query-token-audit

by binance

query-token-audit is a token security audit skill for checking scams, honeypots, rug-pull signals, malicious contract logic, and risky tax settings before trading. It supports BSC, Base, Ethereum, and Solana, and is best used with the exact contract address and chain for a fast pre-trade security review.

Stars822

Favorites0

Comments0

AddedMay 8, 2026

CategorySecurity Audit

Install Command

npx skills add binance/binance-skills-hub --skill query-token-audit

Curation Score

This skill scores 78/100, which means it is a solid listing candidate for directory users who want a focused token security audit workflow. The repository gives enough concrete API and usage detail to help an agent trigger it correctly and understand its purpose faster than a generic prompt, though users should still expect some adoption friction because there are no support files or install command.

78/100

Strengths

Clear trigger and use cases for pre-trade token safety checks, scam detection, contract analysis, and tax verification.
Operationally concrete API details: POST endpoint, required parameters, and supported chains are documented in SKILL.md.
Good directory value for agents because the skill is narrowly scoped to token security auditing rather than broad Web3 advice.

Cautions

No install command, scripts, references, or support files, so agents may need to infer some integration steps.
The visible description is very short and the repository evidence is limited to a single SKILL.md file, which reduces progressive disclosure and adoption confidence.

Web3 Binance Ethereum Solana Bsc Base API Token

Overview

Overview of query-token-audit skill

What query-token-audit does

The query-token-audit skill checks a token contract for security risks before you trade. It is built for users who want a fast, practical answer to “is this token safe?” and need more than a generic prompt response. The core job is to detect scam patterns, honeypot behavior, rug-pull indicators, malicious contract logic, and suspicious tax settings.

Who should use it

Use the query-token-audit skill if you are screening a token before a swap, validating a new contract, or doing a first-pass query-token-audit for Security Audit on a chain supported by the skill. It is most useful for traders, security-minded analysts, and agents that need a repeatable pre-trade check with clear contract input.

What matters most in practice

The value of query-token-audit is speed plus specificity: it focuses on token-level risk signals rather than broad blockchain analysis. It supports BSC, Base, Ethereum, and Solana, so the main adoption question is whether your token lives on one of those chains and whether you can supply the exact contract address. If you need full project due diligence, this skill is only one part of the workflow.

How to Use query-token-audit skill

Install and locate the source

Use the query-token-audit install flow from your skill manager, then open skills/binance-web3/query-token-audit/SKILL.md first. There are no extra helper folders in this repo path, so the skill file is the main source of truth. If you are integrating it into an agent workflow, preserve the exact chain ID and contract address requirements.

Give the skill the right input

For reliable query-token-audit usage, provide the token’s contract address, the correct chain, and a clear goal such as “audit this token before buying” or “check for honeypot and tax risk.” A weak prompt is: “check this coin.” A stronger prompt is: “Run query-token-audit on this Ethereum contract address and summarize scam risk, ownership risk, tax risk, and whether trading looks safe.”

Practical workflow for better results

Start with the contract, not the ticker. Tickers are easy to clone; contract addresses are not. If you already suspect a scam, say so and ask the skill to prioritize hidden mint functions, blacklists, sell restrictions, or abnormal taxes. After the first result, decide whether you need a second pass focused on execution risk, because the audit may surface concerns that should change your trading plan immediately.

Read first, then adapt

If you are building on top of the skill, read SKILL.md and the embedded API section before writing your own prompt wrapper. The skill is designed around a token security audit endpoint, so your wrapper should translate user intent into a clean request rather than inventing extra context. Keep unsupported assumptions out of the prompt, especially chain mismatch or vague token identifiers.

query-token-audit skill FAQ

Is query-token-audit enough to trust a token?

No. The query-token-audit skill is a fast security filter, not a full investment thesis. It is good at identifying obvious contract and trading risks, but you should still review liquidity, ownership, team context, and market behavior separately.

What makes query-token-audit different from a normal prompt?

A normal prompt may summarize best practices, but query-token-audit is meant to trigger a concrete security audit flow with chain-aware contract input. That makes it more useful when you need repeatable results for the same token and want fewer guesses about what the model should inspect.

Can beginners use it?

Yes, if they can copy the correct contract address and chain. The skill is beginner-friendly for pre-trade checks, but beginners should still learn to distinguish ticker symbols from contract addresses and should not use the result as a guarantee of safety.

When should I not use it?

Do not use query-token-audit when you only have a token name, no contract, or the wrong chain. It is also a poor fit if you need broad protocol auditing, legal review, or wallet-level transaction tracing instead of token security analysis.

How to Improve query-token-audit skill

Provide cleaner inputs

The biggest quality lift comes from giving the exact contract address, the correct chain, and a narrow question. If you know the token is newly deployed, suspicious, or likely to be a clone, say that up front so the skill can prioritize scam detection rather than generic summary output.

Ask for the risk you actually need

If your decision depends on one concern, name it. For example: “focus on honeypot risk,” “check whether sell taxes are abnormal,” or “look for owner privileges that can trap buyers.” This makes query-token-audit usage more decisive because the output is organized around the risk that matters to your trade.

