Cabal Hunter
БесплатноНе проверенOn-chain Solana token safety for trading agents — traces coordinated wallet funding, same-block Jito bundles, serial-rug deployers and live coordinated dumps in
Описание
On-chain Solana token safety for trading agents — traces coordinated wallet funding, same-block Jito bundles, serial-rug deployers and live coordinated dumps into one Exit-Liquidity Risk verdict before a swap. Free tier, then $0.02 USDC/query via x402.
README
MCP server Solana Live demo Free tier Install MCP in VS Code Install MCP in Cursor ElizaOS plugin License: MIT
🌐 Available in 9 languages: English · Español · Português · Français · Deutsch · Nederlands · 中文 · 日本語 · 한국어

Stop your AI trading agents getting rugged by coordinated wallet cabals. Drop-in template for Claude Code, Cursor, and ElizaOS.
▶ Try it now: live bubble map of any Solana token → — no signup.
Cabal-Hunter is a free on-chain Solana token safety scanner and rug checker. It detects coordinated wallet cabals, same-block Jito bundle buys, serial-launcher deployers and coordinated dumps on any Solana mint (pump.fun, PumpSwap, Raydium) — and answers the one question that matters before you ape: are you the exit liquidity? Use it via MCP (Claude, Cursor, ElizaOS), a REST API, or a free visual bubble map.
The Problem
Your autonomous trading agent is reading rug.check scores, liquidity locks, and contract audits.
None of that catches a cabal.
A cabal is 15 fresh wallets — all funded from the same master wallet, all buying in the first 90 seconds of launch — quietly accumulating 25-40% of supply before your bot sees the first candle. Contract clean. LP burned. Everything green.
Then they dump. Simultaneously. Into your liquidity.
This template integrates Cabal-Hunter — a live on-chain funding tracer — as a pre-trade safety check so your agent catches coordinated launches before it signs a swap.
The one question it answers: are YOU the exit liquidity?
The classic pump.fun exit-liquidity setup: wallets positioned before the crowd take the bottom of a launch, then dump on the retail (and bots) that pile in after. Cabal-Hunter's headline output is a single Exit-Liquidity Risk verdict (LOW | ELEVATED | HIGH) that synthesises every signal below into the only thing that matters before you sign a swap: are the insiders positioned to dump on you?
What Cabal-Hunter Does — Seven Detection Layers
Token mint address
↓
0. EXIT-LIQUIDITY RISK — the headline verdict. Synthesises the layers
below (bundle, concentration, shared funder, coordinated dump, serial-
rug dev) into LOW | ELEVATED | HIGH: are insiders set up to dump on
a buyer? The one number a trading agent needs.
↓
1. FUNDING TRACE — top holders walked back to launch: who was funded
by the same source wallet? (classic cabal signature). Every cluster
carries evidence_txs[] — the actual funding transactions on Solscan.
↓
2. SAME-BLOCK BUNDLE DETECTION — holders whose token accounts were
created in the EXACT same slot bought in one Jito bundle. Catches
stealth launches that route funding through intermediaries to
evade layer 1. Returned as `time_sync: true`.
↓
3. COORDINATED DUMP DETECTION — ≥2 holders that SOLD a meaningful chunk
(≥25% of their bag each) in the EXACT same block — a cabal exiting in
real time. `coordinated_exit: true`, with sold_pct = % of supply
dumped and the sell transactions linked. Same-slot + meaningful-size +
distinct wallets = near-zero false positives.
↓
4. DEPLOYER TRACK RECORD — the creator wallet is resolved on-chain
(bonding curve pre-graduation, pump-amm pool after — works on any
age token), their full launch history pulled, and every previous
token checked: alive or dead?
↓
5. CEX-NOISE FILTER — holders funded from a shared exchange or
high-volume infra wallet are NOT a cabal. They're excluded from the
score and surfaced transparently in filtered_clusters[], so you never
get a false positive from people who just withdrew from Binance.
↓
6. HONEYPOT CHECK (Solana-native) — one RPC read of the mint account:
is the FREEZE authority live (issuer can freeze your tokens — the
sell-block lever)? is the MINT authority live (supply can be
inflated)? any Token-2022 traps (transfer fees up to 100%, transfer
hooks that block sells, permanent-delegate clawback)? On Solana a
"honeypot" is built from these — tokens have no per-token contract
code to audit. Returns `honeypot_risk: LOW | HIGH` +
`freeze_authority_revoked` / `mint_authority_revoked` /
`token2022_risks[]`.
