On Solana, the token that rugs you looks identical to a real one on price and volume. The difference lives in the wallet graph — who funded the holders, who bought in the same block, what the deployer did last time. That's the data Cabal-Hunter reads, and this is exactly what happens when you scan.
Paste it into the free map, call the REST API, or let your agent call the MCP tool — same engine behind all three. No signup, no key for your first 250 scans each month.
Real Helius RPC calls walk the token's holders, their funding history, the launch block and the deployer's past — seven detection layers run in parallel. Pre-indexed tokens return in <100ms; a cold scan takes 1–5s.
Everything is fused into a 0–100 Exit-Liquidity Risk score and a plain-English recommendation — AVOID, CAUTION or LOW SIGNAL — with every flag linked to the on-chain transaction that proves it.
Grouped by the question each layer answers. No single layer decides — the fusion does.
We walk each top holder's funding lineage back through the chain. Wallets seeded from one shared source are a cabal signature — the classic setup for a coordinated dump. Each cluster returns with its evidence transactions.
Holders whose token accounts were created in the exact same block bought via a Jito bundle — a multi-wallet launch designed to evade funding traces. Flagged as time_sync.
Two or more holders each selling ≥25% of their bag in the same block is a cabal exiting in real time. If it's happening while you scan, you'll see it before you buy.
We resolve the token's creator on-chain (works after graduation too), pull their full launch history, and count how many previous tokens are dead. Verdicts from FIRST_LAUNCH to SERIAL_RUGGER.
Live freeze authority, un-revoked mint authority, and Token-2022 transfer-fee / transfer-hook traps — the "you can buy but never sell" class of scam.
A single wallet holding an outsized share is a rug vector even with zero coordination — one seller can take the floor out. Measured as top_holder_pct.
Holders funded from an exchange hot wallet aren't a cabal — they're people withdrawing from Binance. We identify shared-exchange funding and exclude it from the score, surfacing it separately so you can verify.
Every flag carries evidence_txs — the actual transactions behind the claim. Your bot (or you) can verify each one on Solscan instead of trusting a black box.
The full response has holder maps and cluster breakdowns — these are the fields most bots gate on.
// GET /api/scan-cabal?mintAddress=<MINT> (or MCP: check_cabal_risk) { "cabal_score": 82, // 0–100 · ≥65 HIGH, ≥35 CAUTION "risk": "HIGH", "recommendation": "AVOID", "verdict": "AVOID — coordinated dump in progress: 2 wallets sold 4.5% of supply in the EXACT same block. DEPLOYER ALERT: 36 launches, 25/25 checked are dead.", "time_sync": true, // same-block bundle at launch "coordinated_exit": true, // cabal exiting right now "top_holder_pct": 19.4, "deployer": { "verdict": "SERIAL_RUGGER" }, "coordinated_clusters": [ { "type": "funding", "combined_pct": 41.2, "evidence_txs": ["..."] } ], "free_queries_remaining": 249 }
Paste any mint and see the clusters — every bubble is a wallet, every line a funding link, every node clickable through to Solscan. Check a token in ten seconds before you ape.
Open the map →Call /api/scan-cabal from any language, gate your buy on recommendation. 250 free scans/month, then $0.001/scan or $9/mo unlimited. Full examples in the docs.
Read the docs →One-click install into Claude, Cursor or VS Code; a published plugin for ElizaOS. Your agent calls check_cabal_risk before every swap — automatically.
Set up MCP →The integrations are open source — read them, fork them, wire them into your stack.