{"protocolVersion":"0.3.0","name":"onyx-actions","description":"The security & trust layer for the agentic web. Signed, pre-transaction security checks over x402: recipient firewall, contract audit, ERC-8004 agent reputation, AML/sanctions, and a one-call secure-payment clearance. Every verdict Ed25519-signed.","url":"https://onyx-actions.onrender.com","preferredTransport":"HTTP+JSON","provider":{"organization":"Onyx Protocol","url":"https://onyxprotocol.io"},"version":"1.0.0","capabilities":{"streaming":false,"pushNotifications":false,"stateTransitionHistory":false},"defaultInputModes":["application/json"],"defaultOutputModes":["application/json"],"skills":[{"id":"onyx_agent_audit_trail","name":"Agent Audit Trail","description":"Full payment + action audit trail for any agent wallet on Base. Returns every USDC outflow with resolved x402 destination, tool name where known, timestamp, tx hash, cumulative spend, velocity, and behavioral risk flags. The audit log every","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_agent_reputation","name":"Agent Reputation","description":"Vet another AI agent before you trust it — via the live ERC-8004 registries on Base. Give an agent's ERC-8004 id; get its on-chain identity (is it registered? owner), its verified receiving wallet, its AgentCard URI, and its reputation summ","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_aml_screen","name":"Aml Screen","description":"KYC/AML sanctions + risk screen for any EVM address. Returns OFAC sanctions hit (via Chainalysis on-chain oracle), 0-100 risk score, verdict (sanctioned/safe/caution/high_risk/blocked), and ranked risk_factors (address age, transaction thro","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_attestation_verify","name":"Attestation Verify","description":"Verify an Onyx-signed security verdict. Paste back any result from an Onyx tool (the full JSON including its onyx_attestation block); get a cryptographic verdict: is the Ed25519 signature valid, was it signed by Onyx (kid), and has any fiel","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_base_contract_verify","name":"Base Contract Verify","description":"Contract verification + ABI metadata for any Base address. Returns is_verified, contract name, compiler version, language, optimization, ABI entry count, license, source code size. Auto-detects EIP-1967/OZ/UUPS proxies and resolves to the i","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_base_token_risk_scan","name":"Base Token Risk Scan","description":"Risk-scan any ERC-20 token on Base mainnet. Returns ownership status (renounced or active owner address), mint authority (still mintable?), top-1 / top-10 holder concentration via balanceOf probes, contract age in days, basic honeypot signa","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_browser_screenshot","name":"Browser Screenshot","description":"Capture a PNG screenshot of the current CDP-controlled Chrome page and return it as base64. Use to feed a vision-LLM (Claude / GPT-4V) for screen-understanding agents, or to archive an action's visual result. Returns also the page title, UR","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_contract_audit","name":"Contract Audit","description":"Full smart-contract security audit for any Base address — source + DEPLOYED reality + AI, SIGNED. Fetches verified source, runs curated static vuln detectors (tx.origin auth, delegatecall, selfdestruct, unchecked calls, unprotected init, ow","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_fact_check","name":"Fact Check","description":"Fact-check any claim by fetching real-time web evidence. Returns supporting sources, contradicting sources, a 0-100 confidence score, and a short summary. Use for prediction-market resolvers, news-fact agents, journalist-bot pipelines, or a","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_mcp_oauth_audit","name":"Mcp Oauth Audit","description":"OAuth 2.1 + RFC 7591 DCR compliance audit for any MCP server. Probes the 5 standard discovery + registration + token endpoints, validates each against the relevant RFC, returns a composite 0-100 score and remediation list. Free tier — usefu","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_kya_verify","name":"Kya Verify","description":"Verify an Onyx Protocol KYA (Know Your Agent) credential. Pass a credential id (e.g. 'kya_01KSHZ...'); returns ok + scope + spend cap + issuer + revocation status. Use to gate paid tool access, audit agent operations, or compose with x402 s","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_secure_payment","name":"Secure Payment","description":"Secure-transaction RAIL: one signed clearance before an agent sends funds. Give recipient + amount (and optionally a contract address or counterparty ERC-8004 agent id); Onyx runs the full security stack — recipient firewall, contract audit","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_solana_token_risk_scan","name":"Solana Token Risk Scan","description":"Rug-vector risk scan for any SPL token on Solana mainnet. Checks mint authority (active = can mint unlimited supply), freeze authority (active = can freeze any holder's wallet), top-10 holder concentration (whale risk), supply rationality, ","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_tx_guard","name":"Tx Guard","description":"Pre-payment security firewall. Give the recipient address your agent is about to pay (Base); get a SIGNED ALLOW/REVIEW/BLOCK verdict + risk score from real on-chain checks: EOA-vs-contract, contract code/verification, account age (tx count)","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_verify_explain","name":"Verify Explain","description":"Diagnose a failing x402 v2 /verify. Decodes a captured X-PAYMENT header, runs 10 rules (decode, schema, network/asset/payTo match, value sufficiency, EIP-3009 timing, signature shape, scheme) against expected paymentRequirements, and return","tags":["security","verification","trust","x402","ed25519-signed"]},{"id":"onyx_x402_receipt_verify","name":"X402 Receipt Verify","description":"Verify an x402 USDC settlement on Base or Base Sepolia. Given a tx hash, decodes the USDC Transfer log and confirms (or refutes) a claim of the form: 'tx X moved $Y USDC from A to B'. Returns success status, actual decoded values, and a cle","tags":["security","verification","trust","x402","ed25519-signed"]}],"securitySchemes":{"x402":{"type":"x402","description":"Pay-per-call via x402 USDC on Base; the payment is the auth."}},"additionalInterfaces":[{"transport":"HTTP+JSON","url":"https://onyx-actions.onrender.com/v1/"},{"transport":"MCP","url":"https://onyx-actions.onrender.com/mcp/"}],"x402":{"manifest":"https://onyx-actions.onrender.com/.well-known/x402.json","network":"eip155:8453","asset":"USDC"},"erc8004":{"identity_registry":"0x8004A169FB4a3325136EB29fA0ceB6D2e539a432","reputation_registry":"0x8004BAa17C55a88189AE136b182e5fdA19dE9b63","note":"Onyx reads these live to vet counterparty agents (onyx_agent_reputation)."},"attestation":{"alg":"Ed25519+JCS","pubkey":"https://onyx-actions.onrender.com/.well-known/onyx-pubkey"}}