Back to search
📊 Intel view 📋 Audit JSON 🔄 Changelog
80
A2A A2A 0.3.0 v1.35.0

ContrastAPI

contrastcyber.com · ContrastCyber

Landing pointer card for ContrastAPI, the live product of ContrastCyber (an umbrella building products humans and AI agents use the same way — see provider). ContrastAPI is a Security + OSINT API with 54 MCP tools, 7 MCP Resources (ATLAS+D3FEND+CWE catalog browsing), and 3 MCP Prompts (incl. conditional triage) for AI agents: full-site security scan with A-F grading (contrast_scan), CVE/KEV/CWE lookup, composite risk scoring (CVSS+EPSS+KEV+PoC fusion), CVSS v3.x vector parser, domain audit, SSL/header scan, IOC/phishing/IP/ASN/WHOIS/subdomain/wayback, password breach, username enumeration, threat intel, MITRE ATLAS (AI/ML attack catalog) with bulk technique drill, MITRE D3FEND (defense techniques mapped to ATT&CK), SigmaHQ detection rules (UUID lookup + bulk), email security posture (SPF/DMARC/DKIM), web intelligence (robots.txt parser, redirect-chain walker, email validation, brand-asset scraper, SEO audit). All execution interfaces are served by api.contrastcyber.com; the full 54-skill agent card is at https://api.contrastcyber.com/.well-known/agent-card.json

🛡
Own this agent?
Verify the domain contrastcyber.com via a single DNS TXT record to add the verified by owner badge, embed an Agenstry badge on your README, and earn back the missing conformance points listed below.
Verify ownership
🔔 Watch this agent for changes. Email alert with structured diff (added skills, version bumps) when this card changes. Enterprise feature. Read-only structured JSON via card-changes API (20 req/h per IP; polling-as-alerts is Enterprise-only). Sign in to subscribe
Trust score
41/100
grade D · 9 criteria
Uptime
accumulating
1/5 probes
~76 ms response
Revenue · 30d
no payment wallet declared
Usage · 7d
0
no recent activity
Card drift · 7d
changed
1 snapshots tracked
Owner
unverified
claim this listing →
D
Conformance score: 41/100
D-grade: significant issues, auth-gated, partially broken, or stale.
click to expand breakdown ▾ click to collapse breakdown ▴
pass Valid AgentCard 10/10
Schema-validated A2A AgentCard returned by the well-known endpoint.
fail Live JSON-RPC 5/25
Endpoint replies but body isn't a valid JSON-RPC 2.0 A2A response.
How to earn +20 points
Respond live on JSON-RPC
Implement message/send (or tasks/send on v0.x). Return a 200 with a valid JSON-RPC response. Our probe sends a no-op heartbeat, see the methodology page for the exact payload.
Docs →
partial Protocol version 5/10
Declares pre-1.0 A2A 0.3.0 (Google preview). Upgrade to v1.x for full points.
How to earn +5 points
Declare protocolVersion
Add `"protocolVersion": "1.0"` to the AgentCard root. Without it, callers can't negotiate v0.x vs v1.0 compatibility.
Docs →
info JWS signature 0/10
Card is unsigned (most published agents are).
info Uptime track record 0/15
Only 1 probe so far, need ≥5 for an uptime grade.
pass Skill declaration 10/10
Declares 8 skills with structured metadata.
partial Verified Identity 5/10
Provider declared: ContrastCyber (https://contrastcyber.com). Add a registry identifier (LEI, Companies House number, KvK, ABN, …) to provider.legalEntity for full verified-business credit.
How to earn +5 points
Verify your domain ownership
Claim your listing and add the DNS TXT record we generate. Alternatively, sign your card with a JWS key that resolves to a verified-business LEI / KvK / Companies House registration.
Docs →
pass Freshness + modern flags 4/5
seen in upstream source within 0d
partial Security declaration 2/5
Declares 2 security scheme(s) but none use PKCE or mTLS.
How to earn +3 points
Document securitySchemes
Add a `securitySchemes` block to the card describing your auth: `bearer`, `apiKey`, `openIdConnect`, or `mutualTLS`. Routers refuse to call agents that declare no auth model.
Docs →
⚠ Card drift detected. This agent's agent-card.json changed within the last 7 days. We track these so downstream callers can react.

Activity (audit trail)

last 24h · 0 calls Public aggregate · no PII recorded

No calls observed in the last 7 days. Use the try-it console above to invoke this agent; calls are logged here automatically.

