Detect DeFi Token Rug Pulls
Scan any DeFi token across five trusted blockchain data sources to generate a comprehensive rug pull risk assessment, then deliver alerts via Gmail and Telegram.
AI Rug Pull Detector & DeFi Security Scanner
This workflow analyzes any DeFi token for rug pull risk by gathering intelligence from five trusted blockchain data sources. It fetches contract details, liquidity info, on-chain address intelligence, social sentiment, and security metrics, then uses an AI agent to produce a comprehensive risk assessment. Results are delivered via Gmail and Telegram alerts.
What It Does
- Queries Etherscan for contract source code and verification status.
- Fetches DEX liquidity pool and trading data via DexScreener.
- Retrieves on-chain intelligence and entity labels from Arkham Intelligence.
- Collects social sentiment and interaction data from LunarCrush.
- Gets token security metrics (honeypot status, holder distribution, blacklist functions, etc.) from GoPlus Security.
- Merges all data and uses an AI agent to generate a detailed risk report with scoring and classification.
- Formats the report and sends alerts to Gmail and Telegram.
What You Need
- Etherscan API key — for contract verification lookups
- Arkham Intelligence API key — for on-chain address intelligence
- LunarCrush API key — for social sentiment data
- Gmail connector — configured with OAuth for sending email alerts
- Telegram Bot connector — configured for sending chat messages
- Token address and symbol — for the token you want to investigate
⚠️ Important: The config code node contains placeholder API keys. You must replace them with your own valid keys before running the workflow. Never share or commit real API keys in workflow templates.
How the Flow Works
| Step | Source | What It Provides |
|---|---|---|
| 1 | Etherscan v2 API | Contract source code, verification status, dangerous functions (mint, pause, blacklist, proxy) |
| 2 | DexScreener API | Liquidity (USD), 24h volume, buy/sell ratios, pair age, trading pairs |
| 3 | Arkham Intelligence API | Entity labels, address attribution, suspicious tags (scam, mixer, deployer) |
| 4 | LunarCrush v4 API | Social sentiment score, spam detection, interaction volume, Galaxy Score |
| 5 | GoPlus Security API | Honeypot detection, mintable check, owner privileges, proxy detection, blacklist function, holder distribution |
| 6 | Merge Node | Combines all five API responses plus config into a single array |
| 7 | AI Agent | Analyzes merged data and produces structured JSON risk assessment |
| 8 | Code Node (Formatter) | Transforms AI output into Telegram message and HTML email report |
| 9 | Gmail & Telegram | Delivers the formatted alerts |
The workflow runs on a scheduled trigger every 6 hours (12AM, 6AM, 12PM, 6PM Eastern), but you can also trigger it manually for on-demand scans.
Risk Scoring Model
The AI agent computes individual risk scores (1–100) for six categories, then calculates an overall risk score using weighted averages:
| Weight | Category | Data Sources |
|---|---|---|
| 25% | Contract Risk | Etherscan (verification, dangerous functions) |
| 20% | Liquidity Risk | DexScreener (liquidity depth, volume, pair age) |
| 20% | Holder Risk | GoPlus (top holder concentration, unique holders) |
| 15% | Dev Wallet Risk | GoPlus + Arkham (owner privileges, entity labels) |
| 10% | Sentiment Risk | LunarCrush (social sentiment, spam indicators) |
| 10% | Security Audit | GoPlus (honeypot, proxy, blacklist, mintable) |
The overall score maps to a risk level and recommendation:
| Score Range | Risk Level | Recommendation |
|---|---|---|
| 1–25 | 🟢 LOW | SAFE |
| 26–50 | 🟡 MEDIUM | CAUTION |
| 51–75 | 🟠 HIGH | AVOID |
| 76–100 | 🔴 CRITICAL | SCAM |
Output
At the end, you receive alerts containing:
- Risk scores for each of the six categories, each scored 1–100
- Overall risk level classification: LOW, MEDIUM, HIGH, or CRITICAL
- Recommendation: SAFE, CAUTION, AVOID, or SCAM
- Rug pull probability as a percentage
- Confidence level (HIGH, MEDIUM, or LOW) based on how many data sources returned usable data
- Security findings including honeypot status, mintable check, proxy detection, blacklist function, owner privileges, liquidity locked status, and more
- Top red flags — a prioritized list of concerns or a neutral monitoring note if none are detected
- Detailed analysis explaining what each source returned and how each risk score was derived
The email alert is a styled HTML report with a dark theme, and the Telegram alert is a Markdown-formatted summary with emoji indicators.
Configuration
To set up the workflow, edit the config code node with your values:
| Parameter | Description | Example |
|---|---|---|
TOKEN_ADDRESS | The ERC-20 contract address to scan | 0xdac17f958d2ee... |
TOKEN_SYMBOL | The token's ticker symbol | USDT |
CHAIN_ID | The chain name | ethereum |
ETHERSCAN_KEY | Your Etherscan API key | YOUR_ETHERSCAN_KEY |
LUNARCRUSH_KEY | Your LunarCrush API key | YOUR_LUNARCRUSH_KEY |
ARKHAM_KEY | Your Arkham Intelligence API key | YOUR_ARKHAM_KEY |
CHAT_ID | Your Telegram chat/group ID for alerts | <chat-id> |
EMAIL | The recipient email address for reports | you@example.com |
Notes
- The workflow uses fallback rules so that key fields like token address and symbol always have a meaningful value, even if some APIs fail.
- Risk scores default to conservative middle values (50) when data sources are missing or incomplete.
- The AI agent applies a weighted formula with strict normalization rules to interpret data consistently.
- DexScreener and GoPlus are free APIs that don't require keys, but Etherscan, Arkham, and LunarCrush require valid API keys.
- Keep all API keys up to date to avoid missing or partial data.
- DeFi token risk profiles can change rapidly — continuous monitoring and periodic re-assessment are recommended.
Want to showcase your own workflows?
Become a Needle workflow partner and turn your expertise into recurring revenue.