@solsentry/mcp

Three interfaces, one package. SolSentry — post-deploy Solana threat intelligence — distributed as MCP server, TypeScript SDK, and a Claude Skill bundle.

What this is

Surface	Use it when	Install
MCP server	AI agents (Claude Desktop, Cursor, Claude Code, any MCP client)	npx @solsentry/mcp
TypeScript SDK	TS backends, bots, wallets, dApps that don't speak MCP	import { SolSentryClient } from "@solsentry/mcp/client"
Skills bundle	Claude Code / Cursor with the Agent Skills spec	npx skills add @solsentry/mcp

All three call the public REST API at api.solsentry.app. No API key required for read endpoints.

Live system snapshot (May 14, 2026)

• 56,159 predictions · 88.8% accuracy (resolved) · 93.2% resolution rate
• 96.6% CRITICAL precision · 98.9% HIGH precision (607 FP events / 231 unique mints at CRITICAL — every FP is a threshold edge case, full audit at /v1/predictions/{mint})
• 6,352 operators tracked · 1,477 serial deployers · 21,711 confirmed rugs · 7,968 bot clusters
• 742h continuous mainnet (~31 days) on a single Hetzner VPS
• Multi-tier RPC pool: Helius (DAS + Enhanced TX) + Alchemy + RPC Fast (tier-0 round-robin, Frontier 2026)
• Multi-source data layer: Dune Sim, Covalent / GoldRush, Zerion, Arkham (entity graph), Nansen (wallet labels), InsightX (holder + bundle), Birdeye + DexScreener (price + liquidity), Solscan + Jupiter (metadata)
• AI: Anthropic Claude (multilingual risk explainer, PT-BR primary + EN)
• Privacy rails: Cloak + Umbra (Frontier 2026 partners — rail-agnostic operator screen)
• x402 paid endpoints: mainnet-enforcement ready
• Colosseum Frontier 2026 submission · Arena profile

Numbers drift daily as predictions resolve — verify live: curl https://api.solsentry.app/v1/stats

What's in this repo

solsentry-mcp/
├── src/                            ← TypeScript source (MCP server + SDK)
├── skills/
│   └── solsentry-postdeploy/       ← 1 skill, 6 references (progressive disclosure)
│       ├── SKILL.md                  orchestrator: when to load each reference
│       └── references/
│           ├── threat-intel.md     · generic risk lookup
│           ├── counterparty.md     · pre-CPI counterparty check
│           ├── monitor.md          · post-deploy program monitoring
│           ├── forensics.md        · post-incident drain trace
│           ├── token-launch.md     · pre-launch readiness for your own token
│           └── cluster-graph.md    · operator/bot network exploration
└── docs/                           ← public reference docs
    ├── risk-scoring.md             · scoring methodology + thresholds
    ├── flags.md                    · canonical flag glossary
    ├── openapi.yaml                · machine-readable REST spec
    └── x402-example.md             · paid endpoint integration example

SolSentry monitors Solana mainnet continuously and tracks serial rug pull operators, bot clusters, and malicious token launches. The data is refreshed every 30 seconds and available to any client that speaks MCP or plain HTTP.

Quick start

npx @solsentry/mcp

Claude Desktop

claude_desktop_config.json:

{
  "mcpServers": {
    "solsentry": {
      "command": "npx",
      "args": ["-y", "@solsentry/mcp"]
    }
  }
}

Cursor / Claude Code

.mcp.json:

{
  "mcpServers": {
    "solsentry": {
      "command": "npx",
      "args": ["-y", "@solsentry/mcp"]
    }
  }
}

Tools

Tool	Purpose
check_operator	Risk profile of a wallet as a token deployer. Rug count, tags, risk level.
check_token	Risk profile of a token mint. Score, flags, operator history, bundle detection.
get_top_operators	Leaderboard of worst serial ruggers.
get_network_stats	System-wide stats: scans, accuracy, operators, clusters.
explain_risk	Plain-English risk summary for any address (wallet or mint).

Risk levels

Level	Criteria
CRITICAL	10+ confirmed rugs or token confirmed as rug
HIGH	5+ confirmed rugs or risk score ≥ 80
MEDIUM	2+ confirmed rugs or risk score ≥ 50
LOW	1 confirmed rug or risk score > 0
CLEAN	No rugs, has tracked tokens
UNKNOWN	Not in database

Configuration

Environment variable	Default	Purpose
SOLSENTRY_API_URL	https://api.solsentry.app	API endpoint
SOLSENTRY_API_KEY	—	Bearer token for authenticated endpoints

TypeScript SDK

Use the same client the MCP server uses, directly from your TypeScript code:

import { SolSentryClient } from "@solsentry/mcp/client";

const sol = new SolSentryClient();

const op = await sol.get<{ risk_level: string; confirmed_rugs: number }>(
  "/v1/operator/4kxscuteRLQdNiTXA33YYsvywAPNA6DQTifswxjL5pH1",
);

if (op.risk_level === "CRITICAL") {
  console.warn(`Serial rugger detected: ${op.confirmed_rugs} confirmed rugs`);
}

Useful for trading bots, wallet warnings, dApp pre-sign checks, and any backend that needs threat-intel without the MCP transport.

REST API

Everything this package does is also available via plain HTTP, no install:

curl https://api.solsentry.app/v1/stats
curl https://api.solsentry.app/v1/operator/4kxscuteRLQdNiTXA33YYsvywAPNA6DQTifswxjL5pH1
curl https://api.solsentry.app/v1/top-operators?limit=5

Full endpoint reference: https://solsentry.app/docs/api-reference

Drain-trace

The endpoint /v1/drain-trace/{wallet} traces post-rug SOL flow up to 10 hops through mixers, bridges, and CEXs. Requires an API key with credits.

Free for verified victims — if the wallet received a drain alert from SolSentry first, drain-trace on that wallet is free.

Requirements

• Node.js ≥ 18

License

MIT

Links + Contact

• Site: solsentry.app
• X (project): @solsentryai
• Telegram: t.me/solsentryai
• GitHub: github.com/solsentry
• Email: hello@solsentry.app
• Built by: Crash Diniz · @crashdiniz