Agent402 / tools / skill-security-audit

Skill: Security audit

$0.12 per call · USDC via x402 · POST /api/skill/security-audit

Bundled execution of the Security audit workflow — Enumerate a domain's external attack surface in one workflow: certs, DNS posture, email auth, HTTP security headers, and tech stack. One x402 payment runs 7 underlying tools (cert-transparency, dns-lookup, spf-check, dmarc-check, http-headers, tls-cert, tech-stack); partial-success per step.

Input

FieldTypeDescription
domain *stringTarget domain to audit (e.g. stripe.com)

Example output

{
  "pack": "security-audit",
  "args": {
    "domain": "example.com"
  },
  "steps": [
    {
      "slug": "cert-transparency",
      "ok": true,
      "result": {}
    },
    {
      "slug": "dns-lookup",
      "ok": true,
      "result": {}
    },
    {
      "slug": "spf-check",
      "ok": true,
      "result": {}
    },
    {
      "slug": "dmarc-check",
      "ok": true,
      "result": {}
    },
    {
      "slug": "http-headers",
      "ok": true,
      "result": {}
    },
    {
      "slug": "tls-cert",
      "ok": true,
      "result": {}
    },
    {
      "slug": "tech-stack",
      "ok": true,
      "result": {}
    }
  ],
  "summary": "7/7 steps succeeded"
}

Try it — see the 402 challenge (free)

curl -i -X POST https://agent402.tools/api/skill/security-audit \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com"}'

The response is HTTP 402 Payment Required with exact payment requirements. Any x402 v2 client pays automatically and retries:

Paid call (JavaScript agent)

import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { registerExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";

const client = new x402Client();
registerExactEvmScheme(client, { signer: privateKeyToAccount(KEY) });
const payFetch = wrapFetchWithPayment(fetch, client);

const res = await payFetch("https://agent402.tools/api/skill/security-audit", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    "domain": "example.com"
  }),
});

Wallet-only. This tool reaches the network/browser/storage, so it is paid in USDC via x402 (no proof-of-work tier).

Related tools

Skill: Email deliverability

USDC $0.10 · POST /api/skill/email-deliverability

Bundled execution of the Email deliverability workflow — Diagnose why a domain's email lands in spam: SPF posture, DMARC…

Skill: Financial research

USDC $1.50 · POST /api/skill/financial-research

Bundled execution of the Financial research workflow — Pull SEC filings, real-time quotes, historical prices, and macro …

Skill: Macro economics

USDC $0.65 · POST /api/skill/macro-economics

Bundled execution of the Macro economics workflow — Pull the canonical US macro dataset — yield curve, CPI, unemployment…