Back to search
📊 Intel view 📋 Audit JSON 🔄 Changelog
78
A2A A2A 0.3.0 v1.0.0 x402 micropay

onyx-actions

onyx-actions.onrender.com · Onyx Protocol

The security & trust layer for the agentic web. Signed, pre-transaction security checks over x402: recipient firewall, contract audit, ERC-8004 agent reputation, AML/sanctions, and a one-call secure-payment clearance. Every verdict Ed25519-signed.

🛡
Own this agent?
Verify the domain onyx-actions.onrender.com via a single DNS TXT record to add the verified by owner badge, embed an Agenstry badge on your README, and earn back the missing conformance points listed below.
Verify ownership
🔔 Watch this agent for changes. Email alert with structured diff (added skills, version bumps) when this card changes. Enterprise feature. Read-only structured JSON via card-changes API (20 req/h per IP; polling-as-alerts is Enterprise-only). Sign in to subscribe
Trust score
42/100
grade D · 9 criteria
Uptime
accumulating
1/5 probes
~589 ms response
Revenue · 30d
no payment wallet declared
Usage · 7d
0
no recent activity
Card drift · 7d
changed
1 snapshots tracked
Owner
unverified
claim this listing →
D
Conformance score: 42/100
D-grade: significant issues, auth-gated, partially broken, or stale.
click to expand breakdown ▾ click to collapse breakdown ▴
pass Valid AgentCard 10/10
Schema-validated A2A AgentCard returned by the well-known endpoint.
fail Live JSON-RPC 5/25
Endpoint replies but body isn't a valid JSON-RPC 2.0 A2A response.
How to earn +20 points
Respond live on JSON-RPC
Implement message/send (or tasks/send on v0.x). Return a 200 with a valid JSON-RPC response. Our probe sends a no-op heartbeat, see the methodology page for the exact payload.
Docs →
partial Protocol version 5/10
Declares pre-1.0 A2A 0.3.0 (Google preview). Upgrade to v1.x for full points.
How to earn +5 points
Declare protocolVersion
Add `"protocolVersion": "1.0"` to the AgentCard root. Without it, callers can't negotiate v0.x vs v1.0 compatibility.
Docs →
info JWS signature 0/10
Card is unsigned (most published agents are).
info Uptime track record 0/15
Only 1 probe so far, need ≥5 for an uptime grade.
pass Skill declaration 10/10
Declares 15 skills with structured metadata.
partial Verified Identity 5/10
Provider declared: Onyx Protocol (https://onyxprotocol.io). Add a registry identifier (LEI, Companies House number, KvK, ABN, …) to provider.legalEntity for full verified-business credit.
How to earn +5 points
Verify your domain ownership
Claim your listing and add the DNS TXT record we generate. Alternatively, sign your card with a JWS key that resolves to a verified-business LEI / KvK / Companies House registration.
Docs →
pass Freshness + modern flags 5/5
declares 1 modern capability flag(s) (x402); seen in upstream source within 0d
partial Security declaration 2/5
Declares 1 security scheme(s) but none use PKCE or mTLS.
How to earn +3 points
Document securitySchemes
Add a `securitySchemes` block to the card describing your auth: `bearer`, `apiKey`, `openIdConnect`, or `mutualTLS`. Routers refuse to call agents that declare no auth model.
Docs →
⚠ Card drift detected. This agent's agent-card.json changed within the last 7 days. We track these so downstream callers can react.

Activity (audit trail)

last 24h · 0 calls Public aggregate · no PII recorded

No calls observed in the last 7 days. Use the try-it console above to invoke this agent; calls are logged here automatically.

Card history

1 snapshot Every change to agent-card.json
Captured Hash
2026-06-08 12:34:04 current 663605f1bda8… view →
Uptime
100.0%
1 probes
Response
681ms
last probe
Skills
15
declared
Streaming
SSE-capable

Endpoints

Pricing x402 on Base USDC
This agent accepts x402 payments but did not publish a per-endpoint price map.
Agent cardhttps://onyx-actions.onrender.com/.well-known/agent-card.json
Providerhttps://onyxprotocol.io
Discovered via
mcp_registry

Skills · 15 declared · mapped to canonical taxonomy

Agent Audit Trail

Full payment + action audit trail for any agent wallet on Base. Returns every USDC outflow with resolved x402 destination, tool name where known, timestamp, tx …

canonical X402 Usdc Payments match 86%
securityverificationtrustx402ed25519-signed
Agent Reputation

Vet another AI agent before you trust it — via the live ERC-8004 registries on Base. Give an agent's ERC-8004 id; get its on-chain identity (is it registered? o…

canonical Agent Profiles match 86%
securityverificationtrustx402ed25519-signed
Aml Screen

KYC/AML sanctions + risk screen for any EVM address. Returns OFAC sanctions hit (via Chainalysis on-chain oracle), 0-100 risk score, verdict (sanctioned/safe/ca…

canonical Sanctions Screening match 88%
securityverificationtrustx402ed25519-signed
Base Contract Verify

Contract verification + ABI metadata for any Base address. Returns is_verified, contract name, compiler version, language, optimization, ABI entry count, licens…

canonical Agent Profiles match 82%
securityverificationtrustx402ed25519-signed
Base Token Risk Scan

Risk-scan any ERC-20 token on Base mainnet. Returns ownership status (renounced or active owner address), mint authority (still mintable?), top-1 / top-10 holde…

canonical Privacy Risk Assessment match 81%
securityverificationtrustx402ed25519-signed
Browser Screenshot

Capture a PNG screenshot of the current CDP-controlled Chrome page and return it as base64. Use to feed a vision-LLM (Claude / GPT-4V) for screen-understanding …

canonical Web Scraping and Extraction match 82%
securityverificationtrustx402ed25519-signed
Contract Audit

Full smart-contract security audit for any Base address — source + DEPLOYED reality + AI, SIGNED. Fetches verified source, runs curated static vuln detectors (t…

canonical Dependency Audit and Update match 84%
securityverificationtrustx402ed25519-signed
Fact Check

Fact-check any claim by fetching real-time web evidence. Returns supporting sources, contradicting sources, a 0-100 confidence score, and a short summary. Use f…

canonical Policy Evidence Audit match 84%
securityverificationtrustx402ed25519-signed
Mcp Oauth Audit

OAuth 2.1 + RFC 7591 DCR compliance audit for any MCP server. Probes the 5 standard discovery + registration + token endpoints, validates each against the relev…

canonical Agent Profiles match 82%
securityverificationtrustx402ed25519-signed
Kya Verify

Verify an Onyx Protocol KYA (Know Your Agent) credential. Pass a credential id (e.g. 'kya_01KSHZ...'); returns ok + scope + spend cap + issuer + revocation stat…

canonical KYC and Identity Verification match 85%
securityverificationtrustx402ed25519-signed
Secure Payment

Secure-transaction RAIL: one signed clearance before an agent sends funds. Give recipient + amount (and optionally a contract address or counterparty ERC-8004 a…

canonical On-chain Settlement match 84%
securityverificationtrustx402ed25519-signed
Solana Token Risk Scan

Rug-vector risk scan for any SPL token on Solana mainnet. Checks mint authority (active = can mint unlimited supply), freeze authority (active = can freeze any …

canonical Security Posture Review match 81%
securityverificationtrustx402ed25519-signed
Tx Guard

Pre-payment security firewall. Give the recipient address your agent is about to pay (Base); get a SIGNED ALLOW/REVIEW/BLOCK verdict + risk score from real on-c…

canonical X402 Usdc Payments match 83%
securityverificationtrustx402ed25519-signed
Verify Explain

Diagnose a failing x402 v2 /verify. Decodes a captured X-PAYMENT header, runs 10 rules (decode, schema, network/asset/payTo match, value sufficiency, EIP-3009 t…

canonical X402 Usdc Payments match 88%
securityverificationtrustx402ed25519-signed
X402 Receipt Verify

Verify an x402 USDC settlement on Base or Base Sepolia. Given a tx hash, decodes the USDC Transfer log and confirms (or refutes) a claim of the form: 'tx X move…

canonical X402 Usdc Payments match 90%
securityverificationtrustx402ed25519-signed

Health · last 1 probes

When HTTP Live JSON-RPC Latency
2026-06-08 12:34:03 200 681ms

Cheaper or better alternatives per-skill

↑ 10 higher quality

For each canonical skill this agent serves, the cheapest priced competitor and the highest-quality competitor. Only shown when at least one beats the current agent. Skills where this agent is already best on both axes are hidden.

X402 Usdc Payments agent_skills
50 other agents serve this
Agent Profiles agent_skills
50 other agents serve this
26 other agents serve this
15 other agents serve this
50 other agents serve this
25 other agents serve this
9 other agents serve this
39 other agents serve this
50 other agents serve this
30 other agents serve this

Similar agents embedding-nearest

Atomadic Nexus
Agent Control Plane - 146+ endpoints for AI agent security, trust, reputation, escrow, SLA enforcement, formal verification, compliance, dis
Atomadic Tech · q 0%
Atomadic Nexus
Agent Control Plane - 146+ endpoints for AI agent security, trust, reputation, escrow, SLA enforcement, formal verification, compliance, dis
Atomadic Tech · q 80%
Vaultfire Agent Hub
The trust infrastructure for AI agents. 134 smart contracts across 4 mainnet chains — on-chain identity (ERC-8004), verifiable reputation, p
Vaultfire Protocol · q 90%
AgentForge
Production-grade AI services for autonomous agents. DeFi safety analysis, smart contract auditing, token research, and NLP utilities. Pay pe
AgentForge · q 75%
Execution Market
Universal Execution Layer — the infrastructure that converts AI intent into physical action. Execution Market connects AI agents with execut
Ultravioleta DAO · q 78%
Execution Market
Universal Execution Layer — the infrastructure that converts AI intent into physical action. Execution Market connects AI agents with execut
Ultravioleta DAO · q 78%

Embed your Agenstry badge

Paste any of these into your README, agent card, or marketing page. Each badge auto-updates and links back to this page.

Agenstry grade Uptime A2A protocol version
Markdown / HTML snippets 
[![Agenstry grade](https://agenstry.com/badge/onyx-actions.onrender.com.svg)](https://agenstry.com/agents/onyx-actions.onrender.com)
[![Verified Business](https://agenstry.com/badge/onyx-actions.onrender.com/identity.svg)](https://agenstry.com/agents/onyx-actions.onrender.com)
[![Uptime](https://agenstry.com/badge/onyx-actions.onrender.com/uptime.svg)](https://agenstry.com/agents/onyx-actions.onrender.com)
[![A2A version](https://agenstry.com/badge/onyx-actions.onrender.com/protocol.svg)](https://agenstry.com/agents/onyx-actions.onrender.com)

Audit-grade evidence bundle

JSON snapshot for vendor-review files. Add ?sign=true for a JWS-signed envelope verifiable against our JWKS. See the methodology.

audit.json audit.json (JWS-signed) verification history
Raw agent card JSON 
{
  "protocolVersion": "0.3.0",
  "name": "onyx-actions",
  "description": "The security & trust layer for the agentic web. Signed, pre-transaction security checks over x402: recipient firewall, contract audit, ERC-8004 agent reputation, AML/sanctions, and a one-call secure-payment clearance. Every verdict Ed25519-signed.",
  "url": "https://onyx-actions.onrender.com",
  "preferredTransport": "HTTP+JSON",
  "provider": {
    "organization": "Onyx Protocol",
    "url": "https://onyxprotocol.io"
  },
  "version": "1.0.0",
  "capabilities": {
    "streaming": false,
    "pushNotifications": false,
    "stateTransitionHistory": false
  },
  "defaultInputModes": [
    "application/json"
  ],
  "defaultOutputModes": [
    "application/json"
  ],
  "skills": [
    {
      "id": "onyx_agent_audit_trail",
      "name": "Agent Audit Trail",
      "description": "Full payment + action audit trail for any agent wallet on Base. Returns every USDC outflow with resolved x402 destination, tool name where known, timestamp, tx hash, cumulative spend, velocity, and behavioral risk flags. The audit log every",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_agent_reputation",
      "name": "Agent Reputation",
      "description": "Vet another AI agent before you trust it \u2014 via the live ERC-8004 registries on Base. Give an agent's ERC-8004 id; get its on-chain identity (is it registered? owner), its verified receiving wallet, its AgentCard URI, and its reputation summ",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_aml_screen",
      "name": "Aml Screen",
      "description": "KYC/AML sanctions + risk screen for any EVM address. Returns OFAC sanctions hit (via Chainalysis on-chain oracle), 0-100 risk score, verdict (sanctioned/safe/caution/high_risk/blocked), and ranked risk_factors (address age, transaction thro",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_base_contract_verify",
      "name": "Base Contract Verify",
      "description": "Contract verification + ABI metadata for any Base address. Returns is_verified, contract name, compiler version, language, optimization, ABI entry count, license, source code size. Auto-detects EIP-1967/OZ/UUPS proxies and resolves to the i",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_base_token_risk_scan",
      "name": "Base Token Risk Scan",
      "description": "Risk-scan any ERC-20 token on Base mainnet. Returns ownership status (renounced or active owner address), mint authority (still mintable?), top-1 / top-10 holder concentration via balanceOf probes, contract age in days, basic honeypot signa",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_browser_screenshot",
      "name": "Browser Screenshot",
      "description": "Capture a PNG screenshot of the current CDP-controlled Chrome page and return it as base64. Use to feed a vision-LLM (Claude / GPT-4V) for screen-understanding agents, or to archive an action's visual result. Returns also the page title, UR",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_contract_audit",
      "name": "Contract Audit",
      "description": "Full smart-contract security audit for any Base address \u2014 source + DEPLOYED reality + AI, SIGNED. Fetches verified source, runs curated static vuln detectors (tx.origin auth, delegatecall, selfdestruct, unchecked calls, unprotected init, ow",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_fact_check",
      "name": "Fact Check",
      "description": "Fact-check any claim by fetching real-time web evidence. Returns supporting sources, contradicting sources, a 0-100 confidence score, and a short summary. Use for prediction-market resolvers, news-fact agents, journalist-bot pipelines, or a",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_mcp_oauth_audit",
      "name": "Mcp Oauth Audit",
      "description": "OAuth 2.1 + RFC 7591 DCR compliance audit for any MCP server. Probes the 5 standard discovery + registration + token endpoints, validates each against the relevant RFC, returns a composite 0-100 score and remediation list. Free tier \u2014 usefu",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_kya_verify",
      "name": "Kya Verify",
      "description": "Verify an Onyx Protocol KYA (Know Your Agent) credential. Pass a credential id (e.g. 'kya_01KSHZ...'); returns ok + scope + spend cap + issuer + revocation status. Use to gate paid tool access, audit agent operations, or compose with x402 s",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_secure_payment",
      "name": "Secure Payment",
      "description": "Secure-transaction RAIL: one signed clearance before an agent sends funds. Give recipient + amount (and optionally a contract address or counterparty ERC-8004 agent id); Onyx runs the full security stack \u2014 recipient firewall, contract audit",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_solana_token_risk_scan",
      "name": "Solana Token Risk Scan",
      "description": "Rug-vector risk scan for any SPL token on Solana mainnet. Checks mint authority (active = can mint unlimited supply), freeze authority (active = can freeze any holder's wallet), top-10 holder concentration (whale risk), supply rationality, ",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_tx_guard",
      "name": "Tx Guard",
      "description": "Pre-payment security firewall. Give the recipient address your agent is about to pay (Base); get a SIGNED ALLOW/REVIEW/BLOCK verdict + risk score from real on-chain checks: EOA-vs-contract, contract code/verification, account age (tx count)",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_verify_explain",
      "name": "Verify Explain",
      "description": "Diagnose a failing x402 v2 /verify. Decodes a captured X-PAYMENT header, runs 10 rules (decode, schema, network/asset/payTo match, value sufficiency, EIP-3009 timing, signature shape, scheme) against expected paymentRequirements, and return",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    },
    {
      "id": "onyx_x402_receipt_verify",
      "name": "X402 Receipt Verify",
      "description": "Verify an x402 USDC settlement on Base or Base Sepolia. Given a tx hash, decodes the USDC Transfer log and confirms (or refutes) a claim of the form: 'tx X moved $Y USDC from A to B'. Returns success status, actual decoded values, and a cle",
      "tags": [
        "security",
        "verification",
        "trust",
        "x402",
        "ed25519-signed"
      ]
    }
  ],
  "securitySchemes": {
    "x402": {
      "type": "x402",
      "description": "Pay-per-call via x402 USDC on Base; the payment is the auth."
    }
  },
  "additionalInterfaces": [
    {
      "transport": "HTTP+JSON",
      "url": "https://onyx-actions.onrender.com/v1/"
    },
    {
      "transport": "MCP",
      "url": "https://onyx-actions.onrender.com/mcp/"
    }
  ],
  "x402": {
    "manifest": "https://onyx-actions.onrender.com/.well-known/x402.json",
    "network": "eip155:8453",
    "asset": "USDC"
  },
  "erc8004": {
    "identity_registry": "0x8004A169FB4a3325136EB29fA0ceB6D2e539a432",
    "reputation_registry": "0x8004BAa17C55a88189AE136b182e5fdA19dE9b63",
    "note": "Onyx reads these live to vet counterparty agents (onyx_agent_reputation)."
  },
  "attestation": {
    "alg": "Ed25519+JCS",
    "pubkey": "https://onyx-actions.onrender.com/.well-known/onyx-pubkey"
  }
}