{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreid75uimwyvgrkfs4wskosfxeey4ayd3dj2lqfi3pdg7qo222jybim",
"uri": "at://did:plc:25rdn5elo5izoxrmtis34zuk/app.bsky.feed.post/3mowvosatvww2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreibomvg5qqd7oj5j6qfgqt2i5csqkigjkpfpelphvfafwr67m2ggoa"
},
"mimeType": "image/webp",
"size": 70338
},
"path": "/mrwizardlyloaf/token-2022-traps-that-drain-ai-trading-agents-and-how-to-screen-them-33bo",
"publishedAt": "2026-06-23T07:41:00.000Z",
"site": "https://dev.to",
"tags": [
"solana",
"web3",
"ai",
"crypto",
"RugCheck AI"
],
"textContent": "Most \"rug pull\" content on Solana is about classic SPL tokens — mint authority, liquidity pulls, whale dumps. But the sharper edge now is **Token-2022** : a newer token standard whose _extensions_ give a creator powers a normal SPL token never had. For an autonomous trading agent that buys tokens by address, these are landmines.\n\nHere are the extensions that actually drain agents, and how to screen for them before a buy.\n\n## The dangerous extensions\n\n * **permanentDelegate** — the single worst one. The creator holds a permanent delegate that can move or burn **your** tokens out of **your** wallet, any time, with no further approval. You hold the token; they hold the keys to it.\n * **transferHook** — a custom program runs on every transfer and can make selling fail under conditions the creator chooses.\n * **pausable** — transfers (including your sell) can be paused at will.\n * **nonTransferable** — the token literally cannot be moved once you hold it. Permanent honeypot.\n * **defaultAccountState = frozen** — new holder accounts start frozen; the issuer decides who can transact.\n\n\n\nNone of these are visible on a chart or a typical token page. They live in the mint account, and they are readable on-chain — if your agent reads them before trading.\n\n## Screen for them in one call\n\nRugCheck AI reads the mint directly (getAccountInfo) and flags these extensions explicitly:\n\n\n check_authorities(\"<mint>\") -> mint/freeze authority + every Token-2022 extension, with the dangerous ones called out\n\n scan_token(\"<mint>\") -> { verdict: SAFE|CAUTION|DANGER, safety_score, risks: [...] }\n\n\nA token carrying permanentDelegate or a transfer hook comes back **DANGER** with the reason spelled out, before your agent spends anything.\n\n## Why \"read the chain directly\" matters\n\nIndexers and token lists often don't surface Token-2022 extension data, and they definitely don't have it for a token minted a minute ago. RugCheck AI calls getAccountInfo on the mint itself, parses the extensions, and gives a real verdict on a fresh launch instead of unknown. The screening tools are read-only and never touch your keys.\n\n## Wire it in\n\nStandard Streamable HTTP MCP server, no install, no API key. Add an mcpServers entry named rugcheck-ai pointing at the endpoint in Cline, Claude Desktop (via npx mcp-remote), or Cursor.\n\nEndpoint:\n\n\n https://web-production-58d585.up.railway.app/mcp\n\n\nRule for your agent: **on DANGER, skip the token.** Repo and full 15-tool list: github.com/MrWizardlyLoaf/rugcheck-ai (official MCP Registry: io.github.MrWizardlyLoaf/rugcheck-ai).",
"title": "Token-2022 Traps That Drain AI Trading Agents (and How to Screen Them)"
}