Security quick-scan for smart contracts, as an MCP tool and a pay-per-call x402 endpoint. Given an address+chain (or Solidity source) it fetches the Sourcify-verified source, reads live on-chain state (upgradeable proxy? owner an EOA or renounced?) and sc
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Security quick-scan for smart contracts, as an MCP tool and a pay-per-call x402 endpoint. Given an address+chain (or Solidity source) it fetches the Sourcify-verified source, reads live on-chain state (upgradeable proxy? owner an EOA or renounced?) and sc