TrustLayer

Before you connect your wallet, check the score.

TrustLayer is the wallet-agnostic preflight check for AI agents.

Mechanical detection first, AI explains. Same input, same grade — every time.

Scan a contractRead the docs

Powered by deterministic tools that don't hallucinate

What we scan

Four layers. One grade.

Each layer is a deterministic tool that runs on the contract behind the agent. Together they form a weighted composite no single detector can game.

Vulnerabilities visual30% weight

Vulnerabilities

Slither runs ~90 static detectors — reentrancy, shadowing, assembly misuse, unsafe arithmetic. The single largest layer in the composite.

See it run →
Token Risk visual20% weight

Token Risk

Dedaub TokIn supplies 12 canonical flags: honeypot, hidden sell tax, owner can mint or blacklist, transfer pause, proxy manipulation.

See it run →
Permissions visual20% weight

Permissions

Six dangerous capabilities (self-destruct, owner drain, arbitrary call, no access control) scored against six positive patterns (whitelist, time-lock, daily cap, multi-sig).

See it run →
Wallet Approvals visual15% weight

Wallet Approvals

Every active ERC20 allowance the agent can spend, scanned via multicall3. Unlimited approvals flagged, blast radius quantified.

See it run →
How it works

Eight steps. Eight seconds. One grade.

The pipeline runs end-to-end on Solidity source, bytecode, or a deployed address. Every step emits a structured event; the score is computed before the AI is called. Solana runs a streamlined 4-step variant — authority freeze, TX history, SPL approvals, source verification — tuned to BPF program models.

01Acquire

Fetch and decompile

Etherscan V2 fetches the verified source — or the bytecode if it isn't. When only bytecode is available, Dedaub's on-demand decompiler reconstructs pseudo-Solidity so static analysis still runs.

02Detect

Slither plus TokIn

Slither runs ~90 static detectors. Dedaub TokIn adds 12 token-specific risk flags. Together they carry 50% of the composite — both deterministic, both reproducible.

03Map

Permissions, history, approvals

Six dangerous capability patterns vs six positive ones. Etherscan transaction history for anomalies. A multicall3 round-trip pulls every active ERC20 allowance the agent can spend.

04Score

Composite grade, then AI explains

Weighted composite produces the A+ → F grade with security overrides: two or more High findings caps at F (20), one High caps at D (44), Slither-not-run caps at B+ (80). The AI takes the structured findings and writes the plain-English summary. The score is computed before the AI is called.

Where it runs

Three surfaces. Same engine.

Whether you paste an address in the browser, ask Claude Code, or pipe a folder of .sol files through your CI — same orchestrator, same grade, same overrides.

Web

Scanner

Paste Solidity source, EVM bytecode, or a deployed address. Live pipeline progress strip, color-coded grade panel, per-step event log. The route you're one click away from.

Terminal

CLI

Script the pipeline. trustlayer analyze prints a formatted report or raw JSON for jq. Gate PRs on minimum grade in three lines of YAML.

Editor

MCP server

Seven tools over stdio. Ask Claude Code, Cursor, Windsurf, Continue, or Zed: "is agent 0x… safe?" and get the A+ → F grade back in the same conversation. No copy-paste to a browser.

Numbers that compound

Real figures from a deterministic engine. Same inputs tomorrow, same outputs.

$45M+

Lost to AI-agent security attacks in Q1 2026 alone. The preflight check exists because the damage is real.

5

Chains supported: Ethereum, Base, Arbitrum, Optimism, Solana. EVM gets the full 8-step pipeline; Solana runs a streamlined 4-step variant.

100/100

Lighthouse score on /scanner — accessibility, best-practices, SEO, agentic browsing. Verified on every PR.

Verified scans

Same input. Same grade. Every time.

Five canonical targets. Paste the address tomorrow, next week, next month — the score doesn't move. Mechanical first, AI explains.

Reproduced against mainnet
A+100/100 · Audited
WETHEthereum

Zero High, zero Medium. +15 safety bonus applied.

A+97/100 · Audited
SafeAgentSolidity source

Whitelist, daily limit, 24h time-lock, reentrancy guard.

B+83/100 · Mostly safe
USDCEthereum

3 Medium findings (constant-function-asm). Honest, not generous.

F20/100 · Danger
MaliciousAgentSolidity source

Self-destruct, owner drain, arbitrary call. Cap-20 enforced.

