Code Guardian
DEFENSIVE-ONLY SECURITY SCANNER

Code Guardian

Crypto code security scanner for exposed secrets, dangerous approvals, and drainer-like patterns.

Scan Code NowView Demo Report
01

Built for crypto safety

Paste code, upload files, or review smart contract snippets before trusting them.

02

Detect risky patterns

Identify exposed private keys, seed phrases, unlimited approvals, suspicious transferFrom logic, permit signature risks, and hidden destination wallets.

03

Get a readable report

Every finding includes severity, line number, explanation, and recommended fix.

04

Defensive only

Code Guardian never connects to wallets, never asks for seed phrases, and never executes transactions.

What it detects

Ten classes of risks across smart contracts and wallet scripts.

Exposed private keys
0x… 64-hex strings hardcoded in source.
Seed phrase leaks
Mnemonics, BIP39, recovery phrases.
Dangerous ERC20 approvals
Unlimited or unscoped allowances.
setApprovalForAll risks
Blanket NFT collection authority.
transferFrom abuse
Tokens moved out of another wallet.
Suspicious destinations
Hardcoded wallet addresses.
Permit signature risks
Off-chain approval shortcuts.
Obfuscated JavaScript
atob, base64, hex encodings.
Owner-only withdrawals
Centralized custody patterns.
Fake claim / airdrop
Drainer-style function names.

How it works

01
Paste or upload
Drop a .sol, .js, .ts, .env, or .json file. Or paste raw code into the scanner.
02
Static analysis
The scanner reads text only. Code is never executed. Patterns are matched locally in your browser.
03
Risk report
Findings are grouped by severity with exact line numbers, code snippets, explanations, and recommended fixes.

Risk scoring

Severity points roll up to a 0–100 score with a level label.

Low
0–19
Medium
20–49
High
50–79
Critical
80–100

Defensive-only security notice

Code Guardian is a defensive security scanner. It does not connect to wallets, request seed phrases, or execute blockchain transactions.

This scanner is a first-pass review. Always manually review high-risk crypto code before running or deploying it.