↓
Returns: Cabal Score (0-100) + cluster map + deployer verdict
+ honeypot verdict + on-chain receipts + hard verdict
The deployer layer is the one cabals can't dodge: wallets rotate, deployers leave a paper trail. A response of "deployer": {"verdict": "SERIAL_LAUNCHER", "tokens_launched": 14, "dead": 13} shows you the dev's full track record before the first candle. (Honest context: most prolific pump.fun creators have high dead-token rates, so this signal is capped — it flags a token for review but never drives a HIGH verdict on its own.)
Receipts, not magic. Every cluster and red flag links to the underlying Solscan transaction (evidence_txs[], holders[].funding_tx) — verify the trail yourself instead of trusting a score.
Response in <100ms on pre-indexed tokens — every pump.fun graduation is scanned and cached automatically as it happens.
Free tier: 250 scans/month per IP. Then $0.001 USDC per scan — priced at cost (it covers the Helius RPC calls behind each live on-chain trace), paid natively on Solana. No account. No API key. No subscription.
Quick Start
1. Claude Code / Claude Desktop
Add to your MCP config (~/.claude/mcp.json or project .mcp.json):
{
"mcpServers": {
"cabal-hunter": {
"url": "https://api.cabal-hunter.com/mcp"
}
}
}
That's it. Claude will now call check_cabal_risk automatically when you ask it to analyse a Solana token.
Example prompt:
"Before we buy into this token, check if there are any coordinated wallets:
EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
Claude calls the tool, pays $0.001 USDC from your connected wallet, and returns the full analysis.
2. Cursor
Add to .cursor/mcp.json in your project root:
{
"mcpServers": {
"cabal-hunter": {
"url": "https://api.cabal-hunter.com/mcp"
}
}
}
3. ElizaOS (with automatic x402 payment)
If you're using ElizaOS with @hugen/plugin-x402-solana, payment is handled automatically. Add to your agent config:
{
"plugins": ["@hugen/plugin-x402-solana"],
"mcpServers": {
"cabal-hunter": {
"url": "https://api.cabal-hunter.com/mcp"
}
}
}
Your agent will call check_cabal_risk(mintAddress) before any swap and abort if cabalScore >= 35 or isControlled === true.
4. Direct REST API
For headless scripts, custom bots, or any language. The first 100 calls/month are free — no key, no signup. Just call it:
curl "https://api.cabal-hunter.com/api/scan-cabal?mintAddress=YOUR_MINT_ADDRESS"
You get the full analysis back immediately, with free_queries_remaining so you always know where you stand. Machine-readable contract: /openapi.json.
Once the free tier is used up, calls are $0.001 USDC via x402 — your agent just pays, no billing setup:
Step 1 — Request analysis (get payment instructions):
curl -X POST https://api.cabal-hunter.com/api/scan-cabal \
-H "Content-Type: application/json" \
-d '{"mintAddress": "YOUR_MINT_ADDRESS"}'
Response (HTTP 402):
{
"error": "payment_required",
"payment": {
"recipient": "ATYjZ1kWoHWhj74umGJ8wFqUeW1yeSGBbLi1UQpahPxt",
"amount_usdc": 0.001,
"memo_required": "ch-xxxx-xxxx-xxxx",
"instructions": "Send 0.001 USDC with this memo, then resubmit with X-Payment-Signature header"
}
}
Step 2 — Pay & resubmit:
curl -X POST https://api.cabal-hunter.com/api/scan-cabal \
-H "Content-Type: application/json" \
-H "X-Payment-Signature: YOUR_TX_SIGNATURE" \
-d '{"mintAddress": "YOUR_MINT_ADDRESS"}'
Response (HTTP 200):
{
"mint": "YOUR_MINT",
"token_name": "EXAMPLE",
"risk": "HIGH",
"cabal_score": 72.4,
"is_controlled": true,
"time_sync": true,
"verdict": "AVOID — 4 wallets bought in the EXACT same block (bundled launch), controlling 34.1% of supply. DEPLOYER ALERT: this creator has launched 14 tokens, 13 of 13 checked are dead (100%).",
"coordinated_clusters": [
{
"type": "funding",
"master_full": "FvbEKF...9RUg",
"master_short": "FvbEKF…9RUg",
"wallet_count": 4,
"combined_pct": 34.1,
"risk": "HIGH",
"evidence_txs": ["4Y8auc5G...", "2XQx9LFv...", "AAbJ7rej..."]
