How it works

One mint address in. The whole picture out.

On Solana, the token that rugs you looks identical to a real one on price and volume. The difference lives in the wallet graph — who funded the holders, who bought in the same block, what the deployer did last time. That's the data Cabal-Hunter reads, and this is exactly what happens when you scan.

The pipeline

Three steps, a few seconds

You give us a mint

Paste it into the free map, call the REST API, or let your agent call the MCP tool — same engine behind all three. No signup, no key for your first 250 scans each month.

We read the chain, live

Real Helius RPC calls walk the token's holders, their funding history, the launch block and the deployer's past — seven detection layers run in parallel. Pre-indexed tokens return in <100ms; a cold scan takes 1–5s.

You get one verdict

Everything is fused into a 0–100 Exit-Liquidity Risk score and a plain-English recommendation — AVOID, CAUTION or LOW SIGNAL — with every flag linked to the on-chain transaction that proves it.

The detection layers

What we actually check

Grouped by the question each layer answers. No single layer decides — the fusion does.

Who's coordinating

Funding-cluster / cabal tracing

We walk each top holder's funding lineage back through the chain. Wallets seeded from one shared source are a cabal signature — the classic setup for a coordinated dump. Each cluster returns with its evidence transactions.

Who's coordinating

Same-block bundles

Holders whose token accounts were created in the exact same block bought via a Jito bundle — a multi-wallet launch designed to evade funding traces. Flagged as time_sync.

Who's coordinating

Coordinated dumps — live

Two or more holders each selling ≥25% of their bag in the same block is a cabal exiting in real time. If it's happening while you scan, you'll see it before you buy.

Track record

Serial-rug deployer history

We resolve the token's creator on-chain (works after graduation too), pull their full launch history, and count how many previous tokens are dead. Verdicts from FIRST_LAUNCH to SERIAL_RUGGER.

The contract

Honeypot & authority traps

Live freeze authority, un-revoked mint authority, and Token-2022 transfer-fee / transfer-hook traps — the "you can buy but never sell" class of scam.

The contract

Whale concentration

A single wallet holding an outsized share is a rug vector even with zero coordination — one seller can take the floor out. Measured as top_holder_pct.

Fewer false alarms

CEX-noise filter

Holders funded from an exchange hot wallet aren't a cabal — they're people withdrawing from Binance. We identify shared-exchange funding and exclude it from the score, surfacing it separately so you can verify.

Fewer false alarms

Evidence, not vibes

Every flag carries evidence_txs — the actual transactions behind the claim. Your bot (or you) can verify each one on Solscan instead of trusting a black box.

The output

What a scan returns

The full response has holder maps and cluster breakdowns — these are the fields most bots gate on.

// GET /api/scan-cabal?mintAddress=<MINT>   (or MCP: check_cabal_risk)
{
  "cabal_score": 82,               // 0–100 · ≥65 HIGH, ≥35 CAUTION
  "risk": "HIGH",
  "recommendation": "AVOID",
  "verdict": "AVOID — coordinated dump in progress: 2 wallets sold
             4.5% of supply in the EXACT same block. DEPLOYER ALERT:
             36 launches, 25/25 checked are dead.",
  "time_sync": true,             // same-block bundle at launch
  "coordinated_exit": true,      // cabal exiting right now
  "top_holder_pct": 19.4,
  "deployer": { "verdict": "SERIAL_RUGGER" },
  "coordinated_clusters": [
    { "type": "funding", "combined_pct": 41.2, "evidence_txs": ["..."] }
  ],
  "free_queries_remaining": 249
}
Made for you

Three ways in — pick yours

Trader · no code

The free bubble map

Paste any mint and see the clusters — every bubble is a wallet, every line a funding link, every node clickable through to Solscan. Check a token in ten seconds before you ape.

Open the map →
Bot builder · REST

One GET request

Call /api/scan-cabal from any language, gate your buy on recommendation. 250 free scans/month, then $0.001/scan or $9/mo unlimited. Full examples in the docs.

Read the docs →
Agent dev · MCP

A native agent tool

One-click install into Claude, Cursor or VS Code; a published plugin for ElizaOS. Your agent calls check_cabal_risk before every swap — automatically.

Set up MCP →
Code & resources

Everything is public

The integrations are open source — read them, fork them, wire them into your stack.

See it on a real token.

Scan a token — freeIntegrate it →