Audit public APIs before agents depend on them.
AgentLint runs bounded, non-destructive checks against a public endpoint and returns a deterministic readiness score, evidence-backed findings, and optional advisory guidance.
Built for public targets. No credentials. Deterministic scoring first.
Report preview
Exampleapi.example.com
Deterministic score · engine audit-engine-v1
- Category breakdown with clear scores
- Findings grouped by severity
- AI advisory labeled non-scoring
82
Grade B
Illustrative layout — live scores come from deterministic checks only.
Public targets only
No credentials
Deterministic scoring
Optional AI guidance
Process
How it works
- 1
Submit a public URL
Provide an HTTP or HTTPS agent, MCP, or API endpoint you are authorized to audit.
- 2
Deterministic checks run
AgentLint performs bounded passive samples: reachability, correctness, hygiene, and readiness signals.
- 3
Review score and findings
Receive a score, grade, findings, limitations, and optional AI advisory guidance.
Coverage
What AgentLint checks
Reliability
Reachability, latency consistency, and stable response behavior under passive sampling.
API correctness
Status codes, content types, and response shape signals that agents and clients depend on.
Security hygiene
Safe error handling patterns and secret-leakage signals from public responses — without destructive probing.
Agent usability
Machine-readable clarity and integration cues for agent and MCP callers.
Marketplace readiness
Listing and integration readiness signals for public agent and API surfaces.
Output
A report you can act on
Report preview
Exampleapi.example.com
Deterministic score · engine audit-engine-v1
- Category breakdown with clear scores
- Findings grouped by severity
- AI advisory labeled non-scoring
82
Grade B
Illustrative layout — live scores come from deterministic checks only.
Trust
Safety by default
- Passive public audit only — no write, mutate, or exploit attempts.
- No credentials required or accepted.
- Private, local, and reserved network targets are rejected.
- Raw response bodies are not persisted in reports.
- Sensitive query strings are stripped from stored display URLs.
Honesty
Clear limitations
- Limited sampling of a public endpoint at a point in time.
- No authenticated or session-based testing.
- Not continuous monitoring or uptime SLAs.
- Not a replacement for a full security assessment or penetration test.
Ready to audit a public endpoint?
Run a passive readiness audit and get a deterministic score, findings, and optional AI guidance you can share with your team.