IRONCLAD Documentation
Autonomous AI security agent protecting the x402 payment ecosystem on Base. 5 skills, 1 API, zero exploits.
5 Sub-Agents
Scanner, Identity, Threat, Alert, Forensics — each autonomous, coordinated by orchestrator.
<200ms Scans
Fork-simulate any transaction on Base before your agent pays a single wei.
MCP + REST + XMTP
Connect via MCP protocol, direct API, or chat commands in XMTP.
Quick Start
Option 1 — MCP (Claude Desktop / Claude Code)
{
"mcpServers": {
"ironclad": {
"command": "npx",
"args": ["-y", "@ironclad-agent/mcp-server"],
"env": {
"IRONCLAD_API_URL": "https://ironclads.app"
}
}
}
}Option 2 — Direct API
curl -X POST https://ironclads.app/api/v1/scan-transaction \
-H "Content-Type: application/json" \
-d '{"to_address":"0x7a3f...9e2d","value":"500000000000000000"}'Option 3 — Bankr Skill
> install the ironclad skill from https://github.com/ironclad-agent/skillsOption 4 — XMTP
Send a message to IRONCLAD's XMTP address:
scan 0x7a3f...9e2d
rug 0xdead...beef
trust 0x1234...abcdAuthentication
Public tier requires no authentication. Rate limited to 3 scans/day per IP.
For premium tiers, hold $ICLAD in your wallet and pass these headers:
X-Wallet-Address: 0xYourWallet...
X-Wallet-Signature: 0xSignedMessage...| Tier | Requirement | Rate Limit |
|---|---|---|
| PUBLIC | Free | 3/day |
| HOLDER | Any $ICLAD | 60/min |
| GUARDIAN | 10,000+ $ICLAD | 120/min |
| SENTINEL | Stake 100K+ | Unlimited |
scan-transaction
POST /api/v1/scan-transaction
Simulates a transaction on forked Base chain state and returns a security verdict.
Request
| Field | Type | Required | Description |
|---|---|---|---|
to_address | string | Yes | Target contract or EOA |
value | string | Yes | Value in wei |
chain_id | number | No | Default: 8453 (Base) |
from_address | string | No | Sender address |
calldata | string | No | Hex-encoded calldata |
Response
{
"safe": false,
"risk_score": 72,
"verdict": "BLOCK",
"signals": [
{
"type": "UNLIMITED_APPROVAL",
"severity": "CRITICAL",
"detail": "Unlimited approval to unverified 0xdead..."
}
],
"gas_estimate": 127403,
"simulated_block": 28491203,
"scan_time_ms": 187
}Verdicts
| Verdict | Risk Score | Action |
|---|---|---|
| SAFE | 0-29 | Proceed |
| WARN | 30-69 | Proceed with caution |
| BLOCK | 70-100 | DO NOT execute |
check-agent-trust
POST /api/v1/check-agent-trust
Returns KYA (Know Your Agent) trust score and profile for any wallet.
Request
| Field | Type | Required | Description |
|---|---|---|---|
address | string | Yes | Wallet to evaluate |
depth | string | No | basic / standard / deep |
Response
{
"trust_score": 34,
"tier": "SUSPICIOUS",
"factors": {
"wallet_age_days": 2,
"tx_count": 7,
"code_verified": false,
"social_linked": false,
"world_id": false
},
"recommendations": [
"Wallet is only 2 days old",
"No verified social profiles"
]
}Trust Tiers
| Tier | Score | Meaning |
|---|---|---|
| SENTINEL | 90-100 | Battle-tested, safe |
| VERIFIED | 70-89 | Established track record |
| UNVERIFIED | 40-69 | Limited history |
| SUSPICIOUS | 20-39 | Red flags detected |
| HOSTILE | 0-19 | Confirmed malicious |
detect-rug
POST /api/v1/detect-rug
Analyzes a token contract for rug pull indicators and honeypot patterns.
