Add vigil: Onchain security scanner for DeFi traders on Base

[vigilcodes]

Summary

Adds VIGIL — an agent-based MCP security server for onchain DeFi protection on Base.

What It Does

• Approval Scanner — List all ERC-20/ERC-721 approvals, flag unlimited approvals
• Token Scanner — Analyze contracts for rugpull indicators (hidden mint, proxy, tax manipulation, blacklist)
• Honeypot Detector — Simulate buy/sell to detect trap tokens
• Safety Score — 0-100 composite rating based on code analysis, ownership, liquidity
• Approval Revoker — Revoke dangerous approvals via Bankr transaction signing (gated, requires BANKR_API_KEY + explicit confirmation)
• Wallet Report — Full security posture assessment

The live endpoint now exposes 11 read-only tools (approvals, token scan, honeypot, safety score, wallet report, wallet monitor, market, deployer check, batch scan, scam check, sentinel status). Read-only scans need no API key.

MCP Integration

Runs as a standard MCP server (stdio/SSE). Compatible with Claude Desktop, Cursor, Aeon, and any MCP client. Plain JSON-RPC over POST https://mcp.vigil.codes/tools/call is also supported for shell clients.

Ecosystem

• ✅ Merged into the Aeon agent framework after a 3-round technical review (Add VIGIL: Onchain security scanner for Base (MCP server) aaronjmars/aeon#323)
• ⏳ This PR — Bankr skills

Files

• SKILL.md — Full skill definition with task guide
• scripts/ — shell scripts for CLI usage (hardened: strict ^0x[0-9a-f]{40}$ input validation, loud error handling)
• references/ — API docs, contracts, tokenomics, Bankr integration

GitHub

https://github.com/vigilcodes/vigil-mcp

Website

https://vigil.codes

[vigilcodes]

Pushed an update that makes the skill actually functional end-to-end.

What changed

• The scripts previously called a REST API that doesn't exist (api.bankr.bot/vigil/token/scan?...), so every command failed at runtime. They now call the live JSON-RPC endpoint POST https://mcp.vigil.codes/tools/call (verified 200).
• Added a shared _vigil_lib.sh helper with:
  • strict address validation (^0x[0-9a-f]{40}$) — rejects quotes/spaces/metacharacters before any curl (no shell injection),
  • chain validation,
  • a vigil_call() that checks HTTP status + JSON-RPC error bodies before parsing, so a failed call never reports a clean scan.
• Read-only scans (token, honeypot, score, approvals, report, market, deployer, scam check) need no API key. Only revoke requires Bankr.
• revoke / batch-revoke route signing through the Bankr agent (scan via VIGIL, sign via Bankr).
• Added scripts for the new tools: vigil-market.sh, vigil-deployer.sh, vigil-check-scam.sh.
• SKILL.md now documents 9 read-only tools and uses the hardened, error-checked call pattern.

Verified live against $VIGIL and a real wallet — e.g. vigil-score.sh → 83/100, low, vigil-honeypot.sh → not a honeypot (via GoPlus). Wallet approval scans return in ~1s.

Ready for review — thanks!

[vigilcodes]

Quick update for reviewers 🙏

VIGIL is now merged into the Aeon agent framework (aaronjmars/aeon#323) after a 3-round technical review — HTTPS endpoint, strict input validation, and verified end-to-end MCP calls all signed off.

Two notes:

• The website link in the original description is outdated — the live site is https://vigil.codes (not the old vercel URL).
• The live endpoint exposes 11 read-only tools at https://mcp.vigil.codes/tools/list (verified 200, no API key needed for read-only scans).

Ready for review whenever a maintainer has a moment. Happy to address any feedback.