Is Contract Scanner free?

Yes, Contract Scanner is free to use.

How do I install Contract Scanner?

Contract Scanner is a local plugin. Install it using npm package: @fino314-oss/contract-scanner-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Contract Scanner need?

Contract Scanner requires the following credentials or environment variables: BASESCAN_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Contract Scanner?

Contract Scanner uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Contract Scanner MCP Server

by Fino Oss

Developer ToolsModerate7.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Scans Base L2 smart contracts for security risks. Risk score 0-100, detects backdoors & proxies.

About

Scans Base L2 smart contracts for security risks. Risk score 0-100, detects backdoors & proxies.

Security Report

7.2

Moderate7.2Low Risk

Valid MCP server (2 strong, 4 medium validity signals). 3 known CVEs in dependencies (0 critical, 2 high severity) ⚠️ Package registry links to a different repository than scanned source. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.

4 files analyzed · 4 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

BaseScan API key for source code analysis (optional — basic bytecode scan works without it)Required

Environment variable: BASESCAN_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-fino-oss-contract-scanner": {
      "env": {
        "BASESCAN_API_KEY": "your-basescan-api-key-here"
      },
      "args": [
        "-y",
        "contract-scanner-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Contract Security Scanner — MCP Server

Scan any Base L2 smart contract for security risks directly from your AI assistant.

3 tools exposed:

scan_contract — Full security scan (source verification, risky selectors, age, activity)
batch_scan — Compare up to 5 contracts side by side
interpret_risk — Get an actionable recommendation (SAFE / CAUTION / HIGH_RISK / DO_NOT_USE)

Risk score: 0-100. Analyzes: mint/blacklist/backdoor functions, proxy patterns, source verification, contract age, transaction activity.

Installation

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "contract-scanner": {
      "command": "node",
      "args": ["/Users/sam/Desktop/samDev/p8/mcp/server.js"]
    }
  }
}

Restart Claude Desktop. The tools appear automatically.

Cursor

Add to .cursor/mcp.json (project) or ~/.cursor/mcp.json (global):

{
  "mcpServers": {
    "contract-scanner": {
      "command": "node",
      "args": ["/Users/sam/Desktop/samDev/p8/mcp/server.js"]
    }
  }
}

Cline (VS Code extension)

Open Cline settings → MCP Servers → Add server
Set type: stdio
Command: node /Users/sam/Desktop/samDev/p8/mcp/server.js

Any MCP client (generic)

The server uses stdio transport — just pipe JSON-RPC messages:

node /Users/sam/Desktop/samDev/p8/mcp/server.js

Usage examples

Once connected, just ask your AI assistant naturally:

"Scan this contract before I approve: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"

"Compare the risk of these 3 Aave clones: 0x... 0x... 0x..."

"Is this token safe to buy? 0x4ed4e862860bed51a9570b96d89af5e1b0efefed"

What gets analyzed

Check	Source
Source code verified?	BaseScan API
Mint / burn functions	Bytecode selector scan
Pause / freeze	Bytecode selector scan
Blacklist / whitelist	Bytecode selector scan
Backdoors (rescueTokens, withdrawAll)	Bytecode selector scan
Upgradeable proxy	BaseScan + delegatecall detection
Contract age	BaseScan transaction history
Activity level	BaseScan recent txs

Risk scoring

Score	Label	Meaning
0-9	SAFE	No red flags
10-29	LOW	Minor concerns
30-49	MEDIUM	Elevated risk — review before interacting
50-69	HIGH	Significant risk — small amounts only
70+	CRITICAL	Avoid — potential rug or backdoor

Technical notes

Chain: Base L2 only (https://mainnet.base.org)
API: BaseScan free tier (no key needed for basic checks; set BASESCAN_API_KEY env var for full source analysis)
No wallet needed: read-only RPC calls only
Latency: ~2-5s per contract (network dependent)

Built on Base. Agent wallet: 0x804dd2cE4aA3296831c880139040e4326df13c6e

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

mcp-creator-typescript

Free

by mcp-marketplace · Developer Tools

Scaffold, build, and publish TypeScript MCP servers to npm — conversationally

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Contract Scanner MCP Server

About

Security Report

Findings (4)Action required

Permissions Required

What You'll Need

How to Install

Documentation

Contract Security Scanner — MCP Server

Installation

Claude Desktop

Cursor

Cline (VS Code extension)

Any MCP client (generic)

Usage examples

What gets analyzed

Risk scoring

Technical notes

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent

Contract Scanner MCP Server

About

Security Report

Findings (4)Action required

Permissions Required

What You'll Need

How to Install

Documentation

Contract Security Scanner — MCP Server

Installation

Claude Desktop

Cursor

Cline (VS Code extension)

Any MCP client (generic)

Usage examples

What gets analyzed

Risk scoring

Technical notes

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent