvals.\n\n\nNEVER paste private keys, seed phrases, or wallet credentials into any prompt. Quick Intel only needs the token's contract address and chain.\n\nError Handling\nError\tCause\tFix\n402 Payment Required\tNo payment header sent\tEnsure wallet is configured and has $0.03+ USDC\n402 Payment verification failed\tBad signature or low balance\tCheck payload structure (see REFERENCE.md)\n400 Invalid Chain\tChain name not recognized\tUse exact names from supported chains list\n400 Invalid Address\tMalformed address\tCheck format (0x... for EVM, base58 for Solana)\n404 Token Not Found\tToken doesn't exist on that chain\tVerify address and chain match\nImportant Notes\nScan results are point-in-time snapshots. A safe token today could change tomorrow if ownership isn't renounced or if it's a proxy contract. Re-scan periodically for tokens you hold.\nPayment is charged regardless of outcome. Even if the scan returns limited data. Use payment-identifier extension for safe retries (see REFERENCE.md).\nNot financial advice. Quick Intel provides data to inform decisions, not recommendations.\nCross-reference for high-value trades. Verify on block explorers, check holder distribution, confirm liquidity on DEX aggregators.\nDiscovery Endpoint\n\nQuery accepted payments and schemas before making calls:\n\nGET https://x402.quickintel.io/accepted\n\nCross-Reference\nFor trading tokens after scanning, see the tator-trade skill.\nFor detailed x402 payment implementation, wallet-specific patterns, and troubleshooting, see REFERENCE.md.\nAbout Quick Intel\n\nQuick Intel's endpoint (x402.quickintel.io) is operated by Quick Intel LLC, a registered US-based cryptocurrency security company.\n\nOver 50 million token scans processed across 40+ blockchain networks\nSecurity scanning APIs power DexTools, DexScreener, and Tator Trader\nOperational since April 2023\nMore info: quickintel.io\nResources\nQuick Intel Docs: https://docs.quickintel.io\nx402 Protocol: https://www.x402.org\nGateway Discovery: https://x402.quickintel.io/accepted\nSupport: https://t.me/Quicki_TG" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/azep-ninja/quickintel-scan", "publisherUrl": "https://clawhub.ai/azep-ninja/quickintel-scan", "owner": "azep-ninja", "version": "1.0.8", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/quickintel-scan", "downloadUrl": "https://openagent3.xyz/downloads/quickintel-scan", "agentUrl": "https://openagent3.xyz/skills/quickintel-scan/agent", "manifestUrl": "https://openagent3.xyz/skills/quickintel-scan/agent.json", "briefUrl": "https://openagent3.xyz/skills/quickintel-scan/agent.md" } }