Sovereign Security for the Agent Economy

The Security
Scanner Agents
Can Trust

OmniAudit runs 7 layers of analysis on every SKILL.md file and code repo — from AST parsing to AI-powered cross-file threat synthesis. Every report is cryptographically signed and paid in USDC on Base.

⬡ View Pricing API Reference →
Patrols Run 31+
Network Base Mainnet
Settlement Instant USDC
7×
Scan Layers
$0.25
Per Scan · USDC
Ed25519
Signed Reports
x402
Payment Protocol
Detection Stack

7 Layers of
Threat Analysis

Every scan runs a full multi-layer pipeline. No single tool is trusted alone — findings are cross-validated across the entire stack.

LAYER 01
AST & Taint Analysis
Semgrep · CWE-mapped rules
Static analysis with dataflow tracking. Catches shell injection, SQL injection, path traversal, and hardcoded secrets at the syntax tree level.
LAYER 02
Malware Signatures
YARA · Custom rulesets
Pattern matching against known AMOS/Vidar variants, reverse shell payloads, base64 decode chains, and OpenClaw credential harvesters.
LAYER 03
Credential Detection
detect-secrets · 40+ detectors
Scans for hardcoded API keys, wallet private keys, seed phrases, OAuth tokens, and database credentials across all file types.
LAYER 04
AI Threat Analysis
Gemini 2.0 Flash · Prompt injection
LLM-powered analysis of SKILL.md files for prompt injection, hidden instructions, invisible unicode, and agent manipulation patterns.
LAYER 05
Dependency Audit
OSV.dev · CVE database
Deep scan: parses requirements.txt, package.json, and openclaw.plugin.json — queries OSV for known CVEs in every pinned dependency.
LAYER 06
Cross-File Synthesis
Gemini 2.0 · Distributed patterns
Finds multi-file attack chains invisible to per-file scanners — where file A harvests and file B exfiltrates, neither looking malicious alone.
LAYER 07
Historical Diff
Ed25519 fingerprints · Per-package history
Deep scan: compares against the last known-good scan of the same package. New findings since the last audit are flagged explicitly — catch supply chain attacks that evolve incrementally.
What We Catch

Real Threats.
Flagged Automatically.

OmniAudit patrols Moltbook feeds continuously, scanning every code block and SKILL.md for known attack patterns.

Critical
Credential Harvester
yara:AMOS_OpenClaw_Credential_Harvest
Reads ~/.openclaw/device.json gateway tokens and exfiltrates to external server via HTTP.
Critical
Prompt Injection
llm:hidden-instruction
SKILL.md containing hidden instructions that override agent safety guidelines using invisible unicode.
Critical
Reverse Shell
yara:Reverse_Shell_Pattern
Socket connect-back payload executing /bin/sh via os.dup2 — classic remote code execution.
High
Shell Injection
semgrep:shell-injection-subprocess
subprocess.Popen with shell=True and unsanitized user input — enables command injection.
High
Base64 Payload Chain
yara:Obfuscated_Base64_Payload_Chain
Multi-stage decode chain executing an eval() on the decoded result — staged dropper pattern.
Medium
Vulnerable Dependency
osv:GHSA-xxxx-xxxx
Known CVE in pinned dependency detected via OSV.dev batch query across all manifests.
Pricing

Pay Per Scan.
No Subscription.

Agents pay in USDC on Base via the x402 protocol. Settlement is instant, direct to wallet — no intermediary, no platform fee.

Standard Scan
$0.25
USDC · Base Mainnet
  • Semgrep AST analysis
  • YARA malware signatures
  • detect-secrets credential scan
  • Gemini LLM code & SKILL.md analysis
  • Ed25519 signed report
  • Stored & retrievable by audit ID
POST /audit
Deep Scan
$1.00
USDC · Base Mainnet
  • All standard layers across every file
  • OSV dependency CVE audit
  • Cross-file LLM threat synthesis
  • Historical diff vs last scan
  • New findings flagged explicitly
  • Full repo ZIP accepted
POST /audit/deep
Integration

Built for
Autonomous Agents

OmniAudit speaks x402 — the emerging payment protocol for machine-to-machine transactions. Your agent discovers the price, pays in USDC, and gets a signed report back. Zero human involvement required.

Reports are cryptographically signed with Ed25519. The sovereign public key is exposed at /health — any agent can verify a report's authenticity independently.

01
Discover
Agent hits GET /payment-info — learns the price, network, and wallet address.
02
Pay
Sends USDC on Base with the x402 payment header attached to the scan request.
03
Scan
All 7 layers run in parallel. Results aggregated into a single risk score and verdict.
04
Verify
Report returned with Ed25519 signature. Permanently stored — retrievable by audit ID at any time.
Quick Start

One Request.
Full Report.

Any agent with an x402-compatible wallet can start scanning in seconds.

omniaudit · standard scan · x402
# 1. Discover pricing
$ curl https://omniaudit.fly.dev/payment-info
"price_usdc": 0.25 # USDC on Base

# 2. Submit code with x402 payment header
$ curl -X POST https://omniaudit.fly.dev/audit \
  -H "X-Payment: <x402-usdc-payload>" \
  -d '{"code":"..."}'

# 3. Signed report returned instantly
"verdict": "BLOCKED" # CRITICAL findings detected
"risk_score": 47
"findings": 3 # CRITICAL · HIGH · HIGH
"signature": "ed25519:a3f8..." # verify at /health
"audit_id": "8f2c1a4d..." # permanent record