gate-info-riskcheck
SKILL.md
gate-info-riskcheck
Security guardian Skill. The user inputs a token name or contract address, the system calls the contract security detection Tool to retrieve 30+ risk detection results, tax analysis, holder concentration, and name risk data. The LLM aggregates the results into a structured risk assessment report. Address compliance checking will be added in a future phase.
Trigger Scenarios: User mentions a token/contract address + keywords like safe, risk, check, audit, honeypot, rug, contract security, scam.
Routing Rules
| User Intent | Keywords/Pattern | Action |
|---|---|---|
| Token contract security check | "is this token safe" "any risk with PEPE contract" "check 0x... contract" | Execute this Skill (Token Security mode) |
| Address risk check | "is this address safe" "is this a blacklisted address" | Execute this Skill (Address Risk mode — currently degraded) |
| Single coin analysis | "analyze SOL for me" | Route to gate-info-coinanalysis |
| Address tracking | "track this address" "fund flow" | Route to gate-info-addresstracker |
| Token on-chain analysis | "on-chain chip distribution" | Route to gate-info-tokenonchain |
| Project due diligence | "is this project legit" "team background" | Route to gate-info-coinanalysis (fundamentals focus) |
Execution Workflow
Mode A: Token Security Check (Core Mode — Ready)
Step 1: Intent Recognition & Parameter Extraction
Extract from user input:
token: Token symbol (e.g., PEPE, SHIB) — mutually exclusive withaddressaddress: Contract address (e.g., 0x...) — mutually exclusive withtokenchain: Chain name (eth / bsc / solana / base / arb, etc.) — required
Parameter Completion Strategy:
- If user provides only token without chain: ask "Please specify the chain (e.g., eth, bsc, solana)"
- If user provides a contract address without chain: attempt to infer from address format (0x prefix likely EVM chain, but still confirm specific chain)
- If user asks about major coins (BTC, ETH): inform them "Major coins typically have no contract security risks. If you need to check, please specify the wrapped token or a Meme token on a specific chain"
Step 2: Call 2 MCP Tools in Parallel
| Step | MCP Tool | Parameters | Retrieved Data | Parallel |
|---|---|---|---|---|
| 1a | info_compliance_check_token_security |
token={token} or address={address}, chain={chain}, scope="full", lang="en" |
Risk level, 30+ risk items, tax analysis, holder concentration, name risk, honeypot detection, open-source status | Yes |
| 1b | info_coin_get_coin_info |
query={token or symbol} |
Token basic info (project name, sector, listed exchanges — supplementary context) | Yes |
Both Tools are called in parallel with no dependencies.
Step 3: LLM Aggregation — Generate Risk Report
Pass the security detection data and fundamentals to the LLM to generate the assessment report using the template below.
Mode B: Address Risk Check (Degraded Mode)
info_compliance_check_address_riskis not yet available (P3 phase). Currently onlyinfo_onchain_get_address_infocan provide basic address information.
| Step | MCP Tool | Parameters | Retrieved Data | Status |
|---|---|---|---|---|
| 1 | info_onchain_get_address_info |
address={address}, chain={chain} |
Basic address info, balance, transaction count | ✅ Available |
| 2 | info_compliance_check_address_risk |
— | Address compliance risk labels | ❌ Not ready |
Degradation Handling: Inform the user "Address compliance risk detection is under development. Currently only basic address information is available. For token contract security checks, please provide the token name or contract address."
Report Template (Token Security Mode)
## {token} Contract Security Report
### 1. Risk Overview
| Metric | Result |
|--------|--------|
| Chain | {chain} |
| Contract Address | {address} |
| Overall Risk Level | {risk_level_text} ({highest_risk_level}) |
| High-Risk Items | {high_risk_num} |
| Medium-Risk Items | {middle_risk_num} |
| Low-Risk Items | {low_risk_num} |
| Honeypot Detected | {is_honeypot ? "⛔ Yes" : "✅ No"} |
| Open Source | {is_open_source ? "✅ Yes" : "⚠️ No"} |
### 2. High-Risk Item Details
{If high-risk items exist, list each:}
| Risk Item | Description | Value |
|-----------|------------|-------|
| {risk_name_1} | {risk_desc_1} | {risk_value_1} |
| {risk_name_2} | {risk_desc_2} | {risk_value_2} |
| ... | ... | ... |
{If no high-risk items: "✅ No high-risk items detected"}
### 3. Tax Analysis
| Metric | Value | Status |
|--------|-------|--------|
| Buy Tax | {buy_tax}% | {Normal/Elevated/Extreme} |
| Sell Tax | {sell_tax}% | {Normal/Elevated/Extreme} |
| Transfer Tax | {transfer_tax}% | {Normal/Elevated/Extreme} |
{If multiple DEX pools have different tax rates, list the major pool breakdowns}
### 4. Holder Concentration
| Metric | Value | Status |
|--------|-------|--------|
| Holder Count | {holder_count} | {Many/Normal/Low} |
| Top 10 Holder % | {top10_percent}% | {Normal/High/Extremely Concentrated} |
| Top 100 Holder % | {top100_percent}% | — |
| Developer Holdings | {dev_holding_percent}% | {Normal/High} |
| Insider Holdings | {insider_percent}% | {Normal/High} |
| Largest Single Holder | {max_holder_percent}% | {Normal/High} |
### 5. Name Risk
| Metric | Result |
|--------|--------|
| Domain Token | {is_domain_token ? "⚠️ Yes" : "✅ No"} |
| Contains Sensitive Words | {is_sensitive ? "⚠️ Yes" : "✅ No"} |
| Sensitive Words | {sensitive_words} |
### 6. Project Basic Info (Supplementary)
| Metric | Value |
|--------|-------|
| Project Name | {project_name} |
| Sector | {category} |
| Listed on Major Exchanges | {exchange_list} |
### 7. Overall Assessment
{LLM generates a 3-5 sentence comprehensive risk assessment:}
- Overall contract safety level
- Most critical risk items (if any)
- Whether holder concentration is healthy
- Whether tax rates are reasonable
- Whether further manual audit is recommended
### ⚠️ Risk Warnings
{Auto-generated explicit warnings based on detection results:}
- Honeypot detection (if applicable)
- High tax warning (if applicable)
- Excessive holder concentration (if applicable)
- Contract not open-source (if applicable)
> The above analysis is based on automated on-chain data detection and cannot cover all risk scenarios. Please combine with project due diligence and community research for comprehensive judgment.
