Three MCP tools for CVE lookup, IP reputation, and secret scanning. Priced in USDC on Base via x402. No API keys, no subscriptions — just pay per call.
All payments are micropayments in USDC on Base. No minimum, no recurring charges.
Query CVE vulnerability data by package+version or CVE ID. Sources: NVD + OSV.dev with parallel fetch, LRU cache, and graceful degradation. Never returns a false "clean" verdict on partial data.
Check IP or domain reputation. Sources: AbuseIPDB + VirusTotal with security-conservative verdict hierarchy: malicious > suspicious > unknown > clean. Unknown on partial data — never false clean.
Detect exposed secrets in text: AWS keys, GitHub PATs, OpenAI/Anthropic keys, Stripe keys, Slack tokens, PEM private keys, and more. Input text is never logged, cached, or forwarded — privacy guaranteed by architecture.
Any MCP-compatible agent with x402 payment support can call the server. No registration needed.
1. Trigger a payment challenge
curl -X POST https://agentsec-mcp.agentsec-mcp.workers.dev/mcp \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "cve_lookup",
"arguments": { "cve_id": "CVE-2021-44228" }
}
}'2. Receive an HTTP 402 with payment requirements
{
"x402Version": 1,
"error": "payment_required",
"accepts": [{
"scheme": "exact",
"network": "base",
"maxAmountRequired": "10000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"payTo": "0x3385c6022F92B5BdBaC221BE3C4e381ae09Ca26F"
}]
}3. Resubmit with an X-Payment header (signed USDC transfer)
Any x402-compatible client library handles the signing + retry automatically. See the x402 protocol docs for client integration.
Live on Base mainnet. Monitor status in real time at the public health endpoint.
GET https://agentsec-mcp.agentsec-mcp.workers.dev/health
{
"status": "ok",
"version": "0.1.0",
"upstreams": {
"nvd": "ok",
"abuseipdb": "ok",
"virustotal": "ok",
"x402_facilitator": "ok"
}
}