Watch for common failure modes

The most common mistake is giving a ticker instead of a contract address. Another is mixing up chains, which can produce misleading results or a failed audit. A third is treating a clean audit as a green light; the skill can reduce guesswork, but it cannot replace liquidity, volume, and market-context checks.

Iterate after the first pass

If the first audit flags risk, follow up with a narrower prompt that asks for the specific mechanism behind the warning and what trading behavior it would affect. If the first result is clean but you still feel uncertain, rerun query-token-audit with a second contract or a more explicit security question. The goal is not more text; it is a clearer decision.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

security-threat-model

by openai

Repository-grounded security-threat-model skill for AppSec threat modeling. It maps trust boundaries, assets, attacker goals, abuse paths, and mitigations into a concise Markdown threat model. Use it when you need security-threat-model for Threat Modeling on a specific repo or path, not a generic architecture review or code check.

Threat Modeling

Favorites 0GitHub 0

solana-vulnerability-scanner

by trailofbits

solana-vulnerability-scanner is a focused Solana security audit skill for native Rust and Anchor programs. It helps review CPI logic, PDA validation, signer and ownership checks, and sysvar spoofing to catch six critical Solana-specific vulnerabilities before deployment.

Security Audit

Favorites 0GitHub 4.9k

azure-ai-contentsafety-ts

by microsoft

azure-ai-contentsafety-ts helps analyze text and images for harmful content with Azure AI Content Safety in TypeScript. Use this skill for moderation workflows, blocklists, and security audit checks for hate, violence, sexual content, and self-harm. It also covers Azure endpoint and auth setup.

Security Audit

Favorites 0GitHub 2.3k

sharp-edges

by trailofbits

The sharp-edges skill helps you find APIs, configs, and interfaces where the easy path leads to insecure use. Use it to review authentication flows, cryptographic wrappers, dangerous defaults, null or zero semantics, and misuse-prone design choices. It is a strong fit for sharp-edges for Security Audit work when you need concrete footguns, not generic security guesses.

Security Audit

Favorites 0GitHub 5k

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

exploiting-insecure-data-storage-in-mobile

by mukul975

The exploiting-insecure-data-storage-in-mobile skill helps assess and extract evidence from insecure local storage in Android and iOS apps. It covers SharedPreferences, SQLite databases, plist files, world-readable files, backup exposure, and weak keychain/keystore handling for mobile pentesting and Security Audit workflows.

Security Audit

Favorites 0GitHub 6.2k

detecting-s3-data-exfiltration-attempts

by mukul975

detecting-s3-data-exfiltration-attempts helps investigate possible AWS S3 data theft by correlating CloudTrail S3 data events, GuardDuty findings, Amazon Macie alerts, and S3 access patterns. Use this detecting-s3-data-exfiltration-attempts skill for Security Audit, incident response, and suspicious bulk-download analysis.

Security Audit

Favorites 0GitHub 6.2k

building-incident-response-playbook

by mukul975

building-incident-response-playbook helps security teams create reusable incident response playbooks with step-by-step phases, decision trees, escalation criteria, RACI ownership, and SOAR-ready structure. It is designed for incident response procedure documentation, incident triage workflows, and audit-friendly operational response plans.

Incident Triage

Favorites 0GitHub 6.1k

building-patch-tuesday-response-process

by mukul975

building-patch-tuesday-response-process helps teams build a repeatable Microsoft Patch Tuesday process to triage advisories, rank risk, test patches, approve rollout, and track compliance. Useful for security operations, vulnerability management, and building-patch-tuesday-response-process for Project Management.

Project Management

Favorites 0GitHub 6.1k

ossfuzz

by trailofbits

Learn the ossfuzz skill for continuous fuzzing setup, project enrollment, harness planning, and build workflow review. This guide helps security engineers and maintainers assess readiness, spot build blockers, and prepare a practical path from source tree to OSS-Fuzz or private fuzzing infrastructure.

Security Audit

Favorites 0GitHub 5k

codeql

by trailofbits

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

Security Audit

Favorites 0GitHub 5k

semgrep-rule-creator

by trailofbits

semgrep-rule-creator creates production-quality Semgrep rules for security vulnerabilities, bug patterns, taint-flow detections, and coding standards. Use the semgrep-rule-creator skill for Security Audit work when you need precise rules, test cases, and validation instead of a generic draft.

Security Audit

Favorites 0GitHub 5k

insecure-defaults

by trailofbits

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

Security Audit

Favorites 0GitHub 5k

constant-time-analysis

by trailofbits

constant-time-analysis is a security-audit skill for finding timing side-channel risks in cryptographic code before they become exploitable bugs. Use it to review secret-dependent math, branches, comparisons, and compiled output when checking C, C++, Go, Rust, Swift, Java, Kotlin, PHP, JavaScript, TypeScript, Python, or Ruby.

Security Audit

Favorites 0GitHub 5k

secure-workflow-guide

by trailofbits

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

Security Audit

Favorites 0GitHub 4.9k