security
Security
Validate addresses and analyze token risk before transacting.
Base URL: https://tws.trustwallet.com
Auth: HMAC-SHA256 (see setup)
Endpoints
Validate Address
GET /v1/validate
Validate a wallet address or transaction for security risks.
Query parameters:
| Name | Type | Required | Description |
|---|---|---|---|
address |
string | Yes | Address to validate |
asset_id |
string | No | Asset ID for context (e.g., c60 for Ethereum) |
type |
string | No | Validation type: address, transaction |
Example request:
GET /v1/validate?address=0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045&asset_id=c60&type=address
Response:
{
"valid": true,
"result": "whitelist",
"details": {
"is_contract": false,
"is_sanctioned": false,
"risk_score": 0,
"labels": []
}
}
Result values:
| Value | Meaning |
|---|---|
whitelist |
Known safe address |
neutral |
No risk signals |
blacklist |
Known malicious address |
unknown |
Not enough data |
Check Token Risk
GET /v2/coinstatus/{assetId}
Check security and risk information for a token — honeypot detection, audit status, freeze authority, and more.
Path parameters:
| Name | Type | Required | Description |
|---|---|---|---|
assetId |
string | Yes | Asset ID (e.g., c60_t0xA0b8... for ERC-20, c501 for SOL) |
Query parameters:
| Name | Type | Required | Description |
|---|---|---|---|
version |
string | No | API version (use 2) |
platform |
string | No | Platform identifier |
include_security_info |
boolean | No | Include EVM security data (default: true) |
include_solana_security_info |
boolean | No | Include Solana-specific security data (default: true) |
Example request:
GET /v2/coinstatus/c60_t0xdAC17F958D2ee523a2206206994597C13D831ec7?version=2&include_security_info=true
Response:
{
"asset_id": "c60_t0xdAC17F958D2ee523a2206206994597C13D831ec7",
"name": "Tether USD",
"symbol": "USDT",
"isActive": true,
"supportsSwap": true,
"securityInfo": {
"riskLevel": "low",
"isHoneypot": false,
"hasAudit": true,
"auditProvider": "OpenZeppelin",
"hasMintFunction": true,
"canTakeBackOwnership": false,
"isTradingCooldown": false,
"warnings": []
}
}
For Solana tokens, the response includes solanaSecurityInfo instead:
{
"solanaSecurityInfo": {
"riskLevel": "medium",
"hasFreezeAuthority": true,
"hasMintAuthority": true,
"isInitialized": true,
"warnings": ["Token has active freeze authority"]
}
}
Risk levels: low, medium, high, critical, unknown
EVM security fields:
| Field | Type | Description |
|---|---|---|
riskLevel |
string | Overall risk level |
isHoneypot |
boolean | Cannot sell after buying |
hasAudit |
boolean | Smart contract has been audited |
auditProvider |
string | Name of audit firm |
hasMintFunction |
boolean | Token supply can be increased |
canTakeBackOwnership |
boolean | Owner can reclaim ownership after renouncing |
isTradingCooldown |
boolean | Trading restrictions after buy |
warnings |
string[] | Human-readable risk warnings |
Solana security fields:
| Field | Type | Description |
|---|---|---|
riskLevel |
string | Overall risk level |
hasFreezeAuthority |
boolean | Token accounts can be frozen |
hasMintAuthority |
boolean | Supply can be increased |
isInitialized |
boolean | Token program is initialized |
warnings |
string[] | Human-readable risk warnings |
More from trustwallet/tw-agent-skills
trust-wallet-api
Trust Wallet API for crypto data — token search, prices, trending tokens, swap quotes, market data, security checks, address validation, asset info, and coin status across 100+ blockchains. Use whenever the user asks about crypto prices, token info, swap rates, market cap, trending coins, token risk, honeypot detection, address validation, or wants to call the Trust Wallet / tws.trustwallet.com API directly. Covers HMAC-SHA256 authentication, supported chains, and all REST endpoints.
83trust-wallet-cli
Trust Wallet CLI (`twak`) — install, create wallets, check balances, send tokens, swap, view history, set price alerts, DCA automations, limit orders, manage ERC-20 approvals, check token risk, browse trending/DApps, and run x402 micropayments. Use whenever the user wants to use the twak CLI, manage a crypto wallet from the terminal, send or swap tokens via command line, check portfolio, create price alerts, set up DCA, create limit orders, approve ERC-20 spenders, or interact with Trust Wallet from a shell. Also covers MCP server setup for AI agents.
82trust-wallet-sdk
Trust Wallet open-source libraries — Wallet Core (HD wallets, address derivation, tx signing in Swift/Kotlin/TypeScript/Go for 140+ chains), Web3 Provider (dApp connection for Ethereum/Solana/Cosmos/Bitcoin/Aptos/TON/Tron), deep linking, browser extension integration, WalletConnect, token assets repository, and Barz ERC-4337 smart wallet. Use when working with trustwallet/wallet-core, @trustwallet/wallet-core, trust-web3-provider, Trust Wallet deep links, token logos/metadata from trustwallet/assets, or Barz account abstraction.
68your-skill-name
One sentence — what this skill does and when Claude should use it.
59assets
Work with the Trust Wallet assets repository — look up token logos and metadata, list assets by blockchain, and contribute new assets (add logo, info.json, update tokenlist). Use when the user asks about token logos, asset listings, adding a token to Trust Wallet, or querying trustwallet/assets.
11wallet-core
Build with Trust Wallet Core — HD wallet creation, address derivation, and transaction signing across 140+ blockchains. Use when working with trustwallet/wallet-core, @trustwallet/wallet-core, or implementing key generation and signing in Swift, Kotlin, TypeScript, or Go.
11