MINARA

Security Scanning & Verification

Token safety checks, DApp phishing detection, smart contract analysis

🟢 Beginner friendly — read-only scanning. Use this BEFORE any trade, approval, or sign.

📘 This page is about token / DApp scanning — verifying that a contract or website is safe to interact with. For the agent's own safety layers that prevent it from running malicious code or moving funds without confirmation, see the Security chapter.

Before you trade or interact with a DApp, the agent can scan for risks: honeypot tokens, phishing sites, risky approvals, and suspicious smart contracts.

💡 Glossary: honeypot, rug pull, stablecoin — scams you want the agent to catch before you do.

What you can do

  • Token safety scan: honeypot detection, holder concentration, dev history
  • DApp/URL phishing check: is this website a scam?
  • Transaction simulation: pre-execution safety check before signing
  • Approval management: check risky ERC-20/Permit2 approvals, revoke if needed
  • Profile verification: verify Twitter profiles for scam indicators

Example prompts

is this token safe? 0xabc...
check if this URL is a phishing site: example.com
scan this transaction before I sign it
show my risky token approvals on Ethereum
verify this Twitter profile — is it a real person?

Example output — token safety scan

Prompt: is this token safe? 0x1234...5678

Agent response:

Token scan — 0x1234...5678 (WIFFLE)

3 red flags (don't trade):

  • Honeypot risk: HIGH — contract sells are tax-gated at 99%. Buy transactions succeed; sell transactions fail silently. Classic honeypot pattern.
  • Holder concentration: dangerous — top wallet holds 87% of supply. Second wallet holds 8%. If either dumps, price → 0.
  • Contract not verified — source code not published on Etherscan; cannot audit. All unverified contracts should be treated as hostile.

Other context:

  • Deployed: 2 days ago
  • Liquidity: $8,400 (very thin)
  • Developer wallet: previously rugged 3 tokens (Feb 2024, Aug 2024, Nov 2024). Historical rug pattern: dump within 5-10 days.

Verdict: do not interact. This is almost certainly a scam.

Example output — phishing check

Prompt: check if uniswap-airdrop.net is a phishing site

Agent response:

URL check — uniswap-airdrop.net

Phishing: very likely

  • Domain registered 4 days ago (new domain = red flag)
  • Not affiliated with Uniswap (real domain: uniswap.org)
  • SSL cert issued to unrelated entity
  • Uniswap has NEVER announced an airdrop at this URL
  • Reported on 3 anti-phishing databases

Do not connect your wallet. If you already did, revoke approvals immediately with show my risky approvals on Ethereum and then revoke approval for <spender>.

Skills and tools involved

SkillRole
External: okx-securityToken scan, DApp scan, TX scan, signature scan, approvals
External: okx-dex-trenchesDeveloper reputation, rug history, bundle detection
research.social / x.apiTwitter profile verification

Scenarios: SCENARIO_PROFILE_VERIFICATION · SCENARIO_NEWS_VERIFICATION

On this page