AgentTrust

Description

Security Scanner and Reputation Oracle for AI agent skills and MCP servers. Scans for malware, prompt injection, tool poisoning, and 47 other threat patterns. Returns cryptographically signed ACT/HALT receipts (JWS, draft-krausz-verification-state-00). x402-native on Base mainnet.

Unique features:

• SKILL.md scanner — 40 rules, 12 categories
• MCP manifest scanner — tool poisoning, shadowing, hidden unicode, rug pull detection
• Unified trust gate — skill + MCP + endpoint reputation in one signed call
• JWS-signed receipts — verifiable ACT/HALT per IETF draft-krausz-verification-state-00
• Endpoint reputation — on-chain trust score before your agent pays
• Trust badge — SVG badge for x402 providers

Privacy notice: Submitted content is sent to agenttrust.uk for analysis. Only submit content you are comfortable sharing.

Payment notice: Full scan endpoints require x402 USDC payments on Base. Free tiers require no wallet.

Instructions

Always try free endpoints first. Before using any paid endpoint, ask the user for explicit confirmation and disclose the exact price.

Free SKILL.md scan (no payment required)

POST https://agenttrust.uk/v1/scan/free

Price: FREE

Body: { "content": "" }

Returns: safety score 0-100, level (SAFE/MEDIUM/HIGH/CRITICAL), findings, v_gate (act/halt), JWS receipt

Note: Rate limited to 10 requests/hour per IP.

Full SKILL.md scan (requires explicit user approval)

POST https://agenttrust.uk/v1/scan

Price: 0.015 USDC on Base (x402)

Body: { "content": "" }

Returns: safety score, all 40 findings, integrity hash, JWS receipt

Note: Results are cached — repeated scans return instantly.

Free MCP manifest scan (no payment required)

POST https://agenttrust.uk/v1/scan/mcp/free

Price: FREE

Body: { "manifest": }

Returns: safety score, level, findings (tool poisoning, shadowing, etc.), v_gate, JWS receipt

Note: Rate limited to 10 requests/hour per IP.

Full MCP manifest scan (requires explicit user approval)

POST https://agenttrust.uk/v1/scan/mcp

Price: 0.015 USDC on Base (x402)

Body: { "manifest": }

Returns: full scan, all 50 rules, JWS receipt

Unified trust gate (FREE)

POST https://agenttrust.uk/v1/gate

Price: FREE

Body: { "skill": "", "mcp": , "endpoint": "" }

Note: All fields optional — include whichever you want to check.

Returns: v_gate (act/halt), v_recommendation, worst_level, per-component results, JWS receipt

Use this to check everything at once before your agent acts.

Endpoint reputation check (FREE)

GET https://agenttrust.uk/v1/reputation?url=

Price: FREE

Returns: trust score 0-100, badge (TRUSTED/UNVERIFIED/SUSPICIOUS), issues, on-chain stats

Trust badge (FREE)

GET https://agenttrust.uk/v1/badge?url=

Price: FREE

Returns: SVG badge — embed with

Wallet reputation lookup (requires explicit user approval)

GET https://agenttrust.uk/v1/trust/:address

Price: 0.010 USDC on Base (x402)

Returns: trust score, incident history, audit status

Verify integrity (requires explicit user approval)

POST https://agenttrust.uk/v1/verify

Price: 0.005 USDC on Base (x402)

Body: { "hash": "" } or { "content": "" }

Returns: verified true/false, last scan result

Full audit report (requires explicit user approval)

POST https://agenttrust.uk/v1/report

Price: 0.050 USDC on Base (x402)

Body: { "content": "", "skill_id": "" }

Returns: full report with per-finding remediation guidance

JWS Receipt Verification

All scan responses include a signed receipt field. Verify with:

JWKS: https://agenttrust.uk/.well-known/jwks.json

Mapping: https://raw.githubusercontent.com/poteshniy/agenttrust/main/docs/mapping-v0.3.md

Spec: https://datatracker.ietf.org/doc/draft-krausz-verification-state/