Contract Security Scanner
Let your agent score Base L2 smart contract risk (0–100) and flag backdoors and proxies before users touch unknown addresses.
Overview
Contract Security Scanner is a MCP server for the Ship phase that scans Base L2 smart contracts and returns a 0–100 risk score with backdoor and proxy detection.
What is this MCP server?
- Risk score from 0–100 for Base L2 smart contracts
- Detects backdoors, proxies, and related security risk patterns
- npm stdio package @fino314-oss/contract-scanner-mcp v1.0.0
- Bytecode scan works without BaseScan API key; key enables deeper source analysis
- GitHub fino-oss/contract-scanner-mcp for local agent wiring
- Risk score range 0–100 documented in server description
- Package version 1.0.0 @fino314-oss/contract-scanner-mcp
- Transport stdio; BASESCAN_API_KEY optional for enhanced analysis
What problem does it solve?
Solo Web3 builders cannot manually audit every Base contract their agent or app might call, yet shipping without a quick risk read invites proxy and backdoor surprises.
Who is it for?
Builders shipping Base L2 features who want agent-driven contract triage during security review sprints.
Skip if: Teams needing full mainnet multi-chain audit firms, non-EVM chains only, or compliance sign-off without any human security review.
What do I get? / Deliverables
After installing the stdio MCP server, your agent can return scored Base contract risk signals and named findings before you wire addresses into production flows.
- 0–100 contract risk score for Base L2 targets
- Findings oriented around backdoors, proxies, and related risk patterns
- Agent-invokable local stdio security scan workflow
Recommended MCP Servers
Journey fit
Contract review belongs in Ship when you are hardening or launching Web3 features and need automated security signal on Base deployments. Security subphase covers pre-launch contract audits and risk gates; this stdio MCP targets Base L2 bytecode and optional BaseScan source analysis.
How it compares
Base L2 contract risk MCP scanner, not a hosted equities broker or CI/CD pipeline.
Common Questions / FAQ
Who is Contract Security Scanner for?
It is for indie and solo developers building on Base who want coding agents to run quick smart contract risk scans with a 0–100 score before launch.
When should I use Contract Security Scanner?
Use it in Ship during security review when evaluating contract addresses, integrations, or dependencies on Base L2 before users rely on them.
How do I add Contract Security Scanner to my agent?
Install @fino314-oss/contract-scanner-mcp via npm, configure the stdio MCP entry in your client, and optionally set BASESCAN_API_KEY for source-level BaseScan analysis.