laso.finance C · 63/100
19 passed 12 warnings 1 failed audit-mneq91x2
SSL / TLS Valid HTTPS · 342ms
x402 discovery /.well-known/x402 found · v1 · 55ms
Agent discovery No agent.json found
llms.txt Found (12141 chars) · 271ms
security.txt Found · 342ms
CORS headers origin: https://laso.finance (restricted) · 342ms
Security headers 5/5 present (all critical headers set) · 346ms
Response time 165ms avg · 165ms
MCP server /mcp/info responds · 347ms
API endpoints 3 endpoints found
Error handling Returns 200 for unknown paths · 423ms
x402 compliance No x402 payment gates found · 351ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 356ms
Documentation /docs found · 357ms
robots.txt AI crawlers 6 AI crawlers configured: GPTBot, Claude-Web, ChatGPT-User, Anthropic, Google-Extended, PerplexityBot · 362ms
AI plugin manifest /.well-known/ai-plugin.json — "Laso Finance" · 365ms
OpenAPI spec /openapi.json — 3.1.0, 13 paths, servers defined, auth documented · 367ms
Privacy / GDPR /privacy found (6686 chars) · 367ms
Status / Health /status found · 369ms
EU AI Act disclosure No AI model card or disclosure endpoint
Travel Rule (FATF) /travel-rule found (non-JSON, 6686 chars) · 34ms
A2A Protocol (Google) No agent.json for A2A discovery
DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records No CAA records — any CA can issue certificates
DMARC / SPF DMARC p=reject · SPF ~all (softfail)
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight /agent/stop — active (EU AI Act Art. 14) · 470ms
Terms of Service /terms found (6686 chars) · 472ms
Content-Type API paths return HTML: /v1/ returns HTML
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
63
13 issues to fix
Critical — 1
Agent discovery failed

No agent.json found

Warning — 12
Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

EU AI Act disclosure needs attention

No AI model card or disclosure endpoint

Travel Rule (FATF) needs attention

/travel-rule found (non-JSON, 6686 chars)

A2A Protocol (Google) needs attention

No agent.json for A2A discovery

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records needs attention

No CAA records — any CA can issue certificates

Auth maturity needs attention

No authentication detected — open API or check failed

Content-Type needs attention

API paths return HTML: /v1/ returns HTML

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

🔧 Fix 1 failing checks automatically

Probe Autofix connects to your GitHub repo and creates a PR with all the fixes. DNS fixes are applied directly via Cloudflare API. No manual coding needed.

⚡ Fix my API — $29 or included in Pro plan
Share on X Run new audit
🎖️ Your API qualifies for the Probe trust badge
Probe Trust Seal
Footer seal
Probe Badge
README badge
<a href="https://getprobe.xyz/report/audit-mneq91x2" target="_blank" rel="noopener"><img src="https://getprobe.xyz/api/badge?domain=laso.finance&style=seal" alt="Verified by Probe" width="120" height="140"></a>
[![Probe](https://getprobe.xyz/api/badge?domain=laso.finance)](https://getprobe.xyz/report/audit-mneq91x2)
2026-03-31 14:43:42 UTC · getprobe.xyz