Module Reference

The Webacy Risk Score API uses a modular approach to risk assessment, allowing you to request specific types of analysis to optimize performance and focus on relevant risk factors for your use case. View a full list of flags here.

👍

Quickstart

View the table below for a high-level overview of each module. Scroll down for more detail on each module, included tags, and recommended module combinations to get started.

📋 Module-to-Tags Quick Reference

ModuleKey Risk TagsPrimary Use Case
security_essentialsnot-renounced, freezeable, mintableReal-time screening
governance_analysishidden_owner, is_proxy, upgradeable_contractSmart contract auditing
token_securityis_blacklisted, buy_tax, transfer_pausableToken screening
contract_analysisis_closed_source, reentrancy__, SWC__Security audits
market_datais_honeypot, volatility, cannot_buyTrading algorithms
holder_analysistop-10-holders-own-*-percentRugpull prevention
liquidity_analysisunlocked-liquidity, creator_percentDeFi investments
fraud_detectionhacker, drainer, *_ruggedAML compliance
sanctions_complianceofac_sanctioned, sanctionedRegulatory compliance
mixer_detectiontornado, mixer, *_fundflow_*Transaction monitoring
address_behaviorwash_trading, automated_tradingBehavioral analysis
transaction_analysisaddress_poisoningWallet security
reputation_analysisis_scam, spam, fake_kycCommunity security
solana_specificbundled_token, has_been_snipedSolana MEV detection
ton_specificis_nonstandard_jettonTON compliance
basic_infoinsufficientwallet*Quick filtering

📘

Detail In Depth

Read on for in-depth detail for each module including the purpose, included risk tags, and use cases. Scroll down for example combinations of modules for specific use cases.

📋 Available Modules


⚡ security_essentials

Purpose: Core security flags for real-time applications

Risk Tags Covered:

  • not-renounce / not-renounced - Contract ownership not renounced
  • freezeable / freezable - Tokens can be frozen
  • is_mintable / mintable - New tokens can be minted

Use Cases: Trading interfaces, wallet integrations, real-time screening


🏛️ governance_analysis

Purpose: Contract ownership, upgradeability, and access controls

Risk Tags Covered:

  • hidden_owner - Contract owner is hidden or obfuscated
  • can_take_back_ownership - Owner can reclaim ownership after renouncing
  • is_proxy - Contract uses proxy pattern
  • access_control - Access control vulnerabilities detected
  • not-renounce / not-renounced - Contract ownership not renounced
  • unprotected_upgrade - Upgrades not properly protected
  • anti_whale_modifiable - Anti-whale limits can be modified
  • slippage_modifiable - Slippage settings can be modified
  • personal_slippage_modifiable - Personal slippage can be modified
  • upgradeable_contract - Contract is upgradeable
  • trust_list - Uses trust/whitelist mechanism

Use Cases: DeFi protocol analysis, smart contract auditing, governance token evaluation


🔒 token_security

Purpose: Token manipulation capabilities and restrictions

Risk Tags Covered:

  • freezeable / freezable - Tokens can be frozen
  • is_mintable / mintable - New tokens can be minted
  • is_blacklisted - Address blacklisting capability
  • is_whitelisted - Address whitelisting capability
  • owner_change_balance - Owner can change user balances
  • transfer_without_approval - Transfers possible without approval
  • privileged_burn - Privileged burning capability
  • restricted_approval - Approval restrictions exist
  • oversupply_minting - Risk of oversupply through minting
  • trading_cooldown - Trading cooldown mechanisms
  • transfer_pausable - Transfers can be paused
  • buy_tax / sell_tax - Transaction taxes applied
  • is_anti_whale - Anti-whale mechanisms
  • non-transferable - Tokens cannot be transferred
  • is_burnable - Tokens can be burned

Use Cases: Token screening, DEX listings, portfolio management, trading bot integration


🔍 contract_analysis

Purpose: Static/dynamic code analysis and vulnerability detection

Risk Tags Covered:

