The terminal

Bugglo CLI

The web app is an agent with ten tools and an opinion. This is the opposite bet: one command, no account, no key, no backend, no us. It reads Robinhood Chain straight from the chain and tells you what it found — and, in the same breath, what it could not check. Same engine as Bugglo, stripped to the thing you can run in a second while a launch is still live.

shell
npx bugglo 0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1
0 accounts
No key, no signup, no backend in the path. It talks to the chain, not to us.
1 dependency
viem, and nothing else. The cold start of npx is paid by a stranger, in silence, before they see anything.
3 unknowns
Printed on every report, including the clean ones. They are the point.
The idea

Why a general-purpose scanner lies about this chain

Point a general-purpose token checker at a Robinhood Chain contract and it will tell you — truthfully, and uselessly — that no contract exists at that address. It is not lying. It is looking at Ethereum.

You cannot tell that answer apart from a real finding, and neither can a language model. So a live token with bytecode, supply, and a liquidity pool gets reported as a phantom, and the tool sounds confident while it does it. That is not a hypothetical failure mode. It is the specific bug this package was written to kill.

bugglo talks to chain 4663 and nothing else. It checks at startup that the RPC it reached really is Robinhood Chain, and if it is not — wrong endpoint, unreachable, intercepted by an ISP — it says that, loudly, instead of answering about the wrong chain.

Getting started

One command, no setup

Node 18 or newer. Nothing else. There is no second step, and no configuration file to find.

shell — the whole quickstart
# Full rug check
npx bugglo 0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1

# Machine-readable, for scripts and CI
npx bugglo --json 0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1

# Your own RPC, when the public one is rate-limited or blocked
npx bugglo --rpc https://your-robinhood-chain-rpc.example 0x2103…

# Several endpoints — the first healthy chain-4663 one wins
npx bugglo --rpc-list https://rpc.one,https://rpc.two 0x2103…

The public Robinhood Chain RPC is free and convenient, and it is also a single point of failure: public RPCs get rate-limited, blocked by some ISPs, and are simply unreachable from some networks. For bots, CI, desks, and anything public-facing, point it at a dedicated endpoint.

environment — every variable, all optional
ROBINX_RPC_URL=https://robinhood-mainnet.g.alchemy.com/v2/YOUR_KEY
BUGGLO_RPC_URLS=https://rpc.one,https://rpc.two   # comma-separated fallbacks
CHAIN_RPC_TIMEOUT_MS=10000
CHAIN_DEX_TIMEOUT_MS=8000

If every chain read fails, bugglo reports CANNOT CHECK / UNKNOWN. It does not turn an outage into a clean verdict — which, on the day the RPC is down and you are in a hurry, is the only behaviour worth anything.

The surface

Eight commands

The first one is the one you will use. The rest exist so you can ask a single question without reading a whole report — and so a script can.

CommandWhat it prints
bugglo <address>Full rug-check report. The default, and the one you want.
bugglo rug <address>The same thing, named explicitly.
bugglo info <address>ERC-20 metadata, bytecode size, and the per-field errors behind any gap.
bugglo ownership <address>renounced, owned, or no-owner-fn — three answers, never collapsed into two.
bugglo proxy <address>EIP-1967 implementation slot. If it is a proxy, today's bytecode is not a promise about tomorrow's.
bugglo powers <address>Privileged selectors present in the deployed bytecode — mint, pause, blacklist and their relatives.
bugglo market <address>DexScreener liquidity, FDV, volume, buy/sell counts, pool age, and the ratios that matter.
bugglo limitsWhat this package cannot do. Run it before you tell anyone a token looks safe.
options
--json                 Print JSON where supported
--full                 Print the full address in the report
--rpc <url>            Override the Robinhood Chain RPC
--rpc-list <urls>      Comma-separated fallbacks; first healthy chain-4663 endpoint wins
--timeout <ms>         Chain RPC timeout
--dex-timeout <ms>     DexScreener timeout
--no-color             Disable ANSI colour
--help                 Show help
--version              Show version
Exit codeMeaning
0The command completed. The result may still contain WARN or UNKNOWN — zero means it ran, not that the token is fine. Read it.
1The check could not complete, or the RPC proved wrong or unusable.
2Bad usage — malformed address, unknown option.
The output

