Is io.github.fino-oss/contract-scanner safe to use?

io.github.fino-oss/contract-scanner has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.fino-oss/contract-scanner?

io.github.fino-oss/contract-scanner supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.fino-oss/contract-scanner?

io.github.fino-oss/contract-scanner is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is io.github.fino-oss/contract-scanner actively maintained?

io.github.fino-oss/contract-scanner is recently maintained — last commit was 74 days ago.

io.github.fino-oss/contract-scanner

Scans Base L2 smart contracts for security risks. Risk score 0-100, detects backdoors & proxies.

0 tools GitHub

No known CVEs

No license

Maintained

Last commit 74d ago

Works with most clients

Transport: stdio, http

0 tools

Grade F

Edit this pageView history

Security Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "contract-scanner": {
      "args": [
        "/Users/sam/Desktop/samDev/p8/mcp/server.js"
      ],
      "command": "node"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-fino-oss-contract-scanner)](https://mcppedia.org/s/io-github-fino-oss-contract-scanner)

Read me

What io.github.fino-oss/contract-scanner does

Scan any Base L2 smart contract for security risks directly from your AI assistant.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

34/100across 5 weighted dimensions

How we score →

0255075100

−66

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.fino-oss/contract-scanner safe to use?: io.github.fino-oss/contract-scanner has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.fino-oss/contract-scanner?: io.github.fino-oss/contract-scanner supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.fino-oss/contract-scanner?: io.github.fino-oss/contract-scanner is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is io.github.fino-oss/contract-scanner actively maintained?: io.github.fino-oss/contract-scanner is recently maintained — last commit was 74 days ago.

Similar servers

Others in security / finance

View all →

Alpha Vantage Mcp95

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

158 3

Investor Agent93

A Model Context Protocol server for building an investor agent

329 7

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

MCP Security Weekly

Get CVE alerts and security updates for io.github.fino-oss/contract-scanner and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "contract-scanner": {
      "args": [
        "/Users/sam/Desktop/samDev/p8/mcp/server.js"
      ],
      "command": "node"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-fino-oss-contract-scanner)](https://mcppedia.org/s/io-github-fino-oss-contract-scanner)

Read me

What io.github.fino-oss/contract-scanner does

Scan any Base L2 smart contract for security risks directly from your AI assistant.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Contract Security Scanner — MCP Server

Scan any Base L2 smart contract for security risks directly from your AI assistant.

3 tools exposed:

scan_contract — Full security scan (source verification, risky selectors, age, activity)
batch_scan — Compare up to 5 contracts side by side
interpret_risk — Get an actionable recommendation (SAFE / CAUTION / HIGH_RISK / DO_NOT_USE)

Risk score: 0-100. Analyzes: mint/blacklist/backdoor functions, proxy patterns, source verification, contract age, transaction activity.

Installation

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "contract-scanner": {
      "command": "node",
      "args": ["/Users/sam/Desktop/samDev/p8/mcp/server.js"]
    }
  }
}

Restart Claude Desktop. The tools appear automatically.

Cursor

Add to .cursor/mcp.json (project) or ~/.cursor/mcp.json (global):

{
  "mcpServers": {
    "contract-scanner": {
      "command": "node",
      "args": ["/Users/sam/Desktop/samDev/p8/mcp/server.js"]
    }
  }
}

Cline (VS Code extension)

Open Cline settings → MCP Servers → Add server
Set type: stdio
Command: node /Users/sam/Desktop/samDev/p8/mcp/server.js

Any MCP client (generic)

The server uses stdio transport — just pipe JSON-RPC messages:

node /Users/sam/Desktop/samDev/p8/mcp/server.js

Usage examples

Once connected, just ask your AI assistant naturally:

"Scan this contract before I approve: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"

"Compare the risk of these 3 Aave clones: 0x... 0x... 0x..."

"Is this token safe to buy? 0x4ed4e862860bed51a9570b96d89af5e1b0efefed"

What gets analyzed

Check	Source
Source code verified?	BaseScan API
Mint / burn functions	Bytecode selector scan
Pause / freeze	Bytecode selector scan
Blacklist / whitelist	Bytecode selector scan
Backdoors (rescueTokens, withdrawAll)	Bytecode selector scan
Upgradeable proxy	BaseScan + delegatecall detection
Contract age	BaseScan transaction history
Activity level	BaseScan recent txs

Risk scoring

Score	Label	Meaning
0-9	SAFE	No red flags
10-29	LOW	Minor concerns
30-49	MEDIUM	Elevated risk — review before interacting
50-69	HIGH	Significant risk — small amounts only
70+	CRITICAL	Avoid — potential rug or backdoor

Technical notes

Chain: Base L2 only (https://mainnet.base.org)
API: BaseScan free tier (no key needed for basic checks; set BASESCAN_API_KEY env var for full source analysis)
No wallet needed: read-only RPC calls only
Latency: ~2-5s per contract (network dependent)

Built on Base. Agent wallet: 0x804dd2cE4aA3296831c880139040e4326df13c6e

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

34/100across 5 weighted dimensions

How we score →

0255075100

−66

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.fino-oss/contract-scanner safe to use?: io.github.fino-oss/contract-scanner has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.fino-oss/contract-scanner?: io.github.fino-oss/contract-scanner supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.fino-oss/contract-scanner?: io.github.fino-oss/contract-scanner is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is io.github.fino-oss/contract-scanner actively maintained?: io.github.fino-oss/contract-scanner is recently maintained — last commit was 74 days ago.