# Send Quick Intel Token Security Scanner to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "quickintel-scan", "name": "Quick Intel Token Security Scanner", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/azep-ninja/quickintel-scan", "canonicalUrl": "https://clawhub.ai/azep-ninja/quickintel-scan", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/quickintel-scan", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=quickintel-scan", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "Reference.md", "SKILL.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "quickintel-scan", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T18:53:56.652Z", "expiresAt": "2026-05-14T18:53:56.652Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=quickintel-scan", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=quickintel-scan", "contentDisposition": "attachment; filename=\"quickintel-scan-1.0.8.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "quickintel-scan" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/quickintel-scan" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/quickintel-scan", "downloadUrl": "https://openagent3.xyz/downloads/quickintel-scan", "agentUrl": "https://openagent3.xyz/skills/quickintel-scan/agent", "manifestUrl": "https://openagent3.xyz/skills/quickintel-scan/agent.json", "briefUrl": "https://openagent3.xyz/skills/quickintel-scan/agent.md" } } ``` ## Documentation ### Quick Intel Token Security Scanner Scan any token on 63 chains for honeypots, scams, and security risks. Returns a detailed audit in seconds. Costs $0.03 USDC per scan via x402 — read-only, never touches your wallet or tokens. ### Quick Reference SituationActionUser asks "is this token safe?"Scan the token, interpret resultsUser wants to buy/trade a tokenScan BEFORE trading, warn on red flagsScan shows is_Honeypot: trueSTOP — tell user they cannot sell this tokenScan shows isScam: trueSTOP — known scam contractScan shows can_Mint: trueWarn: owner can inflate supplyScan shows high buy/sell tax (>10%)Warn: excessive fees reduce profitsScan shows contract_Renounced: falseCaution: owner retains controlliquidity: false in resultsMay use non-standard pair — verify on DEX aggregatorUser gives chain + addressYou have everything needed to scanUser gives only address, no chainAsk which chain, or try to infer from address format ### How to Scan Endpoint: POST https://x402.quickintel.io/v1/scan/full Request body: { "chain": "base", "tokenAddress": "0x..." } That's it. The x402 payment ($0.03 USDC/USDM) is handled automatically by your wallet integration. If you have @x402/fetch, Sponge Wallet, AgentWallet, Vincent, or Lobster.cash — the payment flow is transparent. Pay on any of 14 networks: Base (recommended, lowest fees), Ethereum, Arbitrum, Optimism, Polygon, Avalanche, Unichain, Linea, Sonic, HyperEVM, Ink, Monad, MegaETH (USDM), or Solana. ### Which integration do I use? ⚠️ Wallet Security: This skill does NOT require your private key. The x402 payment is handled by YOUR agent's wallet — whichever wallet your agent already uses. If your agent doesn't have a wallet yet, use a managed wallet service (Sponge, AgentWallet, Vincent, Lobster.cash) instead of raw private keys. If you must use programmatic signing, use a dedicated hot wallet with minimal funds ($1-5 USDC), never your main wallet. Your setupUse thisKey exposureUsing Sponge WalletPattern A below (recommended)✅ No raw keys — API key onlyUsing AgentWallet (frames.ag)Pattern B below✅ No raw keys — API token onlyUsing Lobster.cash / CrossmintSee REFERENCE.md✅ No raw keys — managed walletUsing Vincent WalletSee REFERENCE.md✅ No raw keys — managed signingHave @x402/fetch installedPattern C below⚠️ Requires private key in envHave viem or ethers.js, no x402 libraryPattern D below (manual signing)⚠️ Requires private key in envUsing Solana walletSee REFERENCE.md⚠️ Requires private key in envNot sure / no wallet configuredStart with Pattern A (Sponge)✅ No raw keys ### Pattern A: Sponge Wallet (Recommended — No Raw Keys) curl -sS -X POST "https://api.wallet.paysponge.com/api/x402/fetch" \\ -H "Authorization: Bearer $SPONGE_API_KEY" \\ -H "Content-Type: application/json" \\ -d '{ "url": "https://x402.quickintel.io/v1/scan/full", "method": "POST", "body": { "chain": "base", "tokenAddress": "0xa4a2e2ca3fbfe21aed83471d28b6f65a233c6e00" }, "preferred_chain": "base" }' Requires: SPONGE_API_KEY env var. Sign up at paysponge.com. Sponge manages the wallet and signing — your agent never touches a private key. ### Pattern B: AgentWallet (No Raw Keys) const response = await fetch('https://frames.ag/api/wallets/{username}/actions/x402/fetch', { method: 'POST', headers: { 'Authorization': \`Bearer ${process.env.AGENTWALLET_API_TOKEN}\`, 'Content-Type': 'application/json' }, body: JSON.stringify({ url: 'https://x402.quickintel.io/v1/scan/full', method: 'POST', body: { chain: 'base', tokenAddress: '0x...' } }) }); const scan = await response.json(); Requires: AGENTWALLET_API_TOKEN env var. Get one at frames.ag. ### Pattern C: @x402/fetch (Programmatic Signing) ⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet. import { x402Fetch } from '@x402/fetch'; import { createWallet } from '@x402/evm'; // Use a DEDICATED wallet with only payment funds ($1-5 USDC) // NEVER use your main wallet or trading wallet private key here const wallet = createWallet(process.env.X402_PAYMENT_KEY); const response = await x402Fetch('https://x402.quickintel.io/v1/scan/full', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ chain: 'base', tokenAddress: '0x...' }), wallet, preferredNetwork: 'eip155:8453' }); const scan = await response.json(); ### Pattern D: Manual EVM Signing (viem) ⚠️ Uses a private key. Use a dedicated hot wallet with minimal funds, not your main wallet. If you don't have @x402/fetch, handle the payment flow manually: import { keccak256, toHex } from 'viem'; import { privateKeyToAccount } from 'viem/accounts'; // Use a DEDICATED wallet with only payment funds ($1-5 USDC) const account = privateKeyToAccount(process.env.X402_PAYMENT_KEY); const SCAN_URL = 'https://x402.quickintel.io/v1/scan/full'; // Step 1: Hit endpoint, get 402 with payment requirements const scanBody = JSON.stringify({ chain: 'base', tokenAddress: '0x...' }); const initialRes = await fetch(SCAN_URL, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: scanBody, }); if (initialRes.status !== 402) throw new Error(\`Expected 402, got ${initialRes.status}\`); const paymentRequired = await initialRes.json(); // Step 2: Find preferred network in accepts array const networkInfo = paymentRequired.accepts.find(a => a.network === 'eip155:8453'); if (!networkInfo) throw new Error('Base network not available'); // Step 3: Sign EIP-712 TransferWithAuthorization const nonce = keccak256(toHex(\`${Date.now()}-${Math.random()}\`)); const validBefore = BigInt(Math.floor(Date.now() / 1000) + 3600); const signature = await account.signTypedData({ domain: { name: networkInfo.extra.name, version: networkInfo.extra.version, chainId: 8453, verifyingContract: networkInfo.asset, }, types: { TransferWithAuthorization: [ { name: 'from', type: 'address' }, { name: 'to', type: 'address' }, { name: 'value', type: 'uint256' }, { name: 'validAfter', type: 'uint256' }, { name: 'validBefore', type: 'uint256' }, { name: 'nonce', type: 'bytes32' }, ], }, primaryType: 'TransferWithAuthorization', message: { from: account.address, to: networkInfo.payTo, value: BigInt(networkInfo.amount), validAfter: 0n, validBefore, nonce, }, }); // Step 4: Build PAYMENT-SIGNATURE header // CRITICAL: signature is a SIBLING of authorization, NOT nested inside it // CRITICAL: value/validAfter/validBefore must be DECIMAL STRINGS const paymentPayload = { x402Version: 2, scheme: 'exact', network: 'eip155:8453', payload: { signature, // ← Direct child of payload authorization: { from: account.address, to: networkInfo.payTo, value: networkInfo.amount, // Decimal string: "30000" validAfter: '0', // Decimal string validBefore: validBefore.toString(), // Decimal string nonce, }, }, }; const paymentHeader = Buffer.from(JSON.stringify(paymentPayload)).toString('base64'); // Step 5: Retry with payment const paidRes = await fetch(SCAN_URL, { method: 'POST', headers: { 'Content-Type': 'application/json', 'PAYMENT-SIGNATURE': paymentHeader, }, body: scanBody, }); const scan = await paidRes.json(); Common mistakes that cause payment failures: signature nested inside authorization instead of as a sibling → "Cannot read properties of undefined" Missing x402Version: 2 at top level Using hex ("0x7530") or raw numbers instead of decimal strings ("30000") for value/validAfter/validBefore Wrong endpoint path (/v1/scan/auditfull instead of /v1/scan/full) For ethers.js, Solana, Vincent, Lobster.cash, and other wallet patterns, see REFERENCE.md. ### Supported Chains (63) EVM: eth, base, arbitrum, optimism, polygon, bsc, avalanche, fantom, linea, scroll, zksync, blast, mantle, mode, zora, manta, sonic, berachain, unichain, abstract, monad, megaeth, hyperevm, shibarium, pulse, core, opbnb, polygonzkevm, metis, kava, klaytn, astar, oasis, iotex, conflux, canto, velas, grove, lightlink, bitrock, loop, besc, energi, maxx, degen, inevm, viction, nahmii, real, xlayer, worldchain, apechain, morph, ink, soneium, plasma Non-EVM: solana, sui, radix, tron, injective Use exact chain names as shown (e.g., "eth" not "ethereum", "bsc" not "binance"). ### Red Flags — DO NOT BUY FieldValueMeaningtokenDynamicDetails.is_HoneypottrueCannot sell — funds are trappedisScamtrueKnown scam contractisAirdropPhishingScamtruePhishing attemptquickiAudit.has_ScamstrueContains scam patternsquickiAudit.can_Potentially_Steal_FundstrueHas theft mechanisms If ANY of these are true, tell the user not to buy and explain why. ### Warnings — Proceed With