  • is_closed_source - Contract source code not verified
  • selfdestruct / suicidal - Contract can self-destruct
  • external_call - Makes external calls
  • reentrancy_without_eth_transfer / reentrancy_no_eth - Reentrancy vulnerabilities
  • integer_overflow / integer_underflow - Integer overflow/underflow risks
  • front_running_low/medium/high - Front-running vulnerabilities
  • mint_low/high - Minting-related risks
  • centralized_risk_low/medium/high - Centralization risks
  • price_manipulation_low/medium/high - Price manipulation vulnerabilities
  • locked_ether - Ether can be locked in contract
  • weak_prng - Weak pseudo-random number generation
  • timestamp - Timestamp dependency issues
  • SWC_108 through SWC_130 - Smart Contract Weakness Classification
  • pess_* tags - Pessimistic analysis for advanced vulnerability detection
  • Plus 50+ additional vulnerability detection tags

Use Cases: Security audits, DeFi risk assessment, smart contract due diligence


📊 market_data

Purpose: Price, volatility, market cap, and liquidity analysis

Risk Tags Covered:

  • volatility - High price volatility detected
  • market_cap - Market capitalization concerns
  • is_in_dex - Token listed on decentralized exchanges
  • cannot_buy - Token cannot be purchased
  • is_honeypot - Honeypot token detected
  • honeypot_with_same_creator - Creator has other honeypot tokens

Use Cases: Trading algorithms, market analysis, portfolio optimization, arbitrage detection


👥 holder_analysis

Purpose: Token distribution and concentration risks

Risk Tags Covered:

  • top-10-holders-own-X-percent - Top 10 holders own X% (10%, 20%, 30%, 40%, 50%, 60%, 70%, 80%, 90%, 100%)
  • minter-own-X-percent - Minter owns X% (20%, 50%, 90%)
  • owner-own-X-percent - Owner owns X% (20%, 50%, 90%)
  • update-authority-own-X-percent - Update authority owns X% (20%, 50%, 90%)

Use Cases: Investment research, rugpull prevention, tokenomics analysis, whale monitoring


💧 liquidity_analysis

Purpose: Pool data, unlock schedules, and LP analysis

Risk Tags Covered:

  • unlocked-liquidity - Liquidity is not locked
  • lp_holder_count - Liquidity provider holder count analysis
  • lp_total_supply - Total LP token supply analysis
  • creator_balance / creator_percent - Creator's token balance/percentage
  • owner_balance / owner_percent - Owner's token balance/percentage

Use Cases: DeFi investments, yield farming, liquidity provision, rugpull prevention


🚨 fraud_detection

Purpose: Malicious actor and rugpull detection

Risk Tags Covered:

  • hacker / drainer - Address identified as malicious actor
  • associated_hacker / associated_drainer - Associated with malicious actors
  • *_rugged / *_multiple_rugged - Rugpull history (minter/owner/authority/holders)
  • *_hacker / *_drainer - Malicious actor association (minter/owner/authority/holders)
  • stealing_attack / financial_crime / cybercrime / exploitation - Criminal activity
  • _fundflow_hacker_ / *_fundflow_drainer - Fund flow to malicious actors

Use Cases: AML compliance, fraud prevention, risk screening, security monitoring


⚖️ sanctions_compliance

Purpose: Regulatory compliance and sanctions screening

Risk Tags Covered:

  • sanctioned / associated_sanctioned - Sanctioned address
  • ofac_sanctioned - OFAC sanctioned
  • *_ofac - OFAC association (minter/owner/authority/holders)
  • *_fundflow_ofac - Fund flow to sanctioned addresses

Use Cases: Compliance programs, regulatory reporting, KYC/AML, institutional trading


🌪️ mixer_detection

Purpose: Privacy coin and mixer usage detection

Risk Tags Covered:

  • mixer / associated_mixer - Mixer usage
  • tornado / associated_tornado - Tornado Cash usage
  • _mixer / _fixedfloat / *_simpleswap - Mixer service usage (minter/owner/authority)
  • _fundflow_mixer / *_fundflow_fixedfloat / _fundflow_simpleswap - Fund flow through mixers

