Abstract
ShieldAPI delivers real-time security intelligence directly to AI agents. Expose malicious prompts, breached data, and toxic infrastructure before execution.
Agentic Finance Trust Layer
Agentic finance is moving from human dashboards to autonomous x402 agents. ShieldAPI is the security and trust preflight those agents can call before they pay, connect, install, or execute.

Built for x402 payment flows and agent identity/reputation stacks such as ERC-8004 and ERC-8183: check prompt injection, MCP server trust, AI skill/package supply-chain risk, and URL/domain/IP reputation in the same paid workflow.

Who Should Call This?
For agents, wallets, marketplaces, and MCP clients that need a paid security preflight before they trust an endpoint, install code, follow instructions, or send x402 payments.
  • Agent builders: block prompt-injection and risky tool instructions before execution.
  • MCP clients: score a server before granting it tool access or workspace context.
  • x402 marketplaces: check URLs, domains, IPs, packages, and skills before an autonomous paid action.

Cost: $0.001–$0.02 per call, paid in USDC via x402. Trust: no API key, public OpenAPI, x402 discovery, live health endpoint, and MCP/CLI packages listed in npm directories.

Which Check Should My Agent Run?
Use ShieldAPI at the last responsible moment: right before untrusted input becomes a privileged action, payment, install, connection, or delegation.
  • About to connect to an MCP server? Run POST /api/cdp/check/mcp/trust and require at least silver/gold for tool access.
  • About to install code or a skill? Run GET /api/cdp/check/package or POST /api/cdp/scan/skill before execution.
  • About to obey webpage, issue, email, README, or tool-output instructions? Run POST /api/cdp/check/prompt before shell, wallet, browser, filesystem, or delegation calls.
  • About to pay, browse, scrape, or trust an external counterparty? Run GET /api/cdp/full/scan, or the cheaper URL/domain/IP check when you only need one signal.

Policy default: allow low risk, require human confirmation on medium risk, and block high risk or active compromise signals.

Agentic Market Quickstart
No API key. No account. Your agent discovers a paid endpoint, receives HTTP 402, pays USDC via x402, and gets security intelligence back in the same workflow. 
npx agentcash@latest discover https://shield.vainplex.dev
npx agentcash@latest check 'https://shield.vainplex.dev/api/cdp/check/ip?ip=8.8.8.8&shieldapi_source=landing-quickstart'
npx agentcash@latest fetch 'https://shield.vainplex.dev/api/cdp/check/ip?ip=8.8.8.8&shieldapi_source=landing-quickstart'
Agent JobPortal EndpointPrice
Preflight an MCP serverPOST /api/cdp/check/mcp/trust$0.020
Scan a skill before installPOST /api/cdp/scan/skill$0.020
Check package supply-chain riskGET /api/cdp/check/package$0.010
Detect prompt injectionPOST /api/cdp/check/prompt$0.005

Discovery: OpenAPI · x402 · llms.txt

Measuring a pilot? Add shieldapi_source=<campaign> to endpoint URLs, or send header X-ShieldAPI-Source: <campaign>. Source tags appear in the live /api/health telemetry for attribution triage; confirm revenue with Base USDC settlement before making customer or revenue claims.

Copy-Paste Paid Agent Calls

For external marketplaces, MCP registries, and agent framework pilots, use the canonical /api/cdp/... paths below. Each call is x402-paid, needs no API key, and carries a source tag so the first real pilot can be separated from self-canaries.

Agents should treat 402 Payment Required as the expected handshake: inspect price with agentcash check, pay via x402, then use the returned risk verdict before connecting, installing, delegating, or paying. For wallet-funded agents, run the preflight before signing or settling payment to an unfamiliar seller endpoint. For ERC-8183-style commerce flows, check the seller domain, checkout URL, and fulfillment/MCP endpoint before accepting the offer or giving the seller tool access.

Pick your workflow: framework tool hooks · AgentKit/x402 wallet guard · Apify paid Actor preflight · ERC-8183 checkout preflight 

# Minimal ShieldAPI stoplight policy for agents
if shieldapi.verdict in ["malicious", "phishing", "high_risk", "blocked"]:
  do_not_continue()
elif shieldapi.verdict in ["medium_risk", "unknown"]:
  ask_human_before_payment_or_tool_access()
else:
  continue_with_action()

# Always attach a named source tag for paid pilots:
# ?shieldapi_source=<agent-or-channel>
Endpoint Matrix
POST /api/check-mcp-trust $0.020

Multi-signal Trust Oracle for MCP servers. Returns a composite trust score (0–100) and tier rating.

