using mizukara
Install it, scan a token, read the report. That's the whole thing.
mizukara checks tokens on Robinhood Chain (chain id 4663) and tells you exactly what it found and how it found it.
Install
uv venv && source .venv/bin/activate
uv pip install -e ".[dev]"
(Package will be installable via uv tool install mizukara once published; for now,
install from a clone of this repo as above.)
Scan a token
No setup needed - no account, no config, no API key. Just:
mizukara scan <token address>
Example:
mizukara scan 0x6CA3093cE4aC7c23E975093Cbf52E2fE9bf17777
This checks the token against chain 4663 right now and prints a report as JSON. Each check ("rule") gets a verdict:
| Verdict | Meaning |
|---|---|
| pass | Checked - looks fine. |
| warn | Checked - there's a real but non-fatal risk. |
| fail | Checked - genuine red flag. |
| unknown | Couldn't be checked (usually because the contract's source code isn't published). |
What gets checked:
- Source verified - is the contract's code actually public?
- Ownership - does anyone still hold special control over the contract, or has that been given up?
- Mint authority - can the creator make more tokens later, diluting everyone else?
- Supply concentration - how much of the supply sits in a handful of wallets, including the deployer's own share?
- Liquidity - is there an actual, funded trading pool for this token, or is that just a claim?
Each finding lists exactly what data it's based on (which on-chain call or API
response), plus a hash of that data, so the result can be checked independently rather
than taken on faith. See RULES.md for the details of each check.
Useful flags:
--at-block N- check the token as of a specific block instead of right now. Useful if you want to compare notes with someone else's scan of the same token.--out report.json- write the report to a file instead of printing it.
Scope: a scan checks the token's current state at a point in time. Honeypot detection (can it be sold, not just bought?) and monitoring for changes after launch are coming next - see Status.
Getting unstuck
- A scan shows
unknownfor everything - the contract's source code isn't published on Blockscout, so there's nothing to check. That's itself worth treating as a red flag for a token. - A scan is slow or a check comes back
unknownwith an error message - Blockscout (the data source) is occasionally flaky; the affected check reportsunknownrather than a wrong answer. Try again.
Advanced: the local gateway
The scanner runs standalone - everything above needs nothing beyond mizukara scan.
The rest of this page is about the daemon underneath it, useful if you're developing
against mizukara or curious how the logging works. Skip it if you just want to scan
tokens.
Set up
mizukara onboard
Prompts for API keys for Anthropic, OpenAI, and OpenRouter (leave any blank to skip it), or run fully offline:
mizukara onboard --ollama-only
This writes ~/.mizukara/config.json and prints a gateway token. Your API keys are
never written to disk - onboard only stores which environment variable to read the key
from (e.g. ANTHROPIC_API_KEY); mizukara reads it from your environment each time.
Run it
mizukara gateway run &
Only listens on your own machine (127.0.0.1) unless you pass --expose.
mizukara chat
Type a message at the > prompt. Every message and every routing decision gets
written to a log file on your machine (~/.mizukara/trails/), not sent anywhere else.
Today chat shows you which model tier your message was routed to; full model
replies are coming next - see Status.
Check a log hasn't been tampered with
mizukara replay ~/.mizukara/trails/gateway.jsonl
Tells you whether the log is intact:
chain_ok=True events=4
If anything in that file was edited after the fact - even one character - this catches it:
chain_ok=False events=4
reason: event_hash does not match recomputed hash
Each entry is cryptographically linked to the one before it, so altering any single
line breaks the chain from that point on, and replay says exactly where.
Where things live
Everything mizukara stores lives under ~/.mizukara/: config.json (settings and
gateway token), trails/ (session logs), mizukara.db (local memory/recall
database). Nothing in that directory is uploaded anywhere by mizukara itself.
mizukara chatsays it can't reach the gateway - start it first withmizukara gateway run.mizukara onboardrefuses to run - it already ran once. Delete~/.mizukara/config.jsonto redo setup.