The verdict is deliberately wordy

npx bugglo 0x2103…9bf1
BUGGLO — rug check
Robinhood Chain (chain 4663)
0x2103...9bf1
Robin Hood (FOX), 18 decimals

VERDICT  NO RED FLAGS IN WHAT I COULD CHECK

  UNKNOWN Ownership unclear
          There is no standard owner() function. That does NOT mean ownership is
          renounced — the contract may use roles or an embedded admin that I cannot see.
  PASS    Contract exists
          4,830 bytes of bytecode on Robinhood Chain (chain 4663).
  PASS    Sells are going through
          People are getting out, so it is not a hard honeypot.

NOT CHECKED — these are not passes
  holder concentration
  liquidity lock
  honeypot / sell simulation

UNKNOWN is not PASS

A check that could not run is never a check that succeeded. There is no code path in this package that turns a failed read into a clean result — not when the RPC times out, not when the contract is unusual, not when the answer would be more convenient.

No numeric risk score

A score computed from four measured signals and three unknowns is a number that launders ignorance into false confidence, and people size positions off it. So there isn't one.

Powers are disclosed, not judged

Mintable is not a rug. Pausable is not a rug. Plenty of honest tokens are both. This tells you which powers exist in the bytecode and who still holds the keys. What you are comfortable with is yours to decide, and it is not the tool's job to decide it for you.

“No red flags in what I could check”

That sentence is long on purpose. It is the honest ceiling of what a bare RPC can prove, and rounding it up to safe is the entire failure mode this exists to prevent.

The honest part

Three things it will never fake

These are printed as unmeasured on every report — including the clean ones. Run bugglo limits to get them on their own.

Holder concentration

Not measured. Needs an indexer. Reconstructing balances from every Transfer log is not viable at CLI latency against a public RPC, and no indexer covers this chain yet.

Liquidity lock

Not measured. Needs a known locker registry. This chain has none — so from here, a locked pool and an unlocked one look identical.

Honeypot sell simulation

Not measured. Needs a simulated sell from a real holder through the router. Bugglo does not run that read today. A passing market check is not proof you can exit.

Two hosts, and no others — named here because a tool that will not name its own dependencies has no business lecturing you about disclosure. rpc.mainnet.chain.robinhood.com serves everything read from the chain itself: bytecode, owner(), the EIP-1967 slot, ERC-20 metadata. api.dexscreener.com serves market data only, and it is a third party. If the RPC is down, every contract check reports UNKNOWN. If DexScreener is down, the market check reports UNKNOWN and the contract checks still run.

For agents

The same engine, as an MCP server

bugglo-mcp hands the seven tools below to Claude Desktop, Claude Code, Cursor, Windsurf, or whatever you are building. It is only an adapter — the chain logic stays in bugglo, so the CLI, the library, and your agent cannot drift apart about what a contract is.

mcp.json — the whole config
{
  "mcpServers": {
    "bugglo": {
      "command": "npx",
      "args": ["-y", "bugglo-mcp"]
    }
  }
}
bugglo_rug_check

Is this safe? The full disclosure — every check below in one report, with a verdict and, attached to it, the list of what could not be checked.

bugglo_token_info

What is this, even? Name, symbol, decimals, supply, bytecode size. Says plainly when an address is a wallet rather than a token.

bugglo_ownership

Who still holds the keys? Renounced, owned, or no owner() function at all. The third case is not the first case, and this never pretends otherwise.

bugglo_proxy_status

Can the code change under me? EIP-1967 proxy detection. An upgradeable contract is not a rug, but auditing today's bytecode tells you nothing about tomorrow's.

bugglo_powers_scan

What is the deployer allowed to do? Privileged functions found in bytecode. Disclosed, not judged — mintable is not a rug, and plenty of honest tokens are.

bugglo_market

Can I actually get out? Liquidity, FDV, 24h volume, buy and sell counts, pool age. This is the one part that does not come from the chain — it comes from DexScreener, and it is exactly as good as they are.

bugglo_limits

What are you not telling me? The checks that cannot run at all. An agent that calls this before rendering a verdict is an agent that will not lie to its user by omission.

