The atomic security questions an agent asks at decision time — is this CVE exploited? is this package vulnerable? what hits my lockfile? — answered in one call, each answer Ed25519-signed and verifiable offline. Unsigned CVE APIs ask you to trust them. We let you verify.
Atomic primitives from $0.001 per signed call in USDC on Base:
is_exploited (CISA-KEV, $0.001),
check_package (OSV, $0.002),
check_cve (CVSS+KEV+EPSS, $0.01),
search_cves (NVD keyword, $0.01),
scan_dependencies (pay-per-vuln, free when clean),
check_affected (curated advisory match, free when clear).
Plus the daily digest get_today ($0.10 flat).
Accountless: your wallet is your identity. No accounts, no keys, no subscriptions.
Every response is Ed25519-signed — verifiable offline against our public key. No other CVE intelligence API offers cryptographic verifiability. Cross-validation by an independent LLM judge provides a transparent quality metric. Why per-call & signed →
All tools served through https://elsas.it/mcp (MCP, Streamable HTTP).
Free previews: sample report ·
MCP security status ·
full docs.
Open-source verification kit: GitHub.