Caution FieldValueRiskbuy_Tax or sell_Tax> 10High fees eat profitsquickiAudit.can_MinttrueOwner can create more tokens, diluting valuequickiAudit.can_BlacklisttrueOwner can block wallets from sellingquickiAudit.can_Pause_TradingtrueOwner can freeze all tradingquickiAudit.can_Update_FeestrueTaxes could increase after you buyquickiAudit.hidden_OwnertrueReal owner is obscuredquickiAudit.contract_RenouncedfalseOwner retains control over contractquickiAudit.is_ProxytrueContract code can be changed ### Positive Signs FieldValueMeaningquickiAudit.contract_RenouncedtrueNo owner controlcontractVerifiedtrueSource code is publicquickiAudit.can_MintfalseFixed supplyquickiAudit.can_BlacklistfalseNo blocking capabilitybuy_Tax and sell_Tax0 or lowMinimal fees ### Liquidity Check tokenDynamicDetails.liquidity indicates whether a liquidity pool was detected. liquidity: false does NOT always mean illiquid — Quick Intel checks major pairs (WETH, USDC, USDT) but may miss non-standard pairings. Verify independently on a DEX aggregator. liquidity: true — still check lp_Locks for lock status. Unlocked liquidity = rug pull risk. ### Example: Interpreting a Scan { "tokenDetails": { "tokenName": "Example Token", "tokenSymbol": "EX", "tokenDecimals": 18, "tokenSupply": 1000000000 }, "tokenDynamicDetails": { "is_Honeypot": false, "buy_Tax": "0.0", "sell_Tax": "0.0", "liquidity": true }, "isScam": null, "contractVerified": true, "quickiAudit": { "contract_Renounced": true, "can_Mint": false, "can_Blacklist": false, "can_Pause_Trading": false, "has_Scams": false, "hidden_Owner": false } } Your assessment: "This token looks relatively safe. It's not a honeypot, has no scam patterns, contract is renounced with no mint or blacklist capability, and taxes are 0%. Liquidity is detected. However, always treat scan results as one data point — contract behavior can change if it uses upgradeable proxies." ### Security Model YOUR SIDE QUICK INTEL'S SIDE ───────────── ────────────────── • Private keys (never shared) • Receives: token address + chain • Payment auth ($0.03 USDC) • Analyzes: contract bytecode • Decision to trade or not • Returns: read-only audit data Quick Intel NEVER receives your private key. Quick Intel NEVER interacts with your tokens. Quick Intel is READ-ONLY — no transactions, no approvals. NEVER paste private keys, seed phrases, or wallet credentials into any prompt. Quick Intel only needs the token's contract address and chain. ### Error Handling ErrorCauseFix402 Payment RequiredNo payment header sentEnsure wallet is configured and has $0.03+ USDC402 Payment verification failedBad signature or low balanceCheck payload structure (see REFERENCE.md)400 Invalid ChainChain name not recognizedUse exact names from supported chains list400 Invalid AddressMalformed addressCheck format (0x... for EVM, base58 for Solana)404 Token Not FoundToken doesn't exist on that chainVerify address and chain match ### Important Notes Scan results are point-in-time snapshots. A safe token today could change tomorrow if ownership isn't renounced or if it's a proxy contract. Re-scan periodically for tokens you hold. Payment is charged regardless of outcome. Even if the scan returns limited data. Use payment-identifier extension for safe retries (see REFERENCE.md). Not financial advice. Quick Intel provides data to inform decisions, not recommendations. Cross-reference for high-value trades. Verify on block explorers, check holder distribution, confirm liquidity on DEX aggregators. ### Discovery Endpoint Query accepted payments and schemas before making calls: GET https://x402.quickintel.io/accepted ### Cross-Reference For trading tokens after scanning, see the tator-trade skill. For detailed x402 payment implementation, wallet-specific patterns, and troubleshooting, see REFERENCE.md. ### About Quick Intel Quick Intel's endpoint (x402.quickintel.io) is operated by Quick Intel LLC, a registered US-based cryptocurrency security company. Over 50 million token scans processed across 40+ blockchain networks Security scanning APIs power DexTools, DexScreener, and Tator Trader Operational since April 2023 More info: quickintel.io ### Resources Quick Intel Docs: https://docs.quickintel.io x402 Protocol: https://www.x402.org Gateway Discovery: https://x402.quickintel.io/accepted Support: https://t.me/Quicki_TG ## Trust - Source: tencent - Verification: Indexed source record - Publisher: azep-ninja - Version: 1.0.8 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-07T18:53:56.652Z - Expires at: 2026-05-14T18:53:56.652Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/quickintel-scan) - [Send to Agent page](https://openagent3.xyz/skills/quickintel-scan/agent) - [JSON manifest](https://openagent3.xyz/skills/quickintel-scan/agent.json) - [Markdown brief](https://openagent3.xyz/skills/quickintel-scan/agent.md) - [Download page](https://openagent3.xyz/downloads/quickintel-scan)