Base Security Scanner MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add base-security-scanner -- npx -y base-security-scanner-mcp
README.md

Scan smart contracts on Base mainnet for security vulnerabilities.

base-security-scanner-mcp

MCP server for AI agents to scan smart contracts on Base mainnet for security vulnerabilities. Detect honeypots, rug pulls, hidden mints, proxy patterns, and generate full audit reports -- all read-only, no private key needed.

Install

npx -y base-security-scanner-mcp

Configure (Claude Desktop / Cursor)

{
  "mcpServers": {
    "base-security-scanner": {
      "command": "npx",
      "args": ["-y", "base-security-scanner-mcp"]
    }
  }
}

Tools (8)

Tool Description
scan_contract Analyze a contract for security issues (reentrancy, access control, hidden mints, proxy patterns)
check_honeypot Check if a token is a honeypot by simulating buy+sell via Uniswap V2
detect_rug_risk Score rug pull risk 0-100 based on ownership, liquidity, permissions, honeypot status
analyze_bytecode Disassemble bytecode, identify contract type (proxy, AMM, ERC-20, diamond, etc.)
check_token_permissions Check owner permissions: mint, pause, blacklist, change fees, disable trading
get_contract_info Basic contract metadata: verified status, bytecode size, ETH balance, token info
compare_bytecode Clone detection -- check if two contracts share the same bytecode
audit_report Full security audit combining all checks into one comprehensive report

Environment Variables

Variable Default Description
RPC_URL https://mainnet.base.org Base mainnet RPC endpoint

How It Works

  • Bytecode Analysis: Extracts PUSH4 opcodes to find function selectors, matches against 30+ known dangerous patterns
  • Opcode Scanning: Detects DELEGATECALL, SELFDESTRUCT, CREATE, CREATE2
  • Honeypot Detection: Simulates ETH->Token->ETH round-trip via Uniswap V2 router getAmountsOut
  • Rug Scoring: Weighted algorithm combining ownership, liquidity depth, dangerous permissions, honeypot status
  • Clone Detection: Jaccard similarity on function selector sets

Related MCP Servers

Package Tools What it does
obsd-launchpad-mcp 14 Deploy tokens, trade, earn OBSD
base-security-scanner-mcp 8 Scan contracts for vulnerabilities
base-price-oracle-mcp 7 On-chain price feeds from DEX pools
base-multi-wallet-mcp 8 Coordinated multi-wallet trading
base-gasless-deploy-mcp 5 Gasless ERC-20 token deployment
base-flash-arb-mcp 7 Detect arbitrage opportunities
base-token-sniper-mcp 5 Discover & trade new launches
base-wallet-toolkit-mcp 7 Wallet balances, gas, tokens
base-contract-reader-mcp 6 Read any smart contract (free)
create-mcp-server-cli - Scaffold a new MCP server

License

MIT

Tools (8)

scan_contractAnalyze a contract for security issues like reentrancy, access control, hidden mints, and proxy patterns.
check_honeypotCheck if a token is a honeypot by simulating buy and sell transactions via Uniswap V2.
detect_rug_riskScore rug pull risk 0-100 based on ownership, liquidity, permissions, and honeypot status.
analyze_bytecodeDisassemble bytecode and identify contract type such as proxy, AMM, ERC-20, or diamond.
check_token_permissionsCheck owner permissions including mint, pause, blacklist, fee changes, and trading disablement.
get_contract_infoRetrieve basic contract metadata like verified status, bytecode size, ETH balance, and token info.
compare_bytecodePerform clone detection to check if two contracts share the same bytecode.
audit_reportGenerate a full security audit combining all checks into one comprehensive report.

Environment Variables

RPC_URLBase mainnet RPC endpoint

Configuration

claude_desktop_config.json
{"mcpServers": {"base-security-scanner": {"command": "npx", "args": ["-y", "base-security-scanner-mcp"]}}}

Try it

Scan the smart contract at address 0x... for any hidden minting functions or proxy vulnerabilities.
Is the token at 0x... a honeypot? Please simulate a buy and sell transaction to check.
What is the rug pull risk score for the contract at 0x... based on its current liquidity and ownership?
Generate a full security audit report for the contract at 0x... and summarize the findings.

Frequently Asked Questions

What are the key features of Base Security Scanner?

Automated detection of honeypots, rug pulls, and hidden mints. Bytecode analysis to identify dangerous patterns and contract types. Permission checking for owner-controlled functions like blacklisting or fee changes. Comprehensive audit report generation. Read-only execution requiring no private keys.

What can I use Base Security Scanner for?

Vetting new tokens on Base before trading to avoid rug pulls. Auditing smart contracts for developers to identify security flaws before deployment. Analyzing unknown contract bytecode to determine if it is a clone of a known project. Monitoring contract permissions to ensure decentralization and safety.

How do I install Base Security Scanner?

Install Base Security Scanner by running: npx -y base-security-scanner-mcp

What MCP clients work with Base Security Scanner?

Base Security Scanner works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Base Security Scanner docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars