laso.finance D · 58/100
19 passed 14 warnings 1 failed 10 n/a audit-mnk37lxx
— Voice AI✓ x402 / Crypto✓ MCP
SSL / TLS Valid HTTPS · 283ms
x402 discovery /.well-known/x402 found · v1 · 640ms
Agent discovery No agent.json found
llms.txt Found (12141 chars) · 438ms
security.txt Found · 483ms
CORS headers origin: https://laso.finance (restricted) · 288ms
Security headers 5/5 present (all critical headers set) · 291ms
Response time 468ms avg · 468ms
MCP server /mcp/info responds · 384ms
API endpoints 2 endpoints found
Error handling Returns 200 for unknown paths · 405ms
x402 compliance No x402 payment gates found · 387ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 391ms
Documentation /docs found · 462ms
robots.txt AI crawlers 6 AI crawlers configured: GPTBot, Claude-Web, ChatGPT-User, Anthropic, Google-Extended, PerplexityBot · 1170ms
AI plugin manifest /.well-known/ai-plugin.json — "Laso Finance" · 553ms
OpenAPI spec /openapi.json — 3.1.0, 13 paths, servers defined, auth documented · 596ms
Privacy / GDPR /privacy found (6426 chars) · 506ms
Status / Health /status found · 528ms
EU AI Act disclosure No AI model card or disclosure endpoint
Travel Rule (FATF) No Travel Rule endpoint or VASP disclosure
A2A Protocol (Google) No agent.json for A2A discovery
DNSSEC DNSSEC check failed
CAA Records CAA check failed
DMARC / SPF DMARC p=reject
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight /agent/stop — active (EU AI Act Art. 14) · 654ms
Terms of Service /terms found (6426 chars) · 776ms
Content-Type No application/json responses (1 paths tested)
OASF Classification No OASF or agent service classification found
MCP Transport Security /mcp active · HSTS · CORS · 794ms
Voice AI Disclosure n/a
Synthetic Voice Labeling n/a
Synthetic Content Labeling n/a
Emotion Recognition Declaration n/a
Call Recording Consent n/a
FCC/TCPA Compliance n/a
Operator Identity & KYB n/a
Opt-out & Human Escalation n/a
Voice Call Policy n/a
Caller Identity Declaration n/a
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
58
15 issues to fix
Critical — 1
Agent discovery failed

No agent.json found

Warning — 14
Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

EU AI Act disclosure needs attention

No AI model card or disclosure endpoint

Travel Rule (FATF) needs attention

No Travel Rule endpoint or VASP disclosure

A2A Protocol (Google) needs attention

No agent.json for A2A discovery

DNSSEC needs attention

DNSSEC check failed

CAA Records needs attention

CAA check failed

DMARC / SPF needs attention

DMARC p=reject

Auth maturity needs attention

No authentication detected — open API or check failed

Content-Type needs attention

No application/json responses (1 paths tested)

OASF Classification needs attention

No OASF or agent service classification found

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

🔧 Fix 1 failing checks automatically

Probe Autofix connects to your GitHub repo and creates a PR with all the fixes. DNS fixes are applied directly via Cloudflare API. No manual coding needed.

⚡ Autofix — Free GitHub PR + DNS fixes included
Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Autofix — Free Current score: 58/100 → need 60+
Badge preview Shield preview
2026-04-04 08:45:21 UTC · getprobe.xyz