JSPM

@agentutility/mcp-prooflayer

0.1.8
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 6
  • Score
    100M100P100Q62003F
  • License MIT

MCP server for the @agentutility prooflayer cluster — pay-per-call x402 tools, no API keys, USDC on Base.

Package Exports

  • @agentutility/mcp-prooflayer
  • @agentutility/mcp-prooflayer/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@agentutility/mcp-prooflayer) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@agentutility/mcp-prooflayer

Trust + risk scanners for AI-built apps.

AI builds apps fast. Prooflayer verifies they're safe to ship — secrets, deploys, migrations, dependencies, prompt-injection, supply chain.

Pricing: pay-per-call in USDC on Base. No subscriptions, no API keys. See per-tool prices below.

Install — Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "agentutility-prooflayer": {
      "command": "npx",
      "args": ["-y", "@agentutility/mcp-prooflayer"],
      "env": { "X402_PRIVATE_KEY": "0xYOUR_PRIVATE_KEY_HEX" }
    }
  }
}

Restart Claude Desktop. 13 tools appear in the tool palette.

Install — Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "agentutility-prooflayer": {
      "command": "npx",
      "args": ["-y", "@agentutility/mcp-prooflayer"],
      "env": { "X402_PRIVATE_KEY": "0x..." }
    }
  }
}

Funding

Send any amount of USDC on Base mainnet to the address derived from your X402_PRIVATE_KEY. The MCP server uses it to pay for tool calls automatically.

USDC on Base contract: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913

Tools (13)

