Token contract security audit via GoPlus — checks for honeypots, hidden mints, and rug pull risks.
What it does
The `/token-security` endpoint from Otto AI's x402 Agent Swarm performs a token contract security audit powered by GoPlus. Given a token contract address and optional chain ID, it checks for honeypots, hidden mints, rug pull risks, and other smart contract vulnerabilities. It supports multiple EVM chains including Ethereum (chain ID 1), BSC (56), Polygon (137), Arbitrum (42161), and Base (8453).
The endpoint is part of Otto AI's broader suite of 30+ x402-payable endpoints spanning market intelligence, DeFi analytics, AI creative tools, and trade execution. Payment is $0.10 per call in USDC, accepted on Base, Polygon, or Solana via the x402 V2 protocol. After an initial paid call, data endpoints support 1-hour free re-access using a Sign-In-With-X (SIWX) wallet signature. Every response includes a signed EIP-712 receipt as cryptographic proof of service delivery.
The endpoint accepts GET requests with a required `address` query parameter (0x-prefixed token contract address) and an optional `chain` parameter for the chain ID. It returns a JSON object with a `status` field and a `data` object containing the security audit results. The service is live and returns a 402 payment challenge to unauthenticated callers, confirming operational status.
Capabilities
Use cases
- —Checking whether a newly discovered token contract is a honeypot before buying
- —Automated security screening of tokens in a DeFi trading bot pipeline
- —Verifying rug pull risk indicators for tokens listed on DEXs
- —Integrating contract safety checks into a portfolio management agent
- —Pre-trade due diligence on low-cap altcoins across multiple EVM chains
Fit
Best for
- —AI agents performing automated token due diligence before trades
- —DeFi traders who want programmatic honeypot and rug pull checks
- —Portfolio tools that need to flag risky token contracts at scale
Not for
- —Full formal smart contract audits (this is an automated scan, not a manual audit)
- —Non-EVM chains like Bitcoin or Cosmos
- —Free/unauthenticated bulk scanning (each call costs $0.10 USDC)
Quick start
# 1. GET the endpoint — receive 402 with PAYMENT-REQUIRED header
curl 'https://x402.ottoai.services/token-security?address=0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48&chain=1'
# 2. Decode the base64 PAYMENT-REQUIRED header to find accepts[] payment options
# 3. Sign USDC payment (EIP-3009 or Permit2) and retry with PAYMENT-SIGNATURE header
# 4. Receive 200 with security audit data + signed receipt in PAYMENT-RESPONSE headerExample
Response
{
"data": {
"chain": "1",
"token_address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"security_audit": {
"hidden_mint": false,
"is_honeypot": false,
"rug_pull_risk": "low"
}
},
"status": "success"
}Endpoint
Quality
Full OpenAPI schema with clear parameter definitions, confirmed live via 402 challenge, well-documented pricing ($0.10 USDC), and multi-chain support. Deducted because the response data schema is generic (untyped `data` object) and no actual example response from the GoPlus-powered audit is available — the example_response_json is inferred/illustrative.
Warnings
- —Response data schema is generic — the actual structure of GoPlus audit results is not documented in the OpenAPI spec.
- —The example_response_json is illustrative and inferred; actual response fields may differ.
Citations
- —Token contract security audit powered by GoPlus, checks for honeypots, hidden mints, rug pull riskshttps://x402.ottoai.services
- —Price is $0.10 per callhttps://x402.ottoai.services
- —Supports chain IDs 1 (ETH), 56 (BSC), 137 (Polygon), 42161 (Arbitrum), 8453 (Base)https://x402.ottoai.services
- —Payment accepted in USDC on Base, Polygon, or Solana via x402 V2https://x402.ottoai.services
- —Sign-In-With-X (SIWX) provides 1-hour free re-access after initial payment for data endpointshttps://x402.ottoai.services
- —Every call returns a signed EIP-712 receipt as verifiable proof of service deliveryhttps://x402.ottoai.services
- —Endpoint is live and returns 402 payment challengehttps://x402.ottoai.services/token-security