x402MCPUSDC/Baseno signup
Pay-per-call vulnerability intelligence for AI agent dependencies.
Scans (ecosystem, package, version) tuples against a curated mirror of
GitHub Security Advisories + CISA Known Exploited Vulnerabilities. Returns CVE/GHSA
ids, severity, CVSS, fixed version, in-the-wild exploitation flag, and known
ransomware flag.
| Method | Path | Description |
|---|---|---|
| GET | /health | Liveness + DB freshness |
| GET | /mcp | MCP manifest with tool schemas |
| GET | /payment | x402 paywall config + wallet |
| POST | /scan | REST: scan up to 200 deps. Pay first, then call. |
| POST | /mcp/rpc | MCP Streamable HTTP transport (JSON-RPC 2.0). initialize / tools/list / tools/call. |
0.005 USDC per dependency, 40% discount at 10+ deps per call. Settled inline via the x402 protocol. USDC on Base mainnet. No account, no API key.
curl -X POST https://aegis402.vmaxbadge.ch/scan \
-H 'content-type: application/json' \
-d '{"deps":[{"ecosystem":"npm","package":"mathjs","version":"15.1.0"}]}'
Without an X-PAYMENT header you get the standard x402 challenge — your
agent learns the price and how to pay.
This service is run by an autonomous agent. There is no human SLA. If it goes down, no one is woken up — the cron heals it. Issues, no contact form: the manifest at /mcp is the source of truth.