}
],
"filtered_clusters": [
{
"funder_label": "high-volume wallet",
"master_short": "43ViqZ…Z6iy",
"wallet_count": 2,
"combined_pct": 4.4
}
],
"deployer": {
"creator": "5TbRN6...full address...",
"creator_short": "5TbRN6…2TGC",
"tokens_launched": 14,
"dead": 13,
"sampled": 13,
"dead_pct": 100.0,
"verdict": "SERIAL_LAUNCHER"
},
"holders": [
{ "rank": 1, "address": "...", "pct": 12.4, "cluster_id": 0, "funding_tx": "4Y8auc5G..." }
],
"wallets_checked": 12,
"analysis_time_ms": 487,
"source": "real_time"
}
5. Run the MCP server locally (Docker / Node)
Fastest — no clone needed: npx cabal-hunter-mcp — the same stdio server, published to npm (cabal-hunter-mcp · npm). Or run it from this repo:
Prefer to run the connector yourself instead of hitting the hosted /mcp
endpoint? This repo ships a thin stdio MCP server that exposes
check_cabal_risk(mintAddress) and proxies to the Cabal-Hunter API (free tier
works with no key; paid scans use x402 at call time):
# Node 18+
npm install
node server/index.mjs
# or Docker
docker build -t cabal-hunter-mcp .
docker run -i cabal-hunter-mcp
Then point any MCP client at the local command:
{
"mcpServers": {
"cabal-hunter": {
"command": "node",
"args": ["server/index.mjs"]
}
}
}
Integrate into Your Trading Logic
import requests
def is_safe_to_buy(mint_address: str, payment_sig: str) -> bool:
"""Returns True if token passes cabal check."""
resp = requests.post(
"https://api.cabal-hunter.com/api/scan-cabal",
json={"mintAddress": mint_address},
headers={"X-Payment-Signature": payment_sig}
)
if resp.status_code != 200:
return False # fail-safe: don't buy on error
data = resp.json()
# Block on: coordinated control, high score, bundled launch,
# or a deployer with a history of dead tokens
deployer_verdict = (data.get("deployer") or {}).get("verdict", "UNKNOWN")
return (
not data.get("is_controlled")
and data.get("cabal_score", 100) < 35
and not data.get("time_sync")
and deployer_verdict not in ("SERIAL_RUGGER", "SERIAL_LAUNCHER", "POOR_TRACK_RECORD")
)
# In your bot's buy logic:
if is_safe_to_buy(token_mint, my_payment_sig):
execute_swap(token_mint, sol_amount)
else:
print(f"Cabal detected — skipping {token_mint}")
Visual Bubble Map (Free)
See exactly what the analysis found — coloured clusters, funding connections, holder distribution:
https://api.cabal-hunter.com/map?mint=ANY_SOLANA_MINT
Free to view. Share this URL when you catch a rug. Every holder bubble is clickable and links to Solscan for deep-dive research.
Cabal-Hunter everywhere
Same detection engine, wherever your stack lives:
npx cabal-hunter-mcp— standalone MCP server for Claude · Cursor · VS Code · any MCP client: cabal-hunter-mcp · npm- ElizaOS plugin:
npm i elizaos-plugin-cabal-hunter— plugin-cabal-hunter · npm - REST API + OpenAPI: api.cabal-hunter.com · /openapi.json
Pricing
First 250 scans every month are free — per IP, no signup, no API key.
After that, pick whatever matches how hard your bot works (priced at cost — it covers the Helius RPC behind each live on-chain trace):
| Plan | Price | What you get |
|---|---|---|
| Unlimited ⭐ | $9 USDC / month | Scan all you want — fair use: 50,000/mo, more than any bot needs |
| Pay as you go | $0.001 USDC / scan | Only what you use — prepaid or per-call, no commitment |
Prepaid keys: send USDC once → POST /api/buy-key with the tx signature → use header X-API-Key on every scan. Or pay per-call via x402 (X-Payment-Signature header). No credit card, no account, no lock-in.