It is not the only MCP server covering Robinhood Chain. RobinX MCP answers questions this one cannot — deployer reputation and insider-distribution history, both of which need an indexer behind them. If you want a deployer's rap sheet, use that; its stronger tools are paid and reached through a hosted API. This one is the other trade: it reads the chain directly, so it needs nothing from anybody. Different tools. Run both.

For code

Import it instead

The same functions the CLI calls, with no CLI in the way. One dependency — viem — so it is safe to put in a bot or a build step.

library
import { rugCheck, ROBINHOOD_CHAIN_ID } from "bugglo";
import { renderRugCheck } from "bugglo/report";

const result = await rugCheck("0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1");
console.log(renderRugCheck(result));
every export
import {
  ROBINHOOD_CHAIN_ID,
  RPC_URL,
  UNMEASURABLE,
  rugCheck,
  getContractCode,
  getTokenMetadata,
  getOwnership,
  getProxyStatus,
  getMarket,
  scanPowers,
} from "bugglo";

import { renderRugCheck, renderOneLine } from "bugglo/report";

UNMEASURABLE is exported on purpose. If you are building a UI on top of this, the list of what could not be checked is not an error path to swallow — it is a thing your users have to see.

Questions

The six people actually ask

What is the Bugglo CLI?

bugglo is a command-line tool and JavaScript library that reads Robinhood Chain (chain 4663) directly and reports whether a token contract shows red flags. Run it with npx bugglo <address>. It needs no API key, no account, and no backend — it talks to the public chain RPC from your own machine.

How is this different from using the Bugglo web app?

Same engine, different door. The chain-reading logic lives in one package, so the CLI, the library, the MCP server, and the Bugglo web app cannot drift apart in what they claim about a contract. The difference is what surrounds it: the web app adds an agent that plans across a fleet of tools, cross-examines sources, and does deployer forensics. The CLI does one thing, offline from all of that, in about a second, with nothing to sign up for.

Does it need an API key or an account?

No. There is nothing to sign up for and nothing to bill. It reads the public Robinhood Chain RPC and DexScreener's public API, and it sends no telemetry — nothing is reported anywhere about what you looked up.

Why does it say UNKNOWN instead of just passing the token?

Because a check that did not run is never a check that passed. Holder concentration, liquidity lock, and honeypot sell simulation cannot be measured from a bare RPC on this chain today, and rounding those unknowns up into a clean verdict is exactly the failure this package exists to prevent. There is no numeric risk score either — a score built from four measured signals and three unknowns launders ignorance into confidence.

Can my own AI agent call it?

Yes — that is what bugglo-mcp is. Add it to Claude Desktop, Claude Code, Cursor, Windsurf, or any MCP client with a four-line config, and the agent gets seven tools against chain 4663. It is only an adapter: the chain logic stays in bugglo, so the answers cannot disagree with the CLI's.

Is it safe to run against a token I do not trust?

It only reads. bugglo has no wallet, holds no key, signs nothing, and sends no transaction — there is no code path in it that can move funds. The worst a hostile contract can do to it is return data it refuses to interpret.

Run it on something with money on the line

Both packages are MIT and published on npm — bugglo and bugglo-mcp. The agent that plans across a whole fleet of tools, rather than reading one chain very carefully, is RobinX MCP, and the app built on it is one click away.

Try Bugglo