Abstract
ShieldAPI delivers real-time security intelligence directly to AI agents. Expose malicious prompts, breached data, and toxic infrastructure before execution.
Endpoint Matrix
POST /api/check-mcp-trust $0.020

Multi-signal Trust Oracle for MCP servers. Returns a composite trust score (0–100) and tier rating.

Signals Analyzed

Security 30% Injection 25% Supply Chain 20% Reliability 15% On-Chain 10%

What It Checks

Domain reputation (DNS, SSL cert, SPF/DMARC) · Prompt injection patterns in tool descriptions · Toxic skill categories (filesystem, network, crypto) · Server uptime, latency, MCP protocol compliance · ERC-8004 on-chain reputation via AgentProof

Returns

trust_score (0–100), tier (platinum ≥90 / gold ≥75 / silver ≥60 / bronze ≥45), per-signal breakdown, risk factors, recommendations

Example Response

{ "trust_score": 62, "tier": "silver", "signals": { "security": { "score": 75, "weight": 0.30 }, "injection": { "score": 50, "weight": 0.25 }, "supply_chain": { "score": 60, "weight": 0.20 }, "reliability": { "score": 80, "weight": 0.15 }, "on_chain": { "score": 40, "weight": 0.10 } }, "recommendations": ["Enable DMARC", "Review tool descriptions"] }
POST /api/scan-skill $0.020

Deep security scanner for AI agent skill definitions. Detects dangerous capabilities before your agent uses them.

Signals Analyzed

Toxic Categories Permission Scope Injection Vectors

What It Checks

Skill name & description for dangerous patterns · Categories: filesystem access, network calls, crypto operations, code execution · Tool description injection attempts · Permission escalation risks

Returns

risk_level (critical/high/medium/low), toxic_categories array, findings with severity and description

Example Response

{ "risk_level": "high", "toxic_categories": ["filesystem", "code_execution"], "findings": [ { "severity": "high", "type": "dangerous_capability", "detail": "Skill requests write access to filesystem" } ] }
POST /api/check-prompt $0.005

Prompt injection detection engine. Scans text for 208+ known injection patterns before your agent processes it.

Signals Analyzed

Injection Patterns Jailbreak Attempts Role Hijacking

What It Checks

208+ known prompt injection patterns · System prompt overrides ("ignore previous instructions") · Role/persona hijacking · Encoded/obfuscated payloads (base64, unicode) · Multi-turn injection chains

Returns

is_injection (boolean), confidence (0–1), patterns_matched array, risk_level

Example Response

{ "is_injection": true, "confidence": 0.94, "risk_level": "critical", "patterns_matched": [ "system_prompt_override", "role_hijacking" ] }
GET /api/check-url $0.003

URL safety evaluation. Checks if a link is safe before your agent clicks it.

Signals Analyzed

Phishing Detection Malware Domains Redirect Chains Brand Impersonation

What It Checks

Known phishing URLs · Malware distribution domains · Suspicious redirect chains · Brand impersonation (look-alike domains) · URL shortener abuse · Newly registered domain risk

Returns

safe (boolean), risk_level, threats array, final_url (after redirects), domain_age

Example Response

{ "safe": false, "risk_level": "high", "threats": ["phishing", "brand_impersonation"], "final_url": "https://evil-paypal.example.com/login", "domain_age": "3 days" }
GET /api/check-domain $0.003

Comprehensive domain reputation scoring. Evaluates the security posture of any domain.

Signals Analyzed

DNS Config SSL/TLS SPF DMARC Blacklists

What It Checks

DNS records (A, MX, NS, TXT) · SSL certificate validity & chain · SPF record configuration · DMARC policy enforcement · DNSBL blacklist presence · Domain age & registrar

Returns

reputation_score (0–100), ssl status, spf/dmarc config, blacklisted (boolean), findings

Example Response

{ "reputation_score": 85, "ssl": { "valid": true, "issuer": "Let's Encrypt", "days_remaining": 62 }, "spf": "v=spf1 include:_spf.google.com ~all", "dmarc": { "policy": "reject", "configured": true }, "blacklisted": false }
GET /api/check-email $0.005

Email breach intelligence. Checks if an email address appears in known data breaches.

