| name | revoke-approval |
| description | Revoke risky token approvals to protect wallet security |
| version | 1.0.0 |
| author | BlockChain-Copilot Team |
| tags | ["security","approval","trc20","protection"] |
Revoke Approval Skill
When to use this skill
Use this skill to:
- Revoke risky token approvals identified by approval-scanner
- Cancel unlimited allowances to unknown contracts
- Clean up old/unused approvals
- Protect wallet from malicious contract exploits
- Complete the security audit loop: Detect → Revoke
Why this matters
Security Risk: When you approve a contract (e.g., for swaps), you grant it permission to spend your tokens. If:
- Contract is compromised
- Approval is unlimited (
2^256-1)
- Contract is no longer used
→ Your tokens are at risk! This skill revokes those permissions.
How it works
User wallet
↓ Step 1
scanApprovals() → Find risky approvals
↓ Step 2
revokeApproval(contract, token) → Set allowance to 0
↓ Step 3
Transaction confirmed → Approval removed ✅
Prerequisites
- Valid TRON wallet address
- Access to TronGrid API
- Target token contract address
- Spender contract address to revoke
Usage
Method 1: Revoke Specific Approval
from skills.revoke_approval.scripts.revoke import build_revoke_transaction
result = await build_revoke_transaction(
owner_address="TYourAddress...",
token_address="TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t",
spender_address="TMaliciousContract..."
)
print(result['unsigned_tx'])
Method 2: Batch Revoke from Scanner Results
from skills.approval_scanner.scripts.scan_approvals import scan_approvals
scan_result = await scan_approvals("TYourAddress...")
for risky in scan_result['risky_approvals']:
tx = await build_revoke_transaction(
owner_address="TYourAddress...",
token_address=risky['token_address'],
spender_address=risky['spender']
)
Example Output
{
"success": true,
"message": "Revoke approval transaction created successfully",
"data": {
"owner": "TYourAddress...",
"token": "TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t",
"token_symbol": "USDT",
"spender": "TMaliciousContract...",
"old_allowance": "115792089237316195423570985008687907853269984665640564039457584007913129639935",
"new_allowance": "0",
"unsigned_tx": {
"txID": "...",
"raw_data": {...},
"visible": true
},
"estimated_energy": 15000,
"estimated_bandwidth": 345
},
"warnings": [
"⚠️ This will prevent the contract from spending your USDT",
"You'll need to re-approve if you want to use this contract again"
]
}
Security Flow Integration
Complete Security Workflow:
1. scan_approvals() # Detect risks
↓
2. User reviews results # Decision point
↓
3. revoke_approval() # Take action
↓
4. Sign & broadcast # Execute
↓
5. Wallet protected ✅
Error Handling
Common errors and solutions:
NoApprovalFound
Error: No approval found for this token/spender combination
Solution: Approval may have already been revoked or never existed
InsufficientEnergy
Error: Not enough energy to execute transaction
Solution: Rent energy using energy-rental skill first
InvalidAddress
Error: Token or spender address is invalid
Solution: Verify addresses are valid TRON addresses
Implementation Details
How revoke works:
- Calls TRC20
approve(spender, 0) function
- Sets allowance to 0 (revokes permission)
- Returns unsigned transaction for user to sign
Energy cost: ~15,000 energy (~0.5 TRX or rent)
Reversible: Yes, you can re-approve anytime
Integration with MCP
@mcp.tool()
async def revoke_token_approval(
owner_address: str,
token_address: str,
spender_address: str
) -> str:
"""
Revoke a token approval to protect wallet security.
Args:
owner_address: Your wallet address
token_address: Token contract (e.g., USDT)
spender_address: Contract to revoke approval from
"""
result = await build_revoke_transaction(
owner_address, token_address, spender_address
)
return format_for_agent(result)
Best Practices
- ✅ Always scan first: Use
approval-scanner before revoking
- ✅ Verify contract: Ensure you're revoking the right contract
- ✅ Batch wisely: Revoke multiple approvals in sequence
- ✅ Save energy: Rent energy if revoking many approvals
- ⚠️ Re-approval: Remember to re-approve if you want to use the contract again
Demo Script
For hackathon presentation:
User: "帮我检查钱包安全"
Agent:
1. [Calls approval-scanner]
"发现3个风险授权:
- SunSwap: 无限授权 USDT (1年前)
- Unknown Contract: 无限授权 USDC (高风险)"
2. [Recommends action]
"建议撤销这2个高风险授权"
3. User: "好的,撤销吧"
4. [Calls revoke-approval]
"已生成撤销交易,请在钱包中签名确认"
5. [Transaction signed]
"✅ 授权已撤销,钱包安全等级提升!"
This completes the Data → Insight → Action loop! 🔐
Technical Notes
- Uses TronGrid
triggersmartcontract endpoint
- Calls TRC20 standard
approve(address,uint256) function
- Sets allowance to
0 to revoke
- Returns unsigned transaction (never touches private keys)
- Compatible with all TRC20 tokens
See Also