Rugsentry AI

• 

  Rugsentry AI App

Inspiration

Crypto communities on Reddit are some of the most actively targeted spaces on the internet. Rug pulls, honeypot tokens, and coordinated shill campaigns cost retail investors real money every day — and the people most responsible for stopping them, subreddit moderators, are completely underequipped. We spent time in crypto moderation communities and kept hearing the same frustration: AutoMod can filter keywords, but it can't tell you whether a contract address is a honeypot. It can't notice that six different accounts promoted the same obscure token in the last hour. It has no memory of which users have been caught shilling before. Moderators were manually checking GoPlus, DexScreener, and Honeypot.is one post at a time — a process that takes 5–10 minutes per post and simply doesn't scale. The question that drove RugSentry AI was: what if a moderator tool could do in two seconds what takes a human ten minutes, on every single post, automatically?

What it does

RugSentry AI is a Reddit Devvit app that runs a three-layer scam detection pipeline on every post and comment submitted to a subreddit. The first layer does pattern matching — scanning for 25+ scam signals including urgency language, high-risk domain links (Telegram, Pump.fun), and low account age or karma. The second layer does on-chain verification — it automatically extracts any EVM or Solana contract addresses from the post and checks them in real time against GoPlus Security (honeypot detection, mint functions, transfer taxes, holder concentration), DexScreener (liquidity and market data), and Honeypot.is (independent honeypot simulation). The third layer uses Google Gemini 2.5 Flash to classify the full post content for scam intent with a confidence score and plain-language explanation. These three signals combine into a risk score from 0 to 100. Posts that cross configurable thresholds trigger automated actions: modmail alerts, auto-removal, and warning comments. Beyond per-post analysis, RugSentry also runs a repeat offender strike system that escalates consequences for users caught shilling across multiple posts, and a coordinated shill detector that alerts mods when three or more accounts promote the same token within a one-hour window. A live community dashboard widget gives subreddits a real-time safety scorecard they can pin for their members to see.

How we built it

The entire app lives in a single TypeScript file using the Devvit SDK(no external backend), no separate database, no infrastructure to maintain. All persistent state (risk records, offender strikes, shill tracking, community stats) lives in Devvit's native KV Store. We structured the codebase into clean, modular layers: entity extraction feeds into parallel on-chain scanning and pattern matching, both of which feed into the Gemini classification prompt, which feeds into a risk aggregator that triggers the appropriate automated actions. The shill detector runs a cross-user token correlation check at the end of every analysis, querying the KV Store for recent mentions of the same contract across different accounts. For the AI layer, we crafted a structured Gemini prompt that gives the model the full post text, extracted entities, and on-chain findings, then asks it to return a scam classification, confidence score, and human-readable explanation. The Devvit custom post type powers the live dashboard widget, which reads aggregated stats from KV Store and renders them as a pinnable community safety panel. We integrated the four moderator menu actions using Devvit's context menu API, making the tool accessible to non-technical mod teams without any training.

Challenges we ran into

The biggest technical challenge was working within Devvit's execution model. Everything runs in a sandboxed, serverless environment with strict timeout limits, which meant we had to design the on-chain scanning layer to run three external API calls (GoPlus, DexScreener, Honeypot.is) efficiently and fail gracefully- if one API is slow or down, the pipeline still completes and scores based on the remaining signals. Prompt engineering for the Gemini classification layer took significant iteration. Crypto scam content is highly context-dependent: a post about a legitimate new token and a post shilling a rug pull can look nearly identical in structure. We had to build a prompt that gives the model enough context - post text, extracted entities, on-chain flags - to make a meaningful distinction, while keeping it concise enough to stay well within token limits on every call. Designing the coordinated shill detection within the KV Store's key-value constraints was also non-trivial. We needed to correlate token mentions across users and time windows without a relational database, which required a careful key schema and TTL-aware lookup logic.

Accomplishments that we're proud of

We're proud that RugSentry does something no native Reddit tool can: it connects the content of a post directly to on-chain reality. A user can write anything about a token, but the contract address doesn't lie and RugSentry checks it automatically every time. The coordinated shill detection is the feature we're most proud of technically. Catching multi-account campaigns in real time, with no external database, using only Devvit's KV Store and a well-designed key schema, required genuine problem-solving. It's also the feature that catches the most dangerous type of manipulation, organized pump-and-dump campaigns that would sail past any per-post rule engine. We're also proud of the zero-infrastructure design. The entire app deploys with devvit upload and runs forever with no servers to maintain, no costs beyond the Gemini API key, and no single point of failure.

What we learned

Building RugSentry deepened our understanding of how much context matters in scam detection. Early versions relied too heavily on pattern matching and produced false positives on legitimate community posts about real tokens. Adding the on-chain layer reduced noise dramatically — a post that mentions a token with strong liquidity, no honeypot flag, and a clean deployer history scores very differently than one pointing to a contract with minting functions and zero liquidity. We also learned that good moderation tooling has to be invisible to moderators most of the time. The best version of RugSentry is one where moderators set their thresholds once and then forget it exists except when they see the dashboard numbers go up. Designing for that kind of quiet reliability, rather than constant interaction, shaped a lot of the UX decisions around the alert thresholds and automated actions. Working within Devvit's constraints also taught us to think very carefully about state. Without a real database, every piece of persistent data is precious, we learned to store only what we actually need and structure keys to support the query patterns the app relies on.

What's next for Rugsentry AI

The immediate roadmap focuses on three areas. First, expanding chain coverage. The current on-chain scanner supports EVM chains and Solana, but the crypto scam ecosystem moves fast. We want to add support for additional chains as GoPlus and DexScreener expand their coverage. Second, moderator reporting. Right now, risk data lives in KV Store and surfaces through modmail and the dashboard widget. We want to add a weekly digest, a scheduled report sent to mod teams summarizing the top threats caught, trending contract addresses, and repeat offenders, so mods have a clear picture of their community's threat landscape over time. Third, community-level intelligence sharing. Long term, we're exploring an opt-in network where subreddits running RugSentry can share confirmed scam contract addresses so a honeypot caught on one subreddit is automatically flagged on all participating communities within minutes. This would turn RugSentry from a per-subreddit tool into a platform-wide early warning system.

Built With

• devvit
• dexscreener
• express.js
• firebase
• gemini
• goplus
• honeypot.is
• node.js
• reddit
• sdk
• typescript