Decision Logic
| Condition | Assessment |
|---|---|
is_honeypot == true |
Highest-level warning: "⛔ Detected as honeypot contract — extremely likely unable to sell. Do NOT purchase." |
is_open_source == false |
Flag "Contract is not open-source — code logic cannot be audited, elevated risk" |
buy_tax > 5% or sell_tax > 5% |
Flag "Abnormally high tax rate — extreme trading costs" |
buy_tax > 10% or sell_tax > 10% |
Flag "⛔ Extreme tax rate — suspected malicious contract" |
top10_percent > 50% |
Flag "Highly concentrated holdings — insider/whale dump risk" |
top10_percent > 80% |
Flag "⛔ Extremely concentrated holdings — dump risk is critical" |
dev_holding_percent > 10% |
Flag "Developer holdings are elevated — watch for sell-off risk" |
holder_count < 100 |
Flag "Extremely few holders — insufficient liquidity and decentralization" |
high_risk_num > 0 |
List each high-risk item with explanation |
high_risk_num == 0 && middle_risk_num <= 2 |
Flag "Contract security check passed — no significant risks detected" |
is_domain_token == true |
Flag "This is a domain token — unrelated to the project of the same name. Verify carefully." |
is_sensitive == true |
Flag "Token name contains sensitive words — possible impersonation/fraud risk" |
| Any Tool returns empty/error | Skip that section; note "Data unavailable" in the report |
Risk Level Mapping
highest_risk_level Value |
Risk Level | Label | Description |
|---|---|---|---|
| 0 | Safe | ✅ Safe | No risk items detected |
| 1 | Low Risk | Low Risk | Only low-risk items present |
| 2 | Medium Risk | Medium Risk | Medium-risk items present — monitor |
| 3 | High Risk | High Risk | High-risk items present — exercise extreme caution |
| is_honeypot=true | Critical Risk | ⛔ Critical Risk | Honeypot contract — strongly advise staying away |
Error Handling
| Error Type | Handling |
|---|---|
| Missing chain parameter | Prompt user: "Please specify the chain (e.g., eth, bsc, solana, base, arb)" |
| Neither token nor address provided | Prompt user: "Please provide a token symbol or contract address" |
| Contract address does not exist / unrecognizable | Prompt user to verify the address and confirm the chain |
| Token is a major coin (BTC/ETH, etc.) | Inform: "Major coins typically have no contract security risks. For contract token checks, specify the wrapped token or Meme token on a specific chain" |
| check_token_security timeout/error | Return error message; suggest trying again later |
| Address risk query (currently unavailable) | Inform: "Address compliance detection is under development." Guide user to gate-info-addresstracker for basic address info |
| User inputs a regular address thinking it's a contract | Attempt detection; if empty result, inform "This may not be a contract address. For address information, use the Address Tracker feature" |
Cross-Skill Routing
| User Follow-up Intent | Route To |
|---|---|
| "Analyze this coin for me" | gate-info-coinanalysis |
| "What about on-chain chip distribution?" | gate-info-tokenonchain |
| "Any recent news?" | gate-news-briefing |
| "Track this address" | gate-info-addresstracker |
| "Compare this with XX" | gate-info-coincompare |
| "How is this coin's price action?" | gate-info-trendanalysis |
Available Tools & Degradation Notes
| PRD-Defined Tool | Actually Available Tool | Status | Degradation Strategy |
|---|---|---|---|
info_compliance_check_token_security |
info_compliance_check_token_security |
✅ Ready | — |
info_coin_get_coin_info |
info_coin_get_coin_info |
✅ Ready | — |
info_onchain_get_address_info |
info_onchain_get_address_info |
✅ Ready | Address mode can retrieve basic info |
info_compliance_check_address_risk |
— | ❌ Not ready (P3) | Address compliance risk detection unavailable — inform user and guide to address tracker |
Safety Rules
- Mandatory honeypot warning: When
is_honeypot=trueis detected, display the "⛔ Critical Risk" warning in the most prominent position — never downplay - No investment advice: Risk assessment is based on on-chain data and must include a "not investment advice" disclaimer
- No absolute safety guarantees: Even if all checks pass, state that "automated detection cannot cover all risks"
- Data transparency: Label detection data source and timestamp
- Flag missing data: When any dimension has no data, explicitly inform the user — never fabricate safety conclusions
- Address privacy: Do not proactively expose address holder identities — only display publicly available on-chain data
Weekly Installs
15
Repository
gate/gate-skillsGitHub Stars
10
First Seen
3 days ago
Security Audits
Installed on
codex15
opencode15
github-copilot14
kimi-cli14
gemini-cli14
amp14