sort by:defaultA → ZZ → Aapi callsvolume
booaip.vercel.app
Screen an EVM wallet against OFAC SDN crypto address list (PASS/BLOCK). Body: { address }.
$0.01 USDC
gblin-sentinel.vercel.app
GBLIN treasury analytics on Base: total supply, NAV, basket dynamic weights (cbBTC/WETH/USDC), stability fund and keeper availability — read live from the on-chain index contract.
$0.002000 USDC
gblin-sentinel.vercel.app
Live GBLIN keeper bounty availability on Base: whether a profitable incentivizedRebalance exists right now, expected ETH reward, and the MCP tool reference to execute it.
$0.002000 USDC
api-production-2800.up.railway.app
Token risk scanner API by AgentSpendGuard for Base and EVM wallet, trading, and DeFi agents before swapping or interacting with a token. Search keywords: token risk, Base token security, EVM token scanner, GoPlus token security, DexScreener liquidity, honeypot risk, AI agent wallet safety. Combines security flags, holder count, tax, honeypot, proxy, mint controls, and liquidity evidence into strict JSON verdict, score, reasons, and recommended action.
$0.01 USDC
nasa-x402.vercel.app
NASA Astronomy Picture of the Day. Returns the featured space image with title and explanation. Optional: specific date or random selection.
$0.002000 USDC
cryptointel-production.up.railway.app
Actionable trade decision: combines RSI/trend/momentum + narrative momentum + insider activity → single BUY/SELL/HOLD verdict with confidence score
$0.25 USDC
booaip.vercel.app
DeFi protocol TVL, chains and 1d/7d change (DefiLlama).
$0.01 USDC
base-sol-rugcheck.vercel.app
Solana SPL token safety check: freeze/mint authority, transfer controls, holder concentration, liquidity (GO/CAUTION/DANGER) via GoPlus. Pay USDC on Solana or Base.
0.01 tokens
2s.io
Certificate Transparency recon for a domain — discover its subdomains and issued certificates from public CT logs (passive attack-surface mapping). Pass domain. Returns the deduplicated set of subdomains seen across all certs (subdomains + subdomainCount), and the certificates (issuer, validity window, SAN dns names), most recent first. Sourced from SSLMate certSpotter (primary) with a crt.sh fallback — keyless. Live CT-log data over a huge append-only dataset an LLM cannot enumerate. For external attack-surface discovery, shadow-IT/subdomain inventory, and certificate monitoring. Note: CT shows names that ever appeared in a cert, not necessarily live hosts.
$0.002160 USDC
agentaegis-mcp-production.up.railway.app
AgentAegis scan_mcp_plugin — supply-chain trust scan of an MCP server or agent skill BEFORE you install/trust it. Clones a git repo (or takes a code snippet) and flags exfiltration (secrets/env to the network), prompt-injection sinks (hijack phrases + hidden unicode), dangerous capabilities (eval/shell/dynamic exec), npm install hooks, and obfuscation → one PROCEED/CAUTION/BLOCK verdict with findings.
n/a
2s.io
Authoritative MITRE CWE (Common Weakness Enumeration) lookup. Pass id (e.g. CWE-79, or just 79) for the canonical weakness — name, abstraction, description, extended description, ChildOf/ParentOf relationships (with names), and mapped CAPEC attack patterns (with names) — or query for a keyword search returning ranked matches. Bundled catalog (~970 weaknesses), zero external calls. Agents hallucinate CWE IDs and names constantly; this returns exact, citeable, version-pinned data. Pairs with security.cve (which returns CWE ids) and security.capec.
$0.001000 USDC
2s.io
Canadian-market vehicle dimensions and weights from NHTSA vPIC's Canadian Vehicle Specifications dataset. Pass year + make (required) and optional model to narrow. Returns one entry per matching trim with labeled dimensions — overall length/width/height (cm), wheelbase (cm), curb weight (kg), front/rear track width, interior head/leg/shoulder/hip room, and weight distribution — plus the full raw spec map. Authoritative measured specs (the SAE dimension codes), not estimates. Keyless, public-domain; covers model years 1971+.
$0.001440 USDC
2s.io
Official US EPA/DOE fuel-economy, fuel-cost, and emissions data for a vehicle by year + make + model. Because a model-year often has several powertrain configurations (engine/transmission), this returns one entry per configuration, each with: MPG city/highway/combined (or MPGe for EVs), CO2 tailpipe grams/mile, estimated annual fuel cost (USD), annual petroleum use (barrels), EPA greenhouse-gas score (1-10), 5-year savings vs the average new vehicle, plus transmission, drivetrain, cylinders, displacement, fuel type, EPA size class, and electric range for EV/PHEV. Authoritative EPA test figures — the real ratings an agent should not estimate. Keyless, public-domain (FuelEconomy.gov), covers model years 1984+.
