Mcp
AgentSec MCP
Security intelligence via x402 on Base. CVE lookup, IP reputation, secret scanning.
When to use AgentSec MCP
Choose if
Your agent is doing code review, triage, or supply-chain work and needs cheap on-demand security signals — CVE lookup (NVD + OSV), IP/domain reputation (AbuseIPDB + VirusTotal), or 20-pattern secret detection — without wiring those upstream APIs yourself. Pay-per-call via x402 on Base ($0.01/call for CVE and reputation, $0.05/call for secret scan) means no monthly account, no shared API key. Secret-scan privacy guarantee: input text is never logged, cached, or forwarded; only `findings_count` + offsets are returned.
Avoid if
You need deeper SAST/DAST, full SBOM analysis, dependency graph vulnerability checks, or compliance reports — this is a 3-tool intelligence lookup, not a security platform. Also avoid if you can't pay in x402/Base USDC, or if your project policy forbids routing IP addresses or package names through a third-party reputation API (AbuseIPDB + VirusTotal are upstream sources). No GitHub repo is published in the MCP Registry entry; the endpoint is the only audit surface.
Risk Flags
- MEDIUM auth x402 micropayments on Base required for every paid call ($0.01 CVE/reputation, $0.05 secret-scan). Agents need a funded Base USDC wallet plus x402 client support.
- LOW rate_limit Secret-scan tool documents per-call rate limit of 100/min. CVE and reputation results cached 10 minutes server-side.
- LOW scope Three tools only — `cve_lookup`, `reputation_check`, `secret_scan`. No SBOM, no dependency tree, no SAST/DAST.
- LOW maturity No public source repository in the MCP Registry entry. Endpoint is live and serves valid MCP `initialize` + 3 tools, but no GitHub audit surface is exposed.
Cost
Type: Usage based
Distribution
- MCP Registry
io.github.traveljamboree/agentsec-mcp