Card history

1 snapshot Every change to agent-card.json
Captured Hash
2026-06-14 00:26:35 current 40e283ddf5cf… view →
Uptime
100.0%
1 probes
Response
76ms
last probe
Skills
8
declared
Streaming
SSE-capable

Endpoints

Agent cardhttps://contrastcyber.com/.well-known/agent-card.json
Providerhttps://contrastcyber.com
Docshttps://api.contrastcyber.com/quickstart
Discovered via
manifests

Skills · 8 declared · mapped to canonical taxonomy

Contrast Scan

Full-site security scan — 11 checks (SSL, headers, DNS, DNSSEC, cookies, redirects, info disclosure, HTTP methods, CORS, HTML analysis, CSP) scored out of 100 p…

canonical Sanctions Screening match 84%
securityscangradeaudit
CVE Lookup

Look up CVE details with CVSS, EPSS, KEV, patch info

canonical Parts and Components Lookup match 85%
securitycvevulnerability
Domain Audit

Full-stack domain security audit

canonical SEO Analysis and Optimisation match 86%
osintdomain
SSL/TLS Check

Certificate validation + grading (A-F)

canonical Resume Screening match 88%
securityssl
Threat Intel

Multi-source threat lookup

canonical Threat Detection match 86%
threat-intel
IP Lookup

IP geolocation, ASN, reputation

canonical Maps and Routing match 89%
osintip
ATLAS Technique Lookup

MITRE ATLAS (AI/ML attack catalog) technique lookup by id (AML.T####). Returns tactics, maturity, ATT&CK bridge, pivot hints

securityai-mlatlasmitre
D3FEND Reverse Lookup

Given an ATT&CK T-code, return all D3FEND defenses that mitigate it. Bridges offensive intel (CVE/ATLAS/ATT&CK) to defensive playbook

canonical Security Posture Review match 81%
securityd3fenddefensemitreattack

Health · last 1 probes

When HTTP Live JSON-RPC Latency
2026-06-14 00:26:35 200 76ms

Cheaper or better alternatives per-skill

↑ 8 higher quality

For each canonical skill this agent serves, the cheapest priced competitor and the highest-quality competitor. Only shown when at least one beats the current agent. Skills where this agent is already best on both axes are hidden.

29 other agents serve this
25 other agents serve this
50 other agents serve this
50 other agents serve this
12 other agents serve this
48 other agents serve this
50 other agents serve this
32 other agents serve this

Similar agents embedding-nearest

ContrastAPI
Security + OSINT API with 54 MCP tools, 7 MCP Resources (ATLAS+D3FEND+CWE catalog browsing), and 3 MCP Prompts for AI agents: CVE/KEV/CWE lo
ContrastCyber · q 80%
AgentForge
Production-grade AI services for autonomous agents. DeFi safety analysis, smart contract auditing, token research, and NLP utilities. Pay pe
AgentForge · q 75%
onyx-actions
The security & trust layer for the agentic web. Signed, pre-transaction security checks over x402: recipient firewall, contract audit, ERC-8
Onyx Protocol · q 0%
Strale live
Commercial capability marketplace for AI agents. 292+ capabilities with transparent per-call pricing. Available via API key (EUR wallet) or
Strale · q 100%
Dynamic Feed
The live-data layer for AI agents: fresh, current data that models lack — 51 tools across finance, weather, space, natural hazards, risk & c
Dynamic Feed · q 80%
Agenda Intelligence MD live
Live A2A wrapper for Agenda Intelligence MD, an evidence-discipline MCP layer for strategic-risk agents. The hosted wrapper returns lightwei
Vassiliy Lakhonin · q 100%

Embed your Agenstry badge

Paste any of these into your README, agent card, or marketing page. Each badge auto-updates and links back to this page.

Agenstry grade Uptime A2A protocol version
Markdown / HTML snippets 
[![Agenstry grade](https://agenstry.com/badge/contrastcyber.com.svg)](https://agenstry.com/agents/contrastcyber.com)
[![Verified Business](https://agenstry.com/badge/contrastcyber.com/identity.svg)](https://agenstry.com/agents/contrastcyber.com)
[![Uptime](https://agenstry.com/badge/contrastcyber.com/uptime.svg)](https://agenstry.com/agents/contrastcyber.com)
[![A2A version](https://agenstry.com/badge/contrastcyber.com/protocol.svg)](https://agenstry.com/agents/contrastcyber.com)

Audit-grade evidence bundle

JSON snapshot for vendor-review files. Add ?sign=true for a JWS-signed envelope verifiable against our JWKS. See the methodology.

