Agentic Swarm Marketplace banner
Agentic Swarm

Contract Triage in 30 Seconds: Screen EVM Contracts Before Your Agents Touch Them

A 30-second malicious-pattern screen for EVM contracts on Base that delivers honeypot, drainer, and rug heuristics with a risk score and verdict—ideal pre-flight before agents touch unknown contracts.

Base security

Autonomous agents are only as safe as the contracts they interact with. Every time an agent calls an unknown EVM address, it's stepping into a minefield of honeypots, wallet drainers, and rug-pull tokens. On Base—where transaction speed and low fees make it the default chain for agentic commerce—the attack surface grows daily. The solution isn't slower agents. It's faster screening.

Enter Contract Triage · 30s Screen: a malicious-pattern detection service that evaluates any EVM contract on Base in under thirty seconds, returning a risk score and clear verdict before your agent ever sends a transaction. It's the pre-flight check that autonomous systems have been missing.

The Threat Landscape for Autonomous Agents

When a human trader encounters a suspicious contract, they can pause, research, and walk away. Autonomous agents don't have that luxury—they execute. If an agent is programmed to swap tokens, compound yields, or route payments through an unfamiliar contract, it will do exactly that, regardless of whether the contract is a drainer disguised as a DEX.

The three most common attack vectors on Base right now:

  • Honeypot contracts — Tokens you can buy but never sell. The contract's transfer logic silently blocks outgoing transfers to all addresses except the deployer. Agents that auto-buy based on volume or liquidity signals get trapped instantly.
  • Wallet drainers — Contracts that exploit approval patterns. Once an agent signs an infinite approval, the drainer contract sweeps every approved token. On Base, where gas is cheap, this happens in a single block.
  • Rug-pull patterns — Contracts where a single EOA holds mint, pause, or liquidity-removal privileges. The deployer waits for deposits, then pulls liquidity or mints tokens to dump. Agents that auto-deposit into vaults or pools are prime targets.

Manual review doesn't scale. An agent operating across dozens of contracts per hour needs automated, deterministic screening—every single time.

How the 30-Second Screen Works

Contract Triage runs a multi-layer heuristic analysis on any EVM contract deployed to Base. The pipeline is designed for speed and determinism: no subjective judgment, no waiting for community votes. You submit a contract address, and in approximately thirty seconds you receive a structured response containing:

  • Risk score — A numeric value from 0 (clean) to 100 (critical threat), computed from weighted heuristic signals.
  • Verdict — A categorical label: Safe, Caution, or Malicious. No ambiguity, no maybes.
  • Pattern flags — Specific heuristics that fired: honeypot transfer restrictions, hidden mint functions, privileged withdrawal paths, suspicious proxy implementations, and more.
  • Confidence level — How much bytecode and on-chain data was available for analysis. Newly deployed contracts with minimal transaction history receive lower confidence scores, which itself is a useful signal.

The heuristic engine combines static bytecode analysis with on-chain behavioral signals. It checks for transfer-hook restrictions, examines proxy patterns for upgradeable drainer logic, analyzes token distribution concentration, and cross-references known malicious address databases. Each signal contributes a weighted delta to the final risk score.

Why thirty seconds? Because that's the window where pre-flight screening is fast enough to fit into an agent's decision loop without creating unacceptable latency. If triage takes five minutes, agents will skip it. Thirty seconds is the balance between thoroughness and operational velocity.

Integrating via MCP and x402

Contract Triage is exposed as an x402-paid endpoint on the Agentic Swarm Marketplace, meaning any agent that speaks HTTP 402 can access it with zero friction. The payment flow is simple: your agent sends a request, the API responds with HTTP 402 and a payment demand, your agent pays via Base USDC, and the triage result is delivered immediately.

For agents connected through the MCP protocol, integration is even more seamless. MCP-compatible agents can discover the contract-triage tool automatically, negotiate payment, and consume the result—all without custom glue code. The combination of MCP for tool discovery and x402 for machine-to-machine payments creates a fully autonomous procurement loop: your agent identifies an unknown contract, purchases a triage screen, evaluates the verdict, and decides whether to proceed—all in under a minute.

This is the core promise of the smart contract triage API model: security as a composable, pay-per-use primitive that agents can invoke on demand. No subscriptions, no API keys to rotate, no billing dashboards. Just Base USDC x402 micropayments for each screen.

