$ man mcp-server-safety-report
/mcp-server-safety-report
PRICE / CALL
$0.06
USDC · base mainnet · scheme: exact
──────────────────────────────────────────────────────────────────────────────
NAME
mcp-server-safety-report — mcp server audit / mcp safety report / tool risk review / agent tool security in one call: point it at a live mcp server url or hand it a…
SYNOPSIS
POST https://x402.agentutility.ai/mcp-server-safety-report
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION
MCP server audit / mcp safety report / tool risk review / agent tool security in one call: point it at a live MCP server URL or hand it a tool manifest and get a risk read before an agent starts calling that server's tools. Composite: one call runs mcp-tools-list + mcp-tool-risk-score + prompt-injection-surface + secrets-exposure-check in parallel, merged into {risk, injection_surface, secrets_exposure}. mcp-tools-list discovers the tool catalog from server_url via JSON-RPC tools/list; mcp-tool-risk-score scores each tool 0-100 for permission scope and destructive-action risk. Pass a GitHub repo alongside the server to also scan the server's own code for prompt injection and secrets exposure. Use it as an MCP server audit API, an agent tool security checker, or a pre-connect safety gate.
INPUT — request schema
| property | type | description | req? |
|---|
| server_url | string | Live MCP server JSON-RPC endpoint to discover tools from. Provide exactly one of server_url or manifest. | optional |
| manifest | array | A tool manifest already in hand: an array of MCP tool definitions ({name, description, inputSchema}). Provide exactly one of server_url or manifest. Max 50 entries. | optional |
| repo | string | Optional GitHub repo in 'owner/name' format hosting the MCP server's source. When given, also runs a prompt-injection and secrets-exposure scan of the repo. | optional |
| context | string | Optional deployment context for the risk scorer, e.g. 'runs with full filesystem access in CI'. Max 500 chars. | optional |
OUTPUT — response shape
| field | type | description |
|---|
| source | string | — |
| server_url | string | — |
| tool_count | string | — |
| risk | string | — |
| injection_surface | string | — |
| secrets_exposure | string | — |
| skipped | string | — |
| composed_of | string | — |
| components | string | — |
| degraded | string | — |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/mcp-server-safety-report \
-H 'Content-Type: application/json' \
-d '{ }'first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>
# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...
# Then call the mcp-server-safety-report tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- composemcpserversafetyreportmcp-server-safety-report
- methods
- POST
- cluster
- compose
- price
- $0.06 USDC per call
ADJACENT — other endpoints in compose
| endpoint | description | price |
|---|
| agent-run-review | Agent run review / trace cost evals / post-run analysis / agent debugging in one call: hand it a raw agent execution trace and get a read… | $0.06 |
| brand-availability-sweep | Brand availability sweep API for a name availability check before you commit to a startup, product, or project name: trademark signal, do… | $0.06 |
| browser-workflow-repair | Browser workflow repair / self-healing automation / dom drift fix / flow memory in one call for agents whose CSS selectors broke after a… | $0.06 |
| competitor-snapshot | Snapshots a company for competitive intelligence in one call: profile, recent news, and news sentiment. | $0.06 |
| contact-golden-record | Turn 2-5 messy candidate contact records into one deduplicated golden record with per-field provenance. | $0.06 |
| content-authenticity-report | Content authenticity report: send a URL (or raw text) and find out whether a page is AI-generated slop before your agent cites, summarize… | $0.06 |
| cross-lingual-topic-monitor | Monitor a topic across non-English sources in one call: search the open web and X, detect what language each hit is actually in, translat… | $0.06 |
| dependency-provenance | Dependency risk and supply chain trust for one package in a single call: registry adoption stats, a package risk score, source repo healt… | $0.06 |