Tool Description
ai-content-detector (0.03 USDC/call) AI content detector / GPT detector / ChatGPT plagiarism checker. Calibrated probability (0-1), verdict, suspicious phrases, per-axis style signals (em-dash overuse, hedge phrases, formulaic transitions).
brand-clearance (0.25 USDC/call) Brand clearance aggregator / name screening / product-name vetting / startup-brand pre-flight. Given a candidate brand name, returns a single composite clearance signal an agent can act on. Calls four checks in parallel (in-process, no x402 self-billing): USPTO TM name search, domain availability across requested TLDs (default .com .ai .dev .io .co), Wikipedia presence, Hacker News mention scan. Returns risk_level (clear
cve (0.005 USDC/call) CVE lookup / vulnerability database. NIST NVD-backed. CVSS v3.1+v2 scores, severity, affected CPEs, CWE, exploit indicators + LLM summary.
cve-lookup (0.005 USDC/call) CVE lookup / vulnerability database. NIST NVD-backed. CVSS v3.1 + v2 scores, severity, affected CPEs, CWE class, references, public-exploit indicators. Plus LLM exploitability summary.
db-migration-risk (0.02 USDC/call) DB migration risk audit / SQL migration safety check / DROP COLUMN detector / unsafe ALTER TABLE detector / Postgres CREATE INDEX CONCURRENTLY check / Alembic op.drop_* detector / TRUNCATE/DELETE WHERE detector / foreign key NOT VALID check / pre-deploy DB gate. Walks migrations/, prisma/migrations/, db/migrate/, supabase/migrations/, alembic/versions/ and flags destructive DDL, lock-heavy ALTER TABLE, NOT NULL without DEFAULT, plain CREATE INDEX (vs CONCURRENTLY), unbounded TRUNCATE/DELETE, and FK validation without NOT VALID. Returns 0-100 score, per-finding kind/severity/path/line/evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} for public GitHub or {files: [{path, content}, …]} for private / agent-workspace use.
dep-risk-summary (0.03 USDC/call) repo dependency risk audit / package.json + lockfile vetter / unpinned dep detector / transitive dep counter / requirements.txt audit / pyproject dep risk / repo-level supply-chain risk score / Snyk-adjacent / deprecated dep detector / install-script dep detector. Best-effort scan of package.json, pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock (JS); requirements.txt, pyproject.toml, poetry.lock (Python); go.mod, go.sum (Go). Samples 10 alphabetically-first direct deps via npm/PyPI registry for deprecation + install-script signals. Returns 0-100 score, per-finding kind/severity/path/evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} or {files: [{path, content}, …]}.
deploy-config-risk (0.02 USDC/call) deploy config audit / Dockerfile lint / vercel.json hardening / wrangler.toml review / docker-compose.yml safety / fly.toml secrets check / netlify deploy gate / open CORS detector / exposed admin port detector / plaintext secret in env detector / production-readiness deploy gate. Fetches deploy config files (Dockerfile, wrangler.toml, vercel.json, netlify.toml, fly.toml, docker-compose.yml, serverless.yml) and flags open CORS with credentials, exposed admin ports (22/5432/6379/etc), plaintext secrets in inline env, dev/debug mode left enabled, missing healthchecks. Returns 0-100 score, per-finding kind/severity/path/line/redacted-evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} for public GitHub or {files: [{path, content}, …]} for private / agent-workspace use.
github-repo-health (0.03 USDC/call) GitHub repo health score / open-source maintainability checker. 0-100 score + grade (abandoned/stale/okay/healthy/thriving). Commit activity, contributors, license, CI, tests. Plus LLM verdict.
package-risk-npm (0.03 USDC/call) npm package risk score / supply-chain scanner / typosquat detector. Maintainer count, weekly downloads, install scripts, dependency depth, deprecation, age, typosquat distance to popular packages. Plus LLM risk summary.
production-readiness-score (0.10 USDC/call) production readiness score / AI app deploy gate / Prooflayer cluster aggregator / repo prod-risk composite / one-call audit / unified production readiness API / vibe-coded app safety scan. Calls all 5 Prooflayer component scanners (secrets-exposure-check, deploy-config-risk, db-migration-risk, dep-risk-summary, prompt-injection-surface) in parallel in-process and rolls findings into a weighted composite score (default weights: secrets 0.30, migrations 0.20, deps 0.20, deploy 0.15, prompt 0.15). Returns composite 0-100, production_grade (production-ready
prompt-injection-surface (0.03 USDC/call) AI prompt injection surface scanner / LLM call-site audit / unsanitized user input in prompts detector / system-message mixing flag / unbounded completion detector / AI app safety scan / pre-deploy AI risk gate. Walks .ts/.tsx/.js/.jsx/.py/.mjs/.cjs source files, locates LLM SDK call sites (anthropic, openai, @ai-sdk/*, google generative), and flags user input flowing into prompts without sanitization, calls without max_tokens caps, system/user prompt mixing, and LLM output used unvalidated in fetch/exec/eval. Returns 0-100 score, per-finding kind/severity/path/line/evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} (tree-walk, capped 500 files) or {files: [{path, content}, …]}.
pypi-package-risk (0.01 USDC/call) PyPI package risk score / Python supply-chain scanner. Age, monthly downloads, install-script hooks (cmdclass/setup.py), dependency depth, deprecation, typosquat distance to 50 popular Python packages. Plus LLM risk summary.
secrets-exposure-check (0.02 USDC/call) secrets exposure scan / hardcoded API key detector / .env-committed-key audit / Next.js client env leak detector / pre-deploy secret gate. Fetches top-level config files (.env*, wrangler.toml, vercel.json, next.config.*, package.json, etc.) and scans for hardcoded AWS/OpenAI/Anthropic/Stripe/GitHub keys, private keys, DB URLs with passwords, JWT secrets, weak values in .env.example, and server-only env vars accidentally exposed via NEXT_PUBLIC_. Returns 0-100 score, per-finding kind/severity/path/line/redacted-evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} for public GitHub or {files: [{path, content}, …]} for private / agent-workspace use.

How it works

  1. Agent calls a tool (e.g. ai-content-detector).
  2. MCP server POSTs to https://x402.agentutility.ai/ai-content-detector.
  3. The endpoint responds HTTP 402 with payment instructions.
  4. The MCP server signs an EIP-3009 USDC transfer authorization with X402_PRIVATE_KEY and retries.
  5. CDP facilitator settles on Base.
  6. The endpoint returns the actual response.

The agent never sees the payment flow — it just gets the result.

Version: 0.1.8 · License: MIT