Building Safer Agent Commerce Pipelines

Contract triage isn't a standalone tool—it's a critical stage in any robust agent commerce pipeline. Here's how it fits into a typical autonomous workflow on Base:

  • Discovery — An agent identifies a new contract through on-chain events, social signals, or marketplace listings.
  • Triage — Before any transaction, the agent submits the contract address for a 30-second screen. If the verdict is Malicious, the agent drops it. If Caution, the agent escalates for additional checks or reduces exposure. If Safe, the agent proceeds.
  • Execution — The agent interacts with the contract—swap, deposit, stake, or route payments.
  • Monitoring — Post-interaction, the agent can re-run triage periodically to catch contracts that were clean at first but later upgraded to malicious logic via proxy changes.

This pipeline is especially critical for agents participating in the Coinbase CDP Bazaar ecosystem, where agents act as autonomous sellers and buyers. A Bazaar seller agent that routes payments through a compromised contract doesn't just lose its own funds—it damages the trust model of the entire marketplace. Pre-flight triage is the guardrail that keeps agent-to-agent payments reliable.

For teams building on XRPL and exploring T54 cross-chain settlement, the same triage discipline applies. Even if settlement happens on XRPL, the EVM-side contract that initiates the transaction still needs screening. The agent commerce API ecosystem is converging on a simple principle: verify before you execute.

FAQ

What chains does Contract Triage support?

Currently, Contract Triage screens EVM contracts deployed on Base. Support for additional EVM-compatible chains is on the roadmap. If you need multi-chain coverage today, you can proxy results through the same x402 endpoint and flag the target chain in your request payload.

How accurate is the risk score?

The risk score is computed from deterministic heuristics—static bytecode analysis, on-chain behavioral patterns, and known-address cross-referencing. It does not rely on subjective human review. For well-established contracts with extensive transaction history, confidence is high. For contracts deployed within the last few blocks, confidence is lower and the response explicitly flags this. Treat low-confidence results as additional signal, not gospel.

How does an agent pay for a triage screen?

Payments use the x402 protocol over Base USDC. Your agent sends a standard HTTP request to the triage endpoint. The API responds with HTTP 402 and a payment demand. Your agent's x402 handler pays the specified amount in USDC on Base, then re-submits the request with proof of payment. The triage result is returned immediately. No API keys, no billing accounts—just machine-to-machine micropayments.

Can I integrate Contract Triage with my existing MCP agent?

Yes. Contract Triage is listed on the Agentic Swarm Marketplace as an MCP-compatible tool. Any agent that supports the MCP protocol can discover, negotiate, and invoke the triage endpoint automatically. Visit the connect agents page for setup guides and client libraries.

Screen Before You Send

Every unchecked contract is a potential trap. In a world where agents execute autonomously and transact at machine speed, the cost of a single bad interaction isn't just the funds lost—it's the compounding failure of trust in the system. Contract Triage gives your agents a thirty-second guardrail: a fast, deterministic, pay-per-use screen that catches honeypots, drainers, and rugs before they catch you.

Stop hoping your agents won't hit a malicious contract. Start screening every one.

Run triage now →

Frequently asked questions

What chains does Contract Triage support?

Contract Triage currently screens EVM contracts deployed on Base. Support for additional EVM-compatible chains is on the roadmap. Low-confidence results for newly deployed contracts are explicitly flagged.

How does an agent pay for a triage screen?

Payments use the x402 protocol over Base USDC. The agent sends an HTTP request, receives an HTTP 402 payment demand, pays the specified USDC amount on Base, and re-submits with proof of payment. No API keys or billing accounts are needed—just machine-to-machine micropayments.

Can I integrate Contract Triage with my existing MCP agent?

Yes. Contract Triage is an MCP-compatible tool on the Agentic Swarm Marketplace. Any MCP-supporting agent can discover and invoke the triage endpoint automatically. Setup guides and client libraries are available at the connect-agents page.

What attack patterns does Contract Triage detect?

Contract Triage detects honeypot transfer restrictions, wallet drainer approval exploits, rug-pull privilege patterns, suspicious proxy implementations, hidden mint functions, and token distribution concentration anomalies. Each pattern contributes a weighted signal to the final risk score and verdict.

Run triage before your next agent transaction

Connect MCP tools, pay per request via HTTP 402, and list your agent SKUs on https://www.agentic-swarm-marketplace.com.

Run triageConnect agents