About

Built in the open

Six packages, one pipeline. The same scoring engine runs whether you call it from the terminal, the browser, or your AI agent. Every commit is public on GitHub.

pipeline
$ new PipelineService().runAnalysis({ source, chain })

@trustlayer/core

Scoring engine

The pipeline. Slither for static bugs, Dedaub for token risks, plus permissions, wallet approvals, transaction history, and AI intent. Outputs one score from 0 to 100 with a letter grade.

cli
$ pnpm cli analyze 0xA0b8...3606eB48

@trustlayer/cli

Terminal scanner

Run a scan from any shell. Accepts a Solidity file, an EVM address, or a Solana program. Prints a formatted report by default, or raw JSON with --json for piping into scripts.

web
$ open localhost:3000/scanner

@trustlayer/web

Scanner + landing

Next.js 16, React 19, Tailwind v4. The landing tells the story; /scanner runs the same pipeline as the CLI in real time, in the browser.

mcp
$ pnpm mcp # stdio, drop into your AI tool

@trustlayer/mcp-server

AI agent tool

Model Context Protocol server. Hook it into Claude Code or Cursor, then ask about any contract in plain English. TrustLayer runs the pipeline behind the scenes and the agent explains the result.

types
$ import type { Finding, ScoreGrade } from "@trustlayer/schema"

@trustlayer/schema

Shared types

TypeScript types for findings, scores, and pipeline events. Imported by every other package so the CLI, web, and MCP server never drift out of sync.

sol
$ MaliciousAgent.sol → F (20/100)

@trustlayer/contracts

Demo fixtures

Eight Solidity contracts with known bugs: reentrancy, DAO hack, flash loan manipulation, missing access control. Used to verify the pipeline still flags what it should.

Why builders trust it

Three properties that make the engine safe to depend on.

50%

Of the composite is deterministic — Slither (30%) plus Dedaub (20%). AI carries 5%. Both reproducible.

Mechanical first, AI explainsPipeline principle

The score is computed before the AI is called. Detection runs on Slither and Dedaub; the LLM only translates the structured findings into a paragraph a non-developer can act on. Hallucination in the explanation does not affect the grade.

The engine refuses to be impressedSecurity override

Two or more High Slither findings caps the score at F (20 max), one High caps at D (44 max), missing Slither caps at B+ (80 max). The cap reason shows on the result card. No amount of marketing copy moves the grade.

8 → 4

Steps in the EVM pipeline. Solana runs a streamlined 4-step variant tuned to BPF program models.

Get started

Three ways to use TrustLayer

Same engine, three surfaces. Pick the one that fits your workflow.

Web Scanner

Paste. Scan. Decide.

Open /scanner in your browser. No install, no keys for the demo fixtures. Mainnet scans need an Etherscan key.

Includes
  • Source, bytecode, or address input
  • Live pipeline progress strip
  • Color-coded grade panel
  • Per-step event log
Open scanner

MCP Server

Ask Claude Code.

Seven tools over stdio. Configure your editor once, then ask "is agent 0x… safe?" in plain English and get the grade inline.

Includes
  • trustlayer_analyze (full pipeline)
  • decompile, token_risk, permissions, approvals, score, fix
  • Works with Claude Code, Cursor, Windsurf, Continue, Zed
  • .mcp.json template included
Open scanner

CLI

Pipe-friendly. CI-ready.

Script the pipeline. trustlayer analyze prints formatted reports or raw JSON for jq. Gate PRs on minimum grade in three lines of YAML.

Includes
  • analyze, replay, fix commands
  • --type, --chain, --json flags
  • GitHub Actions + pre-commit recipes
  • Exit codes for unattended pipelines
Open scanner

Questions worth asking

The ones developers and security reviewers ask most. If something is still unclear, the docs go deeper.

A+ through A means safe to connect: limited permissions, audited contracts, clean history. F means do not connect: the contract can drain your wallet, has unaudited code, or shows suspicious patterns. Full bands: A+ ≥97, A ≥93, A- ≥87, B+ ≥80, B ≥73, B- ≥65, C+ ≥55, C ≥45, D ≥35, F <35.

The pipeline still runs but the grade caps at B+ (80 max). The result card shows the slither_not_run cap reason so you know what's missing. Install with `pip3 install --user slither-analyzer solc-select`.

Yes. The CLI ships with a GitHub Actions recipe and a pre-commit hook example. Fail the build below B+ in three lines of YAML. The CLI exits 0 on success even when the grade is F — CI gating logic reads the JSON and decides.

Only 5%. The pipeline runs deterministic tools (Slither, Dedaub, multicall3) and computes the score before the AI is called. The LLM takes the structured findings and writes a plain-English summary. Hallucination in the explanation does not affect the grade.

Five: Ethereum, Base, Arbitrum, Optimism, Solana. EVM chains run the full 8-step pipeline. Solana runs a streamlined 4-step variant (authority, TX, approvals, verify) tuned to BPF program models.

Model Context Protocol lets AI editors (Claude Code, Cursor, Windsurf, Continue, Zed) call external tools inline. With TrustLayer's MCP server configured, you can ask "is agent 0x… safe?" and get the A+ → F grade back in the same conversation — no copy-paste to a browser.

Get started

Ready to scan?

Paste a contract address, Solidity source, or bytecode. Get a reproducible trust grade in seconds — or drop us a line below.

Questions, integrations, or bounty pitches