Data Sources

Breach Databases Paste Sites Dark Web Dumps

What It Checks

Known data breaches (HIBP-style) · Paste site appearances · Exposed credential databases · Breach severity and data types leaked

Returns

breached (boolean), breach_count, breaches array (name, date, data types), first_seen/last_seen

Example Response

{ "breached": true, "breach_count": 3, "breaches": [ { "name": "LinkedIn 2012", "date": "2012-05-05", "data_types": ["email", "password_hash"] } ] }
GET /api/check-ip $0.002

IP reputation mapping. Identifies Tor exit nodes, proxies, and blacklisted addresses.

Signals Analyzed

Tor Exit Nodes Blacklists Proxy/VPN Geolocation

What It Checks

Tor exit node database · Multiple DNSBL blacklists · Known proxy/VPN ranges · Abuse history · Geolocation & ASN ownership

Returns

risk_level, is_tor, is_proxy, blacklists array, geo (country, city, ASN)

Example Response

{ "risk_level": "high", "is_tor": true, "is_proxy": false, "blacklists": ["spamhaus", "barracuda"], "geo": { "country": "DE", "asn": "AS24940 Hetzner" } }
GET /api/check-password $0.001

Password breach check against 900M+ indexed password hashes. Never sends the actual password.

How It Works

900M+ Hashes SHA-1 Lookup Zero-Knowledge

What It Checks

Password SHA-1 hash against 900M+ known breached passwords · HIBP database · Zero-knowledge protocol — only the hash prefix is transmitted, never the full password

Returns

breached (boolean), count (times seen in breaches), strength assessment

Example Response

{ "breached": true, "count": 37842, "message": "This password has appeared in 37,842 data breaches" }
GET /api/check-password-range $0.001

k-Anonymity password range validation. Returns all hash suffixes for a given prefix — your app checks locally.

How It Works

k-Anonymity Prefix Lookup Client-Side Match

What It Checks

Send first 5 chars of SHA-1 hash · Receive all matching suffixes + breach counts · Your app checks locally if the full hash matches · Maximum privacy — server never sees the full hash

Returns

Array of suffix:count pairs for client-side matching

Example Response

{ "prefix": "5BAA6", "results": [ "1E4C9B93F3F0682250B6CF8331B7EE68FD8:3861493", "A0372F8B0C64F4D4A9D7B39D44F91C52381:2" ] }
GET /api/full-scan $0.010

Comprehensive security scan. Runs domain, IP, URL, and email checks in a single call.

Included Scans

Domain IP URL Email SSL

What It Checks

Everything from check-domain, check-ip, check-url combined · Single API call, one price · Aggregated risk score across all vectors · Ideal for "tell me everything about this target"

Returns

overall_risk, individual scan results (domain, ip, url, email), summary

Example Response

{ "overall_risk": "medium", "domain": { "reputation_score": 85, "ssl": { "valid": true } }, "ip": { "risk_level": "low", "blacklists": [] }, "url": { "safe": true, "threats": [] }, "summary": "Domain is well-configured. No active threats." }
Integration Vectors
[01] MCP SERVER (Claude, Cursor) 
npm install shieldapi-mcp
[02] CLI INTERFACE 
npm install -g @vainplex/shieldapi-cli
[03] OPENCLAW GOVERNANCE PLUGIN

ShieldAPI is used as the security backend in @vainplex/openclaw-governance — an Agent Firewall for the OpenClaw runtime.

Live API Terminal
$ curl "https://shield.vainplex.dev/api/check-url?url=https://example.com"
← Hit RUN to query the live API (free tier, no account needed)