Signals Analyzed

Security 30% Injection 25% Supply Chain 20% Reliability 15% On-Chain 10%

What It Checks

Domain reputation (DNS, SSL cert, SPF/DMARC) · Prompt injection patterns in tool descriptions · Toxic skill categories (filesystem, network, crypto) · Server uptime, latency, MCP protocol compliance · ERC-8004 on-chain reputation via AgentProof

Returns

trust_score (0–100), tier (platinum ≥90 / gold ≥75 / silver ≥60 / bronze ≥45), per-signal breakdown, risk factors, recommendations

Example Response

{ "trust_score": 62, "tier": "silver", "signals": { "security": { "score": 75, "weight": 0.30 }, "injection": { "score": 50, "weight": 0.25 }, "supply_chain": { "score": 60, "weight": 0.20 }, "reliability": { "score": 80, "weight": 0.15 }, "on_chain": { "score": 40, "weight": 0.10 } }, "recommendations": ["Enable DMARC", "Review tool descriptions"] }
POST /api/scan-skill $0.020

Deep security scanner for AI agent skill definitions. Detects dangerous capabilities before your agent uses them.

Signals Analyzed

Toxic Categories Permission Scope Injection Vectors

What It Checks

Skill name & description for dangerous patterns · Categories: filesystem access, network calls, crypto operations, code execution · Tool description injection attempts · Permission escalation risks

Returns

risk_level (critical/high/medium/low), toxic_categories array, findings with severity and description

Example Response

{ "risk_level": "high", "toxic_categories": ["filesystem", "code_execution"], "findings": [ { "severity": "high", "type": "dangerous_capability", "detail": "Skill requests write access to filesystem" } ] }
POST /api/check-prompt $0.005

Prompt injection detection engine. Scans text for 208+ known injection patterns before your agent processes it.

Signals Analyzed

Injection Patterns Jailbreak Attempts Role Hijacking

What It Checks

208+ known prompt injection patterns · System prompt overrides ("ignore previous instructions") · Role/persona hijacking · Encoded/obfuscated payloads (base64, unicode) · Multi-turn injection chains

Returns

is_injection (boolean), confidence (0–1), patterns_matched array, risk_level

Example Response

{ "is_injection": true, "confidence": 0.94, "risk_level": "critical", "patterns_matched": [ "system_prompt_override", "role_hijacking" ] }
GET /api/check-url $0.003

URL safety evaluation. Checks if a link is safe before your agent clicks it.

Signals Analyzed

Phishing Detection Malware Domains Redirect Chains Brand Impersonation

What It Checks

Known phishing URLs · Malware distribution domains · Suspicious redirect chains · Brand impersonation (look-alike domains) · URL shortener abuse · Newly registered domain risk

Returns

safe (boolean), risk_level, threats array, final_url (after redirects), domain_age

Example Response

{ "safe": false, "risk_level": "high", "threats": ["phishing", "brand_impersonation"], "final_url": "https://evil-paypal.example.com/login", "domain_age": "3 days" }
GET /api/check-domain $0.003

Comprehensive domain reputation scoring. Evaluates the security posture of any domain.

Signals Analyzed

DNS Config SSL/TLS SPF DMARC Blacklists

What It Checks

DNS records (A, MX, NS, TXT) · SSL certificate validity & chain · SPF record configuration · DMARC policy enforcement · DNSBL blacklist presence · Domain age & registrar

Returns

reputation_score (0–100), ssl status, spf/dmarc config, blacklisted (boolean), findings

Example Response

{ "reputation_score": 85, "ssl": { "valid": true, "issuer": "Let's Encrypt", "days_remaining": 62 }, "spf": "v=spf1 include:_spf.google.com ~all", "dmarc": { "policy": "reject", "configured": true }, "blacklisted": false }
GET /api/check-email $0.005

Email breach intelligence. Checks if an email address appears in known data breaches.

