Skip to content
clusters: prooflayer · edgemarket · edgefinance · synthforge · mediakit · wordmint · webprobe · locale · comppoint · rollforge · bestiary · statline · matchpoint · retail · agentops · browserworkflow · modelrouter · compose
$ man dep-risk-summary

/dep-risk-summary

agentutility / prooflayer / dep-risk-summary
PRICE / CALL
$0.03
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
prooflayer
CATEGORY
ai
STATUS
live
NAME
dep-risk-summary scores dependency risk for a whole repo from its manifests and lockfiles
SYNOPSIS
POST https://x402.agentutility.ai/dep-risk-summary
     Content-Type: application/json
     X-PAYMENT:    <signed-transferWithAuthorization>

     { ... }
↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION

Scores dependency risk for a whole repo from its manifests and lockfiles. Best-effort scan of package.json, pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock (JS); requirements.txt, pyproject.toml, poetry.lock (Python); go.mod, go.sum (Go). Samples 10 alphabetically-first direct deps via npm/PyPI registry for deprecation + install-script signals. Returns 0-100 score, per-finding kind/severity/path/evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} or {files: [{path, content}, ...]}. Use it as a package.json + lockfile vetter, unpinned dep detector, transitive dep counter, requirements.txt audit, pyproject dep risk check, deprecated dep detector, install-script dep detector, or Snyk-adjacent repo-level supply-chain risk score.

OUTPUTresponse shape
fieldtypedescription
scorenumberOverall dependency risk score from 0 (clean) to 100 (severe), aggregated across findings and sampled registry signals.
risk_levelstringBucketed risk tier derived from score: low, medium, high, or critical.
findingsarrayPer-issue list with kind, severity, file path, evidence snippet, and recommendation for each detected risk.
signalsobjectCounters and flags like unpinned deps, deprecated packages, install-script presence, transitive count, and lockfile state.
summarystringVenice-generated plain-English verdict explaining the score and top risks in a few sentences.
metadataobjectScan context including manifests parsed, ecosystems detected, sampled package count, repo or files mode, and timing.
EXAMPLEStwo ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/dep-risk-summary \
  -H 'Content-Type: application/json' \
  -d '{ }'
first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>

# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...

# Then call the dep-risk-summary tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
tags
securitydependenciessupply-chainnpmpypilockfileprooflayer
env
VENICE_API_KEY
methods
POST
cluster
prooflayer
price
$0.03 USDC per call
ADJACENTother endpoints in prooflayer
endpointdescriptionprice
ai-content-detectorDetect AI-generated writing with a calibrated probability score.$0.03
github-repo-healthGitHub repo health score / open-source maintainability checker.$0.03
package-risk-npmScores supply-chain risk for an npm package before you install it.$0.03
prompt-injection-surfaceScans AI app source code for prompt injection risk at LLM call sites.$0.03
app-store-rejection-explainExplains App Store and Google Play rejections and turns them into a resubmission plan.$0.02
db-migration-riskAudits database migrations for risky SQL before deploy.$0.02
deploy-config-riskAudits deploy configuration files for production risks.$0.02
secrets-exposure-checkScans project config files for hardcoded secrets before you deploy.$0.02
SEE ALSO
agentutility · prooflayer · x402 · mcp · llms.txt · registry.json · bazaar.x402.org