audit.json audit.json (JWS-signed) verification history
Raw agent card JSON 
{
  "name": "ContrastAPI",
  "description": "Landing pointer card for ContrastAPI, the live product of ContrastCyber (an umbrella building products humans and AI agents use the same way \u2014 see provider). ContrastAPI is a Security + OSINT API with 54 MCP tools, 7 MCP Resources (ATLAS+D3FEND+CWE catalog browsing), and 3 MCP Prompts (incl. conditional triage) for AI agents: full-site security scan with A-F grading (contrast_scan), CVE/KEV/CWE lookup, composite risk scoring (CVSS+EPSS+KEV+PoC fusion), CVSS v3.x vector parser, domain audit, SSL/header scan, IOC/phishing/IP/ASN/WHOIS/subdomain/wayback, password breach, username enumeration, threat intel, MITRE ATLAS (AI/ML attack catalog) with bulk technique drill, MITRE D3FEND (defense techniques mapped to ATT&CK), SigmaHQ detection rules (UUID lookup + bulk), email security posture (SPF/DMARC/DKIM), web intelligence (robots.txt parser, redirect-chain walker, email validation, brand-asset scraper, SEO audit). All execution interfaces are served by api.contrastcyber.com; the full 54-skill agent card is at https://api.contrastcyber.com/.well-known/agent-card.json",
  "url": "https://contrastcyber.com",
  "version": "1.35.0",
  "protocolVersion": "0.3.0",
  "protocolVersions": [
    "0.3.0"
  ],
  "iconUrl": "https://contrastcyber.com/static/branding/logo_256.png",
  "supportedInterfaces": [
    {
      "protocolBinding": "MCP-HTTP",
      "url": "https://api.contrastcyber.com/mcp/"
    },
    {
      "protocolBinding": "OpenAPI",
      "url": "https://api.contrastcyber.com/openapi.json"
    },
    {
      "protocolBinding": "HTTP-REST",
      "url": "https://api.contrastcyber.com/v1"
    }
  ],
  "provider": {
    "organization": "ContrastCyber",
    "url": "https://contrastcyber.com"
  },
  "documentationUrl": "https://api.contrastcyber.com/quickstart",
  "capabilities": {
    "streaming": true,
    "pushNotifications": false,
    "stateTransitionHistory": false
  },
  "defaultInputModes": [
    "text",
    "application/json"
  ],
  "defaultOutputModes": [
    "application/json"
  ],
  "interfaces": [
    {
      "type": "mcp",
      "url": "https://api.contrastcyber.com/mcp/",
      "transport": "streamable-http"
    },
    {
      "type": "openapi",
      "url": "https://api.contrastcyber.com/openapi.json"
    }
  ],
  "skills": [
    {
      "id": "contrast_scan",
      "name": "Contrast Scan",
      "description": "Full-site security scan \u2014 11 checks (SSL, headers, DNS, DNSSEC, cookies, redirects, info disclosure, HTTP methods, CORS, HTML analysis, CSP) scored out of 100 points with a single A-F grade",
      "tags": [
        "security",
        "scan",
        "grade",
        "audit"
      ],
      "examples": [
        "Scan example.com and grade its security",
        "Run contrast_scan on mydomain.io"
      ]
    },
    {
      "id": "cve_lookup",
      "name": "CVE Lookup",
      "description": "Look up CVE details with CVSS, EPSS, KEV, patch info",
      "tags": [
        "security",
        "cve",
        "vulnerability"
      ],
      "examples": [
        "Look up CVE-2021-44228",
        "Get details for Log4Shell"
      ]
    },
    {
      "id": "audit_domain",
      "name": "Domain Audit",
      "description": "Full-stack domain security audit",
      "tags": [
        "osint",
        "domain"
      ],
      "examples": [
        "Audit example.com for security issues"
      ]
    },
    {
      "id": "ssl_check",
      "name": "SSL/TLS Check",
      "description": "Certificate validation + grading (A-F)",
      "tags": [
        "security",
        "ssl"
      ],
      "examples": [
        "Check SSL cert for api.example.com",
        "Grade TLS config for mydomain.com"
      ]
    },
    {
      "id": "threat_intel",
      "name": "Threat Intel",
      "description": "Multi-source threat lookup",
      "tags": [
        "threat-intel"
      ],
      "examples": [
        "Is evil.com malicious?"
      ]
    },
    {
      "id": "ip_lookup",
      "name": "IP Lookup",
      "description": "IP geolocation, ASN, reputation",
      "tags": [
        "osint",
        "ip"
      ],
      "examples": [
        "Who owns 8.8.8.8?",
        "Geolocate 1.1.1.1"
      ]
    },
    {
      "id": "atlas_technique_lookup",
      "name": "ATLAS Technique Lookup",
      "description": "MITRE ATLAS (AI/ML attack catalog) technique lookup by id (AML.T####). Returns tactics, maturity, ATT&CK bridge, pivot hints",
      "tags": [
        "security",
        "ai-ml",
        "atlas",
        "mitre"
      ],
      "examples": [
        "Look up AML.T0051 (LLM Prompt Injection)",
        "Details for ATLAS AML.T0000"
      ]
    },
    {
      "id": "d3fend_defense_for_attack",
      "name": "D3FEND Reverse Lookup",
      "description": "Given an ATT&CK T-code, return all D3FEND defenses that mitigate it. Bridges offensive intel (CVE/ATLAS/ATT&CK) to defensive playbook",
      "tags": [
        "security",
        "d3fend",
        "defense",
        "mitre",
        "attack"
      ],
      "examples": [
        "What D3FEND defenses mitigate T1059?",
        "Defenses for T1550.001"
      ]
    }
  ],
  "securitySchemes": {
    "apiKey": {
      "type": "apiKey",
      "name": "X-API-Key",
      "in": "header"
    },
    "bearer": {
      "type": "http",
      "scheme": "bearer"
    }
  },
  "supportsAuthenticatedExtendedCard": false
}