ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

token-scan

Scan token contract security risk and return a structured summary including score, tax, holder concentration, and LP lock status. Supported chains are bsc, eth, solana, arbitrum, base, polygon, avax, tron, ton, plasma, and sui. Trigger when the user provides a chain and contract address and asks for token risk analysis, security review, high-risk item identification, tax interpretation, or holder distribution analysis.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/certik-ai/token-scan
Or

Token Scan

Use {skillDir}/scripts/token_scan.py to inspect one token contract with the CertiK token scan API.

Use this skill when the user wants a token risk review for a specific chain and contract address.

When to use this skill

  • Analyze token contract security risk
  • Review high-risk findings and alert severity
  • Interpret buy or sell tax fields
  • Check holder concentration and LP lock status

Supported chains

bsc, eth, solana, arbitrum, base, polygon, avax, tron, ton, plasma, sui

If the user provides a chain outside this list, do not call the API. Tell the user the chain is not supported yet and list the supported chains.

Workflow

  1. Confirm the chain is supported.
  2. Validate the address format when the chain format is obvious from the input.
  3. Prefer the bundled Python script for execution.
  4. If Python is unavailable, use the documented curl fallback.
  5. If the result is still running, report that the scan is in progress instead of pretending the scan is complete.
  6. Return the result in this order:
    • risk overview
    • alert list
    • additional token signals such as tax, holder concentration, and LP lock
  7. Only include raw fields when the user explicitly asks for audit-level detail.

Execution

Important: --chain only supports bsc|eth|solana|arbitrum|base|polygon|avax|tron|ton|plasma|sui. If the user provides a chain outside this list, do not call the API. Reply that the chain is not supported yet and include the supported chain list so the user can switch.

Prefer Python first:

python3 scripts/token_scan.py --chain "bsc" --contract "0x..."

If Python is unavailable, use curl:

curl -sG "https://open.api.certik.com/token-scan" \
  -H "Accept: application/json, text/plain, */*" \
  --data-urlencode "chain=bsc" \
  --data-urlencode "address=0x..."

Output requirements

  1. Risk overview must include score, alert_count, and the highest alert level.
  2. Alert list must be sorted by Critical -> Major -> Medium -> Minor and show up to 8 items.
  3. If alert_count > 8, explicitly say: Total N alerts, showing the top 8 highest-priority items.
  4. Clarify that values like skyknight_score.details.buy_tax and skyknight_score.details.sell_tax are deduction factors, not the real tax percentage.
  5. Prefer the real buy or sell tax value from security_summary.*.extended_data.* when it exists.

Public API

  • Endpoint: GET https://open.api.certik.com/token-scan
  • Query parameters:
    • chain (required)
    • address (required)

Example:

curl -sG "https://open.api.certik.com/token-scan" \
  -H "Accept: application/json, text/plain, */*" \
  --data-urlencode "chain=eth" \
  --data-urlencode "address=0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984"

Supported chain formats:

Read Full Documentation on GitHub

Metadata

Author@certik-ai
Stars3917
Views1
Updated2026-04-08
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-certik-ai-token-scan": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

skyinsights

Query the CertiK SkyInsights blockchain risk intelligence API. Use this skill when the user wants to check whether a wallet address or transaction hash is risky, look up labels or entity details, or run AML screening. Subcommands: kya, labels, screen, kyt.

certik-ai 3917

skylens-transaction-analysis

Inspects one EVM transaction with Skylens APIs and returns human-readable trace, balance, storage, and nonce changes. Use when the user asks for tx-level investigation on supported chains (for example Ethereum) via `get-trace`, `balance-change`, `state-change`, or `nonce-change`.

certik-ai 3917

skynet-score

Use for searching CertiK Skynet project scores, looking up blockchain project security ratings, comparing score breakdowns, and integrating the public Skynet project search endpoint. Trigger when the user asks for a project score, tier, score factors, updated time, or how to query Skynet scores by keyword.

certik-ai 3917