agnic.ai D · 59/100
16 passed 16 warnings 0 failed audit-mnfa0mku
SSL / TLS Valid HTTPS · 192ms
x402 discovery /.well-known/x402.json (non-JSON) · 85ms
Agent discovery /.well-known/agent.json not valid JSON · 103ms
llms.txt Found (111562 chars) · 185ms
security.txt Found · 186ms
CORS headers origin: * (open — OK for public APIs) · 103ms
Security headers 1/5 — missing critical: x-content-type-options, content-security-policy · 375ms
Response time 120ms avg · 120ms
MCP server /mcp/info responds · 170ms
API endpoints 3 endpoints found
Error handling Returns 200 for unknown paths · 204ms
x402 compliance No x402 payment gates found · 375ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 204ms
Documentation /docs found · 448ms
robots.txt AI crawlers robots.txt exists but no AI crawler rules · 248ms
AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 224ms
OpenAPI spec /openapi.json found but invalid JSON · 222ms
Privacy / GDPR /privacy found (37790 chars) · 239ms
Status / Health /status found · 240ms
EU AI Act disclosure /.well-known/model-card.json found (111562 chars) · 256ms
Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 111562 chars) · 261ms
A2A Protocol (Google) agent.json found but invalid JSON · 266ms
DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records 10 CAA record(s) found on agnic.ai
DMARC / SPF DMARC p=none (weak) · SPF ~all (softfail)
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight /agent/stop — active (EU AI Act Art. 14) · 303ms
Terms of Service /terms found (36215 chars) · 308ms
Content-Type API paths return HTML: /v1/ returns HTML, /api/ returns HTML
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
59
16 issues to fix
Warning — 16
Agent discovery needs attention

/.well-known/agent.json not valid JSON

Security headers needs attention

1/5 — missing critical: x-content-type-options, content-security-policy

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

robots.txt exists but no AI crawler rules

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 111562 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

DMARC / SPF needs attention

DMARC p=none (weak) · SPF ~all (softfail)

Auth maturity needs attention

No authentication detected — open API or check failed

Content-Type needs attention

API paths return HTML: /v1/ returns HTML, /api/ returns HTML

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 59/100 → need 60+
Badge preview Shield preview
2026-03-31 23:57:01 UTC · getprobe.xyz