Bugglo CLI
The web app is an agent with ten tools and an opinion. This is the opposite bet: one command, no account, no key, no backend, no us. It reads Robinhood Chain straight from the chain and tells you what it found — and, in the same breath, what it could not check. Same engine as Bugglo, stripped to the thing you can run in a second while a launch is still live.
npx bugglo 0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1npx is paid by a stranger, in silence, before they see anything.Why a general-purpose scanner lies about this chain
Point a general-purpose token checker at a Robinhood Chain contract and it will tell you — truthfully, and uselessly — that no contract exists at that address. It is not lying. It is looking at Ethereum.
You cannot tell that answer apart from a real finding, and neither can a language model. So a live token with bytecode, supply, and a liquidity pool gets reported as a phantom, and the tool sounds confident while it does it. That is not a hypothetical failure mode. It is the specific bug this package was written to kill.
bugglo talks to chain 4663 and nothing else. It checks at startup that the RPC it reached really is Robinhood Chain, and if it is not — wrong endpoint, unreachable, intercepted by an ISP — it says that, loudly, instead of answering about the wrong chain.
One command, no setup
Node 18 or newer. Nothing else. There is no second step, and no configuration file to find.
# Full rug check
npx bugglo 0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1
# Machine-readable, for scripts and CI
npx bugglo --json 0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1
# Your own RPC, when the public one is rate-limited or blocked
npx bugglo --rpc https://your-robinhood-chain-rpc.example 0x2103…
# Several endpoints — the first healthy chain-4663 one wins
npx bugglo --rpc-list https://rpc.one,https://rpc.two 0x2103…The public Robinhood Chain RPC is free and convenient, and it is also a single point of failure: public RPCs get rate-limited, blocked by some ISPs, and are simply unreachable from some networks. For bots, CI, desks, and anything public-facing, point it at a dedicated endpoint.
ROBINX_RPC_URL=https://robinhood-mainnet.g.alchemy.com/v2/YOUR_KEY
BUGGLO_RPC_URLS=https://rpc.one,https://rpc.two # comma-separated fallbacks
CHAIN_RPC_TIMEOUT_MS=10000
CHAIN_DEX_TIMEOUT_MS=8000If every chain read fails, bugglo reports CANNOT CHECK / UNKNOWN. It does not turn an outage into a clean verdict — which, on the day the RPC is down and you are in a hurry, is the only behaviour worth anything.
Eight commands
The first one is the one you will use. The rest exist so you can ask a single question without reading a whole report — and so a script can.
| Command | What it prints |
|---|---|
bugglo <address> | Full rug-check report. The default, and the one you want. |
bugglo rug <address> | The same thing, named explicitly. |
bugglo info <address> | ERC-20 metadata, bytecode size, and the per-field errors behind any gap. |
bugglo ownership <address> | renounced, owned, or no-owner-fn — three answers, never collapsed into two. |
bugglo proxy <address> | EIP-1967 implementation slot. If it is a proxy, today's bytecode is not a promise about tomorrow's. |
bugglo powers <address> | Privileged selectors present in the deployed bytecode — mint, pause, blacklist and their relatives. |
bugglo market <address> | DexScreener liquidity, FDV, volume, buy/sell counts, pool age, and the ratios that matter. |
bugglo limits | What this package cannot do. Run it before you tell anyone a token looks safe. |
--json Print JSON where supported
--full Print the full address in the report
--rpc <url> Override the Robinhood Chain RPC
--rpc-list <urls> Comma-separated fallbacks; first healthy chain-4663 endpoint wins
--timeout <ms> Chain RPC timeout
--dex-timeout <ms> DexScreener timeout
--no-color Disable ANSI colour
--help Show help
--version Show version| Exit code | Meaning |
|---|---|
0 | The command completed. The result may still contain WARN or UNKNOWN — zero means it ran, not that the token is fine. Read it. |
1 | The check could not complete, or the RPC proved wrong or unusable. |
2 | Bad usage — malformed address, unknown option. |
The verdict is deliberately wordy
BUGGLO — rug check
Robinhood Chain (chain 4663)
0x2103...9bf1
Robin Hood (FOX), 18 decimals
VERDICT NO RED FLAGS IN WHAT I COULD CHECK
UNKNOWN Ownership unclear
There is no standard owner() function. That does NOT mean ownership is
renounced — the contract may use roles or an embedded admin that I cannot see.
PASS Contract exists
4,830 bytes of bytecode on Robinhood Chain (chain 4663).
PASS Sells are going through
People are getting out, so it is not a hard honeypot.
NOT CHECKED — these are not passes
holder concentration
liquidity lock
honeypot / sell simulationUNKNOWN is not PASS
A check that could not run is never a check that succeeded. There is no code path in this package that turns a failed read into a clean result — not when the RPC times out, not when the contract is unusual, not when the answer would be more convenient.
No numeric risk score
A score computed from four measured signals and three unknowns is a number that launders ignorance into false confidence, and people size positions off it. So there isn't one.
Powers are disclosed, not judged
Mintable is not a rug. Pausable is not a rug. Plenty of honest tokens are both. This tells you which powers exist in the bytecode and who still holds the keys. What you are comfortable with is yours to decide, and it is not the tool's job to decide it for you.
“No red flags in what I could check”
That sentence is long on purpose. It is the honest ceiling of what a bare RPC can prove, and rounding it up to safe is the entire failure mode this exists to prevent.
Three things it will never fake
These are printed as unmeasured on every report — including the clean ones. Run bugglo limits to get them on their own.
Holder concentrationNot measured. Needs an indexer. Reconstructing balances from every Transfer log is not viable at CLI latency against a public RPC, and no indexer covers this chain yet.