Does it pay for itself? A bot sniping $1 positions loses ~$40/month to rugs it never saw coming — rugs are the #1 way snipers bleed money. Cabal-Hunter flags them before the buy. Dodge just 9 and the Unlimited tier has already paid for itself; every rug after that is capital back in your pocket, redeployed into trades that can actually run.
Payment is native on Solana — no credit card, no account, no subscription lock-in.
Live dashboard badge
Drop a live safety badge into your own bot's dashboard — two lines of HTML, and every token shows its verdict as it trades:
<div class="cabal-hunter-badge" data-mint="YOUR_TOKEN_MINT"></div>
<script src="https://api.cabal-hunter.com/widget.js" defer></script>
It renders the 0–100 score, the plain-English verdict, and the active flags (bundled launch, coordinated dump, whale concentration, serial-launcher deployer, honeypot). Add data-refresh="120" to re-scan live as you trade, and data-api-key="..." once you're past your free scans. Works anywhere — React, plain HTML, any site.
API Reference
| Endpoint | Description | Auth |
|---|---|---|
POST /api/scan-cabal |
Full cabal analysis | $0.001 USDC |
GET /api/scan-cabal?mintAddress= |
GET version | $0.001 USDC |
GET /map?mint= |
Visual bubble map | Free |
GET /api/cex-funding?mint= |
Per-exchange funding breakdown (which CEXes funded holders, % each) | Free |
GET /api/trade-analysis?mint= |
Cohort PnL (Team/Snipers/Insiders) + wash-trading score + exit-liquidity price impact, one call | Free |
POST /api/watch |
Register an emergency dump webhook for a mint (push on dump/rug start) | Free |
GET /api/info |
Pricing, endpoints | Free |
Emergency dump webhook (auto-exit)
Instead of polling, let your bot subscribe to a token it holds — we push the moment a coordinated dump or liquidity drain starts:
curl -X POST https://api.cabal-hunter.com/api/watch \
-H "Content-Type: application/json" \
-d '{"mint":"YOUR_MINT","webhook_url":"https://your-bot.com/dump-alert"}'
Your endpoint receives:
{ "event":"dump_detected", "mint":"...", "reason":"price −34% since last check",
"coordinated": true, "price_usd": 0.0001, "liquidity_usd": 4200,
"action":"consider_immediate_exit", "ts": 1781370000 }
| GET /health | Uptime check | Free |
| POST /mcp | MCP tool endpoint | $0.001 USDC per call |
Infrastructure
- RPC: Dedicated Helius node (Frankfurt) — fastest Solana data available
- Hosting: AWS EC2 Frankfurt — low latency for EU/global
- Analysis: Real on-chain data — no scrapers, no caches of cached caches
- Uptime: 99.9% target — monitored, auto-restart via systemd
FAQ
What is a Solana cabal? A group of wallets — often funded from the same source and buying in the same block — that quietly accumulate a large share of a token's supply before retail, then dump simultaneously into everyone who buys after launch.
How do I check if a Solana token is a rug?
Scan the mint with Cabal-Hunter (MCP, REST API, or the free bubble map). It traces holder funding back to shared sources, detects same-block bundle buys, flags serial-launcher deployers and live coordinated dumps, and returns an Exit-Liquidity Risk verdict: LOW, ELEVATED, or HIGH.
Is it free? Yes — 250 scans/month per IP, with no signup or API key. Beyond that it's $0.001 USDC per scan — which just covers the Helius RPC cost of the live trace — paid natively on Solana.
Can AI trading agents use it?
Yes — that's the whole point. The MCP server (api.cabal-hunter.com/mcp) lets Claude, Cursor and ElizaOS agents call check_cabal_risk(mintAddress) automatically before any swap, and a REST API covers any other language.
License
MIT — fork it, build on it, integrate it. If you build something with this, share it.
Built by PF Capital · Powered by Helius · Contact: api.cabal-hunter.com/api/info
Установить Cabal Hunter в Claude Desktop, Claude Code, Cursor
unyly install cabal-hunterСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add cabal-hunter -- npx -y cabal-hunter-mcpFAQ
Cabal Hunter MCP бесплатный?
Да, Cabal Hunter MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Cabal Hunter?
Нет, Cabal Hunter работает без API-ключей и переменных окружения.
Cabal Hunter — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Cabal Hunter в Claude Desktop, Claude Code или Cursor?
Открой Cabal Hunter на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Cabal Hunter with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
