quicksilver.xyz D · 54/100
13 passed 21 warnings 0 failed audit-mnfx64n9
SSL / TLS Valid HTTPS · 957ms
x402 discovery /.well-known/x402.json (non-JSON) · 957ms
Agent discovery /.well-known/agent.json not valid JSON · 955ms
llms.txt Found (1804 chars) · 999ms
security.txt Found · 954ms
CORS headers No CORS header (OK if server-to-server only) · 1073ms
Security headers 0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 1074ms
Response time 638ms avg · 638ms
MCP server /mcp/info responds · 1076ms
API endpoints 3 endpoints found
Error handling Returns 200 for unknown paths · 1357ms
x402 compliance No x402 payment gates found · 1195ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 1193ms
Documentation /docs found · 1195ms
robots.txt AI crawlers robots.txt exists but no AI crawler rules · 1432ms
AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 1195ms
OpenAPI spec /openapi.json found but invalid JSON · 1312ms
Privacy / GDPR /privacy found (114 chars) · 1318ms
Status / Health /status found · 1315ms
EU AI Act disclosure /.well-known/model-card.json found (114 chars) · 1315ms
Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 114 chars) · 1453ms
A2A Protocol (Google) agent.json found but invalid JSON · 1434ms
DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records No CAA records — any CA can issue certificates
DMARC / SPF SPF -all (strict)
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight /agent/stop — active (EU AI Act Art. 14) · 1557ms
Terms of Service /terms exists but very short · 1559ms
Content-Type API paths return HTML: /v1/ returns HTML
OASF Classification /.well-known/oasf.json exists · 1808ms
MCP Transport Security /mcp active · 1669ms
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
54
21 issues to fix
Warning — 21
Agent discovery needs attention

/.well-known/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy

Response time needs attention

638ms avg

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

robots.txt exists but no AI crawler rules

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 114 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

SPF -all (strict)

Auth maturity needs attention

No authentication detected — open API or check failed

Terms of Service needs attention

/terms exists but very short

Content-Type needs attention

API paths return HTML: /v1/ returns HTML

MCP Transport Security needs attention

/mcp active

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 54/100 → need 60+
Badge preview Shield preview
2026-04-01 10:45:09 UTC · getprobe.xyz