Liquidity lockNot measured. Needs a known locker registry. This chain has none — so from here, a locked pool and an unlocked one look identical.
Honeypot sell simulationNot measured. Needs a simulated sell from a real holder through the router. Bugglo does not run that read today. A passing market check is not proof you can exit.
Two hosts, and no others — named here because a tool that will not name its own dependencies has no business lecturing you about disclosure. rpc.mainnet.chain.robinhood.com serves everything read from the chain itself: bytecode, owner(), the EIP-1967 slot, ERC-20 metadata. api.dexscreener.com serves market data only, and it is a third party. If the RPC is down, every contract check reports UNKNOWN. If DexScreener is down, the market check reports UNKNOWN and the contract checks still run.
The same engine, as an MCP server
bugglo-mcp hands the seven tools below to Claude Desktop, Claude Code, Cursor, Windsurf, or whatever you are building. It is only an adapter — the chain logic stays in bugglo, so the CLI, the library, and your agent cannot drift apart about what a contract is.
{
"mcpServers": {
"bugglo": {
"command": "npx",
"args": ["-y", "bugglo-mcp"]
}
}
}bugglo_rug_checkIs this safe? The full disclosure — every check below in one report, with a verdict and, attached to it, the list of what could not be checked.
bugglo_token_infoWhat is this, even? Name, symbol, decimals, supply, bytecode size. Says plainly when an address is a wallet rather than a token.
bugglo_ownershipWho still holds the keys? Renounced, owned, or no owner() function at all. The third case is not the first case, and this never pretends otherwise.
bugglo_proxy_statusCan the code change under me? EIP-1967 proxy detection. An upgradeable contract is not a rug, but auditing today's bytecode tells you nothing about tomorrow's.
bugglo_powers_scanWhat is the deployer allowed to do? Privileged functions found in bytecode. Disclosed, not judged — mintable is not a rug, and plenty of honest tokens are.
bugglo_marketCan I actually get out? Liquidity, FDV, 24h volume, buy and sell counts, pool age. This is the one part that does not come from the chain — it comes from DexScreener, and it is exactly as good as they are.
bugglo_limitsWhat are you not telling me? The checks that cannot run at all. An agent that calls this before rendering a verdict is an agent that will not lie to its user by omission.
It is not the only MCP server covering Robinhood Chain. RobinX MCP answers questions this one cannot — deployer reputation and insider-distribution history, both of which need an indexer behind them. If you want a deployer's rap sheet, use that; its stronger tools are paid and reached through a hosted API. This one is the other trade: it reads the chain directly, so it needs nothing from anybody. Different tools. Run both.
Import it instead
The same functions the CLI calls, with no CLI in the way. One dependency — viem — so it is safe to put in a bot or a build step.
import { rugCheck, ROBINHOOD_CHAIN_ID } from "bugglo";
import { renderRugCheck } from "bugglo/report";
const result = await rugCheck("0x2103faA9D1762e27a716C61718b3aCf3Ec1F9bf1");
console.log(renderRugCheck(result));import {
ROBINHOOD_CHAIN_ID,
RPC_URL,
UNMEASURABLE,
rugCheck,
getContractCode,
getTokenMetadata,
getOwnership,
getProxyStatus,
getMarket,
scanPowers,
} from "bugglo";
import { renderRugCheck, renderOneLine } from "bugglo/report";UNMEASURABLE is exported on purpose. If you are building a UI on top of this, the list of what could not be checked is not an error path to swallow — it is a thing your users have to see.
The six people actually ask
What is the Bugglo CLI?
bugglo is a command-line tool and JavaScript library that reads Robinhood Chain (chain 4663) directly and reports whether a token contract shows red flags. Run it with npx bugglo <address>. It needs no API key, no account, and no backend — it talks to the public chain RPC from your own machine.
How is this different from using the Bugglo web app?
Same engine, different door. The chain-reading logic lives in one package, so the CLI, the library, the MCP server, and the Bugglo web app cannot drift apart in what they claim about a contract. The difference is what surrounds it: the web app adds an agent that plans across a fleet of tools, cross-examines sources, and does deployer forensics. The CLI does one thing, offline from all of that, in about a second, with nothing to sign up for.
Does it need an API key or an account?
No. There is nothing to sign up for and nothing to bill. It reads the public Robinhood Chain RPC and DexScreener's public API, and it sends no telemetry — nothing is reported anywhere about what you looked up.
Why does it say UNKNOWN instead of just passing the token?
Because a check that did not run is never a check that passed. Holder concentration, liquidity lock, and honeypot sell simulation cannot be measured from a bare RPC on this chain today, and rounding those unknowns up into a clean verdict is exactly the failure this package exists to prevent. There is no numeric risk score either — a score built from four measured signals and three unknowns launders ignorance into confidence.
Can my own AI agent call it?
Yes — that is what bugglo-mcp is. Add it to Claude Desktop, Claude Code, Cursor, Windsurf, or any MCP client with a four-line config, and the agent gets seven tools against chain 4663. It is only an adapter: the chain logic stays in bugglo, so the answers cannot disagree with the CLI's.
Is it safe to run against a token I do not trust?
It only reads. bugglo has no wallet, holds no key, signs nothing, and sends no transaction — there is no code path in it that can move funds. The worst a hostile contract can do to it is return data it refuses to interpret.
Run it on something with money on the line
Both packages are MIT and published on npm — bugglo and bugglo-mcp. The agent that plans across a whole fleet of tools, rather than reading one chain very carefully, is RobinX MCP, and the app built on it is one click away.