Data Sources

Breach Databases Paste Sites Dark Web Dumps

What It Checks

Known data breaches (HIBP-style) · Paste site appearances · Exposed credential databases · Breach severity and data types leaked

Returns

breached (boolean), breach_count, breaches array (name, date, data types), first_seen/last_seen

Example Response

{ "breached": true, "breach_count": 3, "breaches": [ { "name": "LinkedIn 2012", "date": "2012-05-05", "data_types": ["email", "password_hash"] } ] }
GET /api/check-ip $0.002

IP reputation mapping. Identifies Tor exit nodes, proxies, and blacklisted addresses.

Signals Analyzed

Tor Exit Nodes Blacklists Proxy/VPN Geolocation

What It Checks

Tor exit node database · Multiple DNSBL blacklists · Known proxy/VPN ranges · Abuse history · Geolocation & ASN ownership

Returns

risk_level, is_tor, is_proxy, blacklists array, geo (country, city, ASN)

Example Response

{ "risk_level": "high", "is_tor": true, "is_proxy": false, "blacklists": ["spamhaus", "barracuda"], "geo": { "country": "DE", "asn": "AS24940 Hetzner" } }
GET /api/check-password $0.001

Deprecated full SHA-1 password hash lookup against 900M+ indexed password hashes. Prefer /api/check-password-range for k-anonymity privacy.

How It Works

900M+ Hashes SHA-1 Lookup Deprecated

What It Checks

Full SHA-1 hash against 900M+ known breached passwords · HIBP-style breach corpus · Kept for legacy integrations; new agents should use the range endpoint so the full hash never leaves the client.

Returns

breached (boolean), count (times seen in breaches), strength assessment

Example Response

{ "breached": true, "count": 37842, "message": "This password has appeared in 37,842 data breaches" }
GET /api/check-password-range $0.001

k-Anonymity password range validation. Returns all hash suffixes for a given prefix — your app checks locally.

How It Works

k-Anonymity Prefix Lookup Client-Side Match

What It Checks

Send first 5 chars of SHA-1 hash · Receive all matching suffixes + breach counts · Your app checks locally if the full hash matches · Maximum privacy — server never sees the full hash

Returns

Array of suffix:count pairs for client-side matching

Example Response

{ "prefix": "5BAA6", "results": [ "1E4C9B93F3F0682250B6CF8331B7EE68FD8:3861493", "A0372F8B0C64F4D4A9D7B39D44F91C52381:2" ] }
GET /api/check-package $0.010

Supply-chain preflight for npm/PyPI-style packages before an agent installs or executes code.

Signals Analyzed

Package Risk Typosquat Known Incidents Install Safety

What It Checks

Package identity and ecosystem · Known malicious or suspicious package signals · Pre-install risk evidence for autonomous agents and CI workflows

Returns

verdict, risk_level, findings, and install/delegation recommendations

Example Response

{ "package": "express", "ecosystem": "npm", "verdict": "allow", "risk_level": "low", "findings": [] }
GET /api/full-scan $0.010

Comprehensive security scan. Runs domain, IP, URL, and email checks in a single call.

Included Scans

Domain IP URL Email SSL

What It Checks

Everything from check-domain, check-ip, check-url combined · Single API call, one price · Aggregated risk score across all vectors · Ideal for "tell me everything about this target"

Returns

overall_risk, individual scan results (domain, ip, url, email), summary

Example Response

{ "overall_risk": "medium", "domain": { "reputation_score": 85, "ssl": { "valid": true } }, "ip": { "risk_level": "low", "blacklists": [] }, "url": { "safe": true, "threats": [] }, "summary": "Domain is well-configured. No active threats." }
Integration Vectors
[01] MCP SERVER (Claude, Cursor) 
npm install shieldapi-mcp
[02] CLI INTERFACE 
npm install -g @vainplex/shieldapi-cli
[03] OPENCLAW GOVERNANCE PLUGIN

ShieldAPI is used as the security backend in @vainplex/openclaw-governance — an Agent Firewall for the OpenClaw runtime.

Live API Terminal
$ curl "https://shield.vainplex.dev/api/check-url?url=https://example.com"
← Hit RUN to query the live API (free tier, no account needed)