Use Cases: AML compliance, transaction monitoring, regulatory reporting


📈 address_behavior

Purpose: Trading patterns and behavioral analysis

Risk Tags Covered:

  • wash_trading - Wash trading detected
  • automated_trading - Automated trading patterns
  • money_laundering - Money laundering indicators
  • darkweb_transactions - Dark web transaction history
  • malicious_mining_activities - Malicious mining
  • blackmail_activities / phishing_activities - Criminal activities
  • deployed_high_volatility_token - Deployed high-risk tokens
  • number_of_malicious_contracts_created - Created malicious contracts

Use Cases: Behavioral analysis, fraud detection, compliance monitoring, bot detection


🔄 transaction_analysis

Purpose: Transaction-level risk detection

Risk Tags Covered:

  • address_poisoning - Address poisoning attacks detected

Use Cases: Wallet security, transaction monitoring, attack prevention


📢 reputation_analysis

Purpose: Community reports and reputation scoring

Risk Tags Covered:

  • blacklist_doubt - Questionable blacklist status
  • spam_domain / spam - Spam-related activity
  • valid_report - Valid community reports
  • fake_kyc - Fake KYC documentation
  • is_fake_token / is_true_token / is_scam - Token authenticity
  • illegal_unicode - Illegal unicode characters
  • is_airdrop_scam - Airdrop scam detection

Use Cases: Community-driven security, reputation systems, scam prevention


🌐 Chain-Specific Modules


☀️ solana_specific

Purpose: Solana-only risk factors

Risk Tags Covered:

  • has_been_sniped - Token has been sniped by MEV bots
  • has_been_bundled / bundled_token - Token involved in bundling attacks
  • mutable-metadata - Metadata can be changed after deployment
  • minted-less-than-10-minutes / minted-less-than-1-hour / minted-less-than-1-day - Recently minted tokens
  • impersonator - Token impersonates another legitimate token
  • known-malicious-token - Token identified as malicious

Supported Chains: Solana


🔗 evm_specific

Purpose: EVM-only risk factors

Risk Tags Covered:

(Currently no specific tags mapped - module focuses on EVM-specific analysis patterns)
Supported Chains: Ethereum, Polygon, BSC, Arbitrum, Optimism, Base


💎 ton_specific

Purpose: TON-only risk factors

Risk Tags Covered:

  • is_nonstandard_jetton - Non-standard jetton implementation
  • is_nonstandard_jetton_wallet - Non-standard jetton wallet implementation

Supported Chains: TON


🌊 sui_specific

Purpose: SUI-only risk factors

Risk Tags Covered:

(Currently no specific tags mapped - module focuses on SUI-specific analysis patterns)

Supported Chains: SUI


📋 basic_info

Purpose: Fast metadata checks

Risk Tags Covered:

  • insufficient_wallet_age - Wallet too new
  • insufficient_wallet_balance - Insufficient balance
  • insufficient_wallet_transactions - Too few transactions

Use Cases: Basic screening, wallet validation, quick filtering


👍

Recommended

Not sure where to start? Not sure which modules work best for your use case? Consider the combinations below.

🎯 Recommended Module Combinations


🏃‍♂️ Real-Time Applications

modules=security_essentials

Use Case: Trading interfaces, wallet integrations, real-time screening

Coverage: Essential security flags only


🛡️ Security-Focused Analysis

modules=token_security,fraud_detection,sanctions_compliance,contract_analysis

Use Case: Security audits, DeFi protocols, comprehensive screening

Coverage: Complete security assessment


💰 Investment Research

modules=market_data,liquidity_analysis,holder_analysis,governance_analysis

Use Case: Portfolio management, investment decisions, due diligence

Coverage: Financial and governance risks


🔍 Compliance & AML

modules=sanctions_compliance,fraud_detection,mixer_detection,address_behavior

Use Case: Regulatory compliance, AML programs, institutional trading

Coverage: Regulatory and criminal activity detection


📊 Comprehensive Analysis

modules=security_essentials,token_security,fraud_detection,sanctions_compliance,market_data,liquidity_analysis

Use Case: Due diligence, comprehensive risk assessment, audit preparation

Coverage: All major risk categories