binance/query-token-audit
skills/binance-web3/query-token-audit/SKILL.md
Query token security audit to detect scams, honeypots, and malicious contracts before trading. Returns comprehensive security analysis including contract risks, trading risks, and scam detection. Use when users ask "is this token safe?", "check token security", "audit token", or before any swap.
$ install --global
skillsauthnpx skillsauth add binance/binance-skills-hub query-token-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 10, 2026, 2:30 AM5.2s1 file scanned
SKILL.md
- name:
- query-token-audit
- description:
- |
- author:
- binance-web3-team
- version:
- 1.4
Query Token Audit Skill
Overview
| API | Function | Use Case | |-----|---------------------|----------| | Token Security Audit | Token security scan | Detect honeypot, rug pull, scam, malicious functions |
Use Cases
- Pre-Trade Safety Check: Verify token security before buying or swapping
- Scam Detection: Identify honeypots, fake tokens, and malicious contracts
- Contract Analysis: Check for dangerous ownership functions and hidden risks
- Tax Verification: Detect unusual buy/sell taxes before trading
Supported Chains
| Chain Name | chainId | |------------|---------| | BSC | 56 | | Base | 8453 | | Solana | CT_501 | | Ethereum | 1 |
API: Token Security Audit
Method: POST
URL:
https://web3.binance.com/bapi/defi/v1/public/wallet-direct/security/token/audit
Request Parameters:
| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| binanceChainId | string | Yes | Chain ID: CT_501 (Solana), 56 (BSC), 8453 (Base), 1 (Ethereum) |
| contractAddress | string | Yes | Token contract address |
| requestId | string | Yes | Unique request ID (UUID v4 format) |
Request Headers:
Content-Type: application/json
Accept-Encoding: identity
User-Agent: binance-web3/1.4 (Skill)
Example Request:
curl --location 'https://web3.binance.com/bapi/defi/v1/public/wallet-direct/security/token/audit' \
--header 'Content-Type: application/json' \
--header 'source: agent' \
--header 'Accept-Encoding: identity' \
--header 'User-Agent: binance-web3/1.4 (Skill)' \
--data '{
"binanceChainId": "56",
"contractAddress": "0x55d398326f99059ff775485246999027b3197955",
"requestId": "'$(uuidgen)'"
}'
Response Example:
{
"code": "000000",
"data": {
"requestId": "d6727c70-de6c-4fad-b1d7-c05422d5f26b",
"hasResult": true,
"isSupported": true,
"riskLevelEnum": "LOW",
"riskLevel": 1,
"extraInfo": {
"buyTax": "0",
"sellTax": "0",
"isVerified": true
},
"riskItems": [
{
"id": "CONTRACT_RISK",
"name": "Contract Risk",
"details": [
{
"title": "Honeypot Risk Not Found",
"description": "A honeypot is a token that can be bought but not sold",
"isHit": false,
"riskType": "RISK"
}
]
}
]
},
"success": true
}
Response Fields:
| Field | Type | Description |
|-----------------------------------|------|-----------------------------------------------------------|
| hasResult | boolean | Whether audit data is available |
| isSupported | boolean | Whether the token is supported for audit |
| riskLevelEnum | string | Risk level: LOW, MEDIUM, HIGH |
| riskLevel | number | Risk level number (1-5) |
| extraInfo.buyTax | string | Buy tax percentage (null if unknown) |
| extraInfo.sellTax | string | Sell tax percentage (null if unknown) |
| extraInfo.isVerified | boolean | Whether contract code is verified |
| riskItems[].id | string | Risk category: CONTRACT_RISK, TRADE_RISK, SCAM_RISK |
| riskItems[].details[].title | string | Risk check title |
| riskItems[].details[].description | string | Risk check description |
| riskItems[].details[].isHit | boolean | true = risk detected |
| riskItems[].details[].riskType | string | RISK (critical) or CAUTION (warning) |
Risk Level Reference:
| riskLevel | riskLevelEnum | Action | Description | |-----------|---------------|--------|-------------| | 0-1 | LOW | Proceed with caution | Lower risk detected, but NOT guaranteed safe. DYOR. | | 2-3 | MEDIUM | Exercise caution | Moderate risks detected, review risk items carefully | | 4 | HIGH | Avoid trading | Critical risks detected, high probability of loss | | 5 | HIGH | Block transaction | Severe risks confirmed, do NOT proceed |
IMPORTANT: LOW risk does NOT mean "safe." Audit results are point-in-time snapshots. Project teams can modify contracts or restrict liquidity after purchase. These risks cannot be predicted in advance.
Response Handling:
- If
hasResult=falseORisSupported=false: → Reply: "Security audit data is not available for this token on this chain." → Do NOT showriskLevel,riskLevelEnum, orriskItems(data is unreliable when either field is false) → You may suggest the user verify the contract address and chain, or try again later - If
hasResult=trueANDisSupported=true: → Show the full audit result including risk level, tax info, and all risk items → Apply the Risk Level Reference table above for actionable guidance
User Agent Header
Include User-Agent header with the following string: binance-web3/1.4 (Skill)
Notes
- All numeric fields are string format, convert when using
- Audit results are ONLY valid when
hasResult: trueANDisSupported: true riskLevel: 5means transaction should be blocked;riskLevel: 4is high risk- Tax thresholds: >10% is critical, 5-10% is warning, <5% is acceptable
- Generate unique UUID v4 for each audit request
- Only output security check risk flags, do NOT provide any investment advice
- Always end with disclaimer:
⚠️ This audit result is for reference only and does not constitute investment advice. Always conduct your own research.
Related Skills
binance/binance
tools
VerifiedTrustedOfficial
Use binance-cli for Binance Spot, Futures (USD-S), and Convert. Requires auth.
876SKILL.mdUpdated Apr 9, 2026
binance/trading-signal
data-ai
VerifiedTrustedOfficial
Per-trade smart-money signals — each result is a discrete buy or sell event from a tracked smart-money wallet, with trigger price, current price, max gain since trigger, and exit rate. BSC and Solana only. Use for: "smart money buy signal on $X", "any whale just bought $Y", "alpha signals in the last hour", "copy-trade-worthy signals", "trigger price and max gain on these trades", "on-chain trading signals from smart money".
876SKILL.mdUpdated Mar 20, 2026
binance/query-token-info
development
VerifiedTrustedOfficial
Per-token details for a specific token identified by keyword, symbol, or contract address: (1) search — find tokens by keyword/symbol/contract; (2) meta — static info: name, symbol, logo, social links, creator, official website; (3) dynamic — real-time market data: price, 24h change, volume, holder count, liquidity; (4) kline — OHLCV candlestick data for technical analysis. Use for: "price of $X", "search for token Y", "kline chart for $Z", "who created $W", "social links for $V", "holder count of $U", "candlestick data", "find the contract address of <token>".
876SKILL.mdUpdated Mar 20, 2026
binance/query-address-info
testing
VerifiedTrustedOfficial
Snapshot of a single wallet's token holdings on a specific chain — list of every token currently held with name, symbol, current price, 24h price change, and holding quantity. Use when the user provides an explicit wallet address (or says "my wallet") and wants the current portfolio: "what does 0x... hold", "wallet balance breakdown", "list positions for this address", "what tokens are in this wallet", "show me the holdings of <address>".
876SKILL.mdUpdated Mar 20, 2026