Query token audit Skill from Binance

[markusha77]

New Skill Contribution

Skill Info

• Skill ID: query-token-audit
• Category: Blockchain
• Description: Query token security audit details to detect scams, honeypots, malicious contract risks, and dangerous trading conditions before swapping.

Checklist

• SKILL.md has valid YAML frontmatter with all required fields
• Skill ID matches the directory name
• Category is one of: productivity, development, communication, writing, research, other
• Instructions are clear and self-contained
• Instructions are under 4000 tokens
• No external URLs referenced in instructions
• Tested the skill with an AI agent and it produces good results
• Added usage examples in the frontmatter

Testing

Describe how you tested this skill:

Notes

Any additional context or notes for reviewers.

[greptile-apps]

Greptile Summary

This PR adds a new query-token-audit skill that wraps the Binance Web3 token security audit API, enabling agents to perform pre-trade safety checks by detecting honeypots, rug pulls, and malicious contract patterns across BSC, Base, Ethereum, and Solana. The skill structure is clear and well-documented, but has a blocking issue: the category field uses Blockchain, which is not a valid value per the repository's contribution schema — this will fail the automated frontmatter validation described in CONTRIBUTING.md.

Key findings:

• Blocking: category: Blockchain is invalid — must be one of productivity, development, communication, writing, research, or other
• Documentation gap: The source: agent header appears in the example curl request but is absent from the documented Request Headers section, creating an ambiguity about whether it is required
• Minor inconsistency: riskLevel is described as range 1-5 in the response field table, but the Risk Level Reference table shows 0-1 as a valid band, meaning 0 is a valid value not reflected in the field description
• Guideline deviation: External URLs are referenced in the instructions contrary to CONTRIBUTING.md guideline feat: add weekly-review skill #3; the author left the relevant checklist item unchecked but this needs explicit maintainer sign-off
• The skill has not been tested with an AI agent (checklist item unchecked), which is also a noted gap

Confidence Score: 2/5

• Not safe to merge — the skill uses an invalid category value that will fail automated validation, and has an undocumented required header in the API example.
• Two P1 issues block merging: an invalid category field that violates the enforced contribution schema, and a source: agent header present in the example curl but missing from the documented headers table (introducing ambiguity about what an agent needs to send). Additionally, the skill hasn't been tested with an AI agent and references external URLs contrary to guidelines.
• skills/query-token-audit/SKILL.md requires attention for the invalid category value and the incomplete request headers documentation.

Important Files Changed

Filename

Overview

skills/query-token-audit/SKILL.md

New skill for querying the Binance token security audit API. Contains an invalid category: Blockchain value (must be one of the allowed values per CONTRIBUTING.md), a source: agent header present in the example curl but absent from the documented request headers table, and a minor inconsistency where riskLevel is described as range 1-5 but the reference table shows 0 as a valid value. External URLs are also used contrary to contribution guidelines, though acknowledged by leaving that checklist item unchecked.

Sequence Diagram

sequenceDiagram
    participant User
    participant Agent
    participant BinanceAPI as Binance Web3 API

    User->>Agent: "Check if this BSC token is safe before I buy it"
    Agent->>Agent: Extract contractAddress + chainId from user input
    Agent->>Agent: Generate UUID v4 for requestId
    Agent->>BinanceAPI: POST /bapi/defi/v1/public/wallet-direct/security/token/audit<br/>{ binanceChainId, contractAddress, requestId }
    BinanceAPI-->>Agent: { code, data: { hasResult, isSupported, riskLevelEnum, riskLevel, extraInfo, riskItems[] } }
    alt hasResult=false OR isSupported=false
        Agent->>User: "Audit data not available for this token"
    else hasResult=true AND isSupported=true
        Agent->>Agent: Parse riskLevel (0-5) and riskLevelEnum
        Agent->>Agent: Filter riskItems where isHit=true
        Agent->>User: Summary of risk level + flagged risk items<br/>+ disclaimer
    end

Loading

_{Last reviewed commit: "add Query Token Audi..."}

[greptile-apps]

Invalid category value

The category field is set to Blockchain, which is not one of the valid values defined in CONTRIBUTING.md. The allowed values are: productivity, development, communication, writing, research, or other.

Despite the PR checklist marking this box as ✅, the value used does not conform to the schema. The PR checklist review system also flags this automatically per the repository's CI description.

The correct value for this skill would be other (or development, given it's an API integration skill).

Suggested change

	category: Blockchain
	category: other

[greptile-apps]

source: agent header missing from documented headers

The "Request Headers" section (lines 56–60) only documents Content-Type and Accept-Encoding, but the example curl command on line 66 also sends a third header:

--header 'source: agent'

If source: agent is required or meaningful for the API to behave correctly, omitting it from the headers table is a documentation gap that will cause agents following only the table to send requests without it. Conversely, if it is optional or has no effect, it should be removed from the example to avoid confusion.

Please either add it to the headers table with a description of what it does, or remove it from the example request.

[greptile-apps]

riskLevel range description is inconsistent

The response field table documents riskLevel as number (1-5), but the Risk Level Reference table directly below it shows 0-1 as a valid range, implying riskLevel can be 0. An agent interpreting the field description literally would not handle a riskLevel: 0 response correctly (e.g., might treat it as an out-of-range/unexpected value).

Suggested change

	| riskLevel | number | Risk level number (1-5) |
	| riskLevel | number | Risk level number (0-5) |

[greptile-apps]

External URLs in instructions (unchecked checklist item)

The PR checklist item "No external URLs referenced in instructions" is explicitly unchecked, and the skill does embed the live Binance endpoint URL directly in the instructions:

https://web3.binance.com/bapi/defi/v1/public/wallet-direct/security/token/audit

Per CONTRIBUTING.md guideline #3: "Don't reference external URLs — Skills should be self-contained."

For an API-integration skill this is somewhat unavoidable, but it's worth noting this is a deliberate deviation from the guidelines that may need explicit maintainer approval.