$0.001800 USDC
2s.io
RPKI Route Origin Validation for a (BGP origin AS, prefix) pair — answers whether an AS is legitimately authorized to originate a prefix. Pass asn (e.g. AS15169) and prefix (CIDR, e.g. 8.8.8.0/24). Returns status (valid = a ROA authorizes it; invalid = a ROA exists but does NOT authorize this origin — a possible hijack/route-leak that RPKI-enforcing networks will drop; unknown = no covering ROA), a hijackSignal boolean, the validating ROAs (origin, prefix, maxLength), and a plain-English description. Live RIR/RPKI data via RIPEstat (keyless) — un-derivable by an LLM. The core BGP-security check; complements net.asn.
$0.001440 USDC
2s.io
Look up country metadata via REST Countries. Pass alpha2 (2-letter ISO 3166-1), alpha3 (3-letter), or name (with optional fullText=true for exact match). Returns common + official name, ISO codes, region + subregion, independence + UN-member flags, capital(s), population, area km², landlocked flag, neighboring borders (alpha-3), timezones, currencies (code → name + symbol), languages, calling code, flag emoji + SVG/PNG URLs, lat/lng coordinates, Google Maps + OSM URLs, driving side, top-level domains.
$0.001200 USDC
2s.io
Fetch a URL and grade its HTTP security headers. Pass url (scheme optional — defaults to https). Returns an overall letter grade + score, the list of present/missing headers, and a per-header analysis with the live value and specific issues for: Strict-Transport-Security (HSTS max-age/includeSubDomains), Content-Security-Policy (flags 'unsafe-inline'/'unsafe-eval'/missing default-src), X-Frame-Options or CSP frame-ancestors (clickjacking), X-Content-Type-Options (nosniff), Referrer-Policy, Permissions-Policy, and Cross-Origin-Opener/Resource-Policy. Also flags Server/X-Powered-By info disclosure. Analyzed from the target's LIVE response headers through an SSRF-guarded fetch (private/loopback targets refused) — an LLM cannot see a site's current headers. For web-app security review, vendor assessment, and CI gates.
$0.001800 USDC
2s.io
Search CMS Open Payments — every payment from a drug/device manufacturer or GPO to a US physician or teaching hospital under the Sunshine Act (~10M records per year). Lookup by 10-digit NPI for the recipient (most precise), by last/first name + state, or by payer (manufacturer) name. Each record includes recipient (NPI, name, specialty, location), payer (manufacturer name + state/country), payment (amount USD, date, nature of payment such as 'Consulting Fee'/'Food and Beverage'/'Travel'/'Royalty', form of payment), and associated product (drug/device name + therapeutic area). Investigative journalism + KYC + healthcare conflict-of-interest research. Public-domain federal data.
$0.001200 USDC
2s.io
Does public exploit code exist for a CVE, and where? Pass cve (e.g. CVE-2021-44228). Returns hasPublicExploit, the count, hasMetasploitModule and hasVerifiedExploit flags, and the Exploit-DB entries (id, description, type, platform, date, verified, Metasploit flag, link). Bundled inverted index from the Exploit-DB archive (~25k CVEs). This is the triage signal BEYOND security.cve's KEV (exploited in the wild) + EPSS (exploit probability): is the vulnerability actually weaponized with available code? Use the trio together to decide how urgently to patch. Absence is not proof no exploit exists (private/other archives not covered).
$0.001000 USDC
2s.io
Threat-intelligence reputation for an indicator of compromise (IOC) — pass ioc as an IP, domain, URL, or file hash (md5/sha1/sha256) and the type is auto-detected. Returns a malicious boolean plus a per-source breakdown: abuse.ch ThreatFox (IOC→malware/threat mapping), URLhaus (malicious URLs on a host/URL), MalwareBazaar (known malware samples by hash), Feodo Tracker (active botnet C2 IPs), Tor exit-node membership, and Spamhaus DROP (hijacked/criminal netblocks). Each source reports listed + a detail. Sourced from live, hourly-rotating threat feeds an LLM cannot know — a ground-truth liveness check for SOC alert triage, log enrichment, and blocklist decisions. Absence of a match is not proof of safety.
$0.002160 USDC
2s.io
Authoritative MITRE CAPEC (Common Attack Pattern Enumeration) lookup. Pass id (e.g. CAPEC-66, or just 66) for the canonical attack pattern — name, abstraction, description, typical likelihood + severity, mapped CWE weaknesses (with names), and related patterns (with names) — or query for a keyword search. Bundled catalog (~615 patterns), zero external calls. The attacker's-eye complement to security.cwe (the defender's weakness view) — the CAPEC↔CWE cross-links let an agent pivot between how an attack works and the weakness it exploits, with exact citeable IDs.
$0.001000 USDC
← prevnext →