Request
| Field | Type | Required | Description |
|---|---|---|---|
token_address | string | Yes | Token contract |
chain_id | number | No | Default: 8453 |
Response
{
"rug_risk_score": 78,
"verdict": "CRITICAL",
"signals": [
{ "signal": "hidden_mint", "weight": 35, "detail": "Owner can mint unlimited tokens" },
{ "signal": "no_liquidity_lock", "weight": 30, "detail": "LP tokens not locked" }
],
"liquidity_info": { "total_usd": 12400, "locked": false },
"deployer_history": { "address": "0xbad...", "previous_rugs": 3 }
}Risk Levels
| Verdict | Score | Action |
|---|---|---|
| SAFE | 0-29 | Low risk |
| CAUTION | 30-49 | Monitor closely |
| WARNING | 50-69 | Significant red flags |
| CRITICAL | 70-100 | Do NOT buy |
trace-funds
POST /api/v1/trace-funds
Traces fund flow from a transaction or address across chains.
Request
| Field | Type | Required | Description |
|---|---|---|---|
tx_hash | string | * | Transaction hash |
address | string | * | Wallet address |
max_hops | number | No | Default: 10 |
cross_chain | boolean | No | Default: true |
* Provide tx_hash OR address
Response
{
"flow": [
{ "from": "0xvictim...", "to": "0xattacker...", "amount": "50 ETH", "chain": "base" },
{ "from": "0xattacker...", "to": "0xmixer...", "amount": "50 ETH", "chain": "base" }
],
"endpoints": ["0xmixer..."],
"known_entities": [
{ "address": "0xmixer...", "name": "Tornado Cash", "type": "mixer" }
]
}monitor-contract
POST /api/v1/monitor-contract
Sets up continuous monitoring with webhook alerts.
Request
| Field | Type | Required | Description |
|---|---|---|---|
contract_address | string | Yes | Contract to watch |
webhook_url | string | Yes | Alert destination |
duration_hours | number | No | Max: 168 (7 days) |
alert_types | string[] | No | Events to watch |
Alert Types
ownership_change — Owner transferred or renounced
proxy_upgrade — Implementation contract changed
large_transfer — Unusual token movement
liquidity_removal — LP tokens withdrawn
approval_spike — Unusual number of approvals
self_destruct — Contract self-destructedMCP Server
Connect IRONCLAD as an MCP tool server to any compatible AI agent.
npx (one command)
npx @ironclad-agent/mcp-serverClaude Desktop config
{
"mcpServers": {
"ironclad": {
"command": "npx",
"args": ["-y", "@ironclad-agent/mcp-server"],
"env": {
"IRONCLAD_API_URL": "https://ironclads.app"
}
}
}
}MCP Tools exposed
| Tool Name | Maps To |
|---|---|
ironclad_scan_transaction | /api/v1/scan-transaction |
ironclad_check_trust | /api/v1/check-agent-trust |
ironclad_detect_rug | /api/v1/detect-rug |
ironclad_trace_funds | /api/v1/trace-funds |
ironclad_monitor_contract | /api/v1/monitor-contract |
Bankr Skill
Install IRONCLAD as a skill in any Bankr-powered agent:
> install the ironclad skill from https://github.com/ironclad-agent/skillsOnce installed, your agent can use all 5 skills via natural language:
"Scan this transaction before I execute: 0x7a3f...9e2d, 0.5 ETH"
"Check the trust score of 0x1234...abcd"
"Is this token a rug pull? 0xdead...beef"XMTP Commands
Send commands directly to IRONCLAD via XMTP encrypted messaging:
| Command | Example | Skill |
|---|---|---|
scan <address> | scan 0x7a3f...9e2d | scan-transaction |
trust <address> | trust 0x1234...abcd | check-agent-trust |
rug <token> | rug 0xdead...beef | detect-rug |
trace <tx_hash> | trace 0xabcdef... | trace-funds |
monitor <contract> | monitor 0x5678... | monitor-contract |
help | help | Show commands |
$ICLAD Tiers
| Tier | Requirement | Perks |
|---|---|---|
| PUBLIC | Free | Public alerts, basic lookups (3/day) |
| HOLDER | Any $ICLAD | All skills, webhooks, API access |
| GUARDIAN | 10,000+ | 50% off, deep scans, private channel |
| SENTINEL | Stake 100K+ | Free unlimited, custom rules, data export |
Pricing
Pricing details will be available after $ICLAD token launch on Bankr. All skills are currently free during beta.