Skip to content
Passive public readiness audits

Audit public APIs before agents depend on them.

AgentLint runs bounded, non-destructive checks against a public endpoint and returns a deterministic readiness score, evidence-backed findings, and optional advisory guidance.

Built for public targets. No credentials. Deterministic scoring first.

Report preview

Example

api.example.com

Deterministic score · engine audit-engine-v1

  • Category breakdown with clear scores
  • Findings grouped by severity
  • AI advisory labeled non-scoring
Reliability88
API correctness84
Security hygiene79
Agent usability80
Marketplace readiness76

Illustrative layout — live scores come from deterministic checks only.

  • Public targets only

  • No credentials

  • Deterministic scoring

  • Optional AI guidance

How it works

Three clear steps from public URL to shareable readiness report.
  1. 1

    Submit a public URL

    Provide an HTTP or HTTPS agent, MCP, or API endpoint you are authorized to audit.

  2. 2

    Deterministic checks run

    AgentLint performs bounded passive samples: reachability, correctness, hygiene, and readiness signals.

  3. 3

    Review score and findings

    Receive a score, grade, findings, limitations, and optional AI advisory guidance.

What AgentLint checks

Five readiness dimensions designed for agents, MCP services, and public APIs.
  • Reliability

    Reachability, latency consistency, and stable response behavior under passive sampling.

  • API correctness

    Status codes, content types, and response shape signals that agents and clients depend on.

  • Security hygiene

    Safe error handling patterns and secret-leakage signals from public responses — without destructive probing.

  • Agent usability

    Machine-readable clarity and integration cues for agent and MCP callers.

  • Marketplace readiness

    Listing and integration readiness signals for public agent and API surfaces.

A report you can act on

Score and grade first. Then category breakdown, severity-grouped findings, honest limitations, and optional AI advisory — clearly separated so it never looks like the score.

Report preview

Example

api.example.com

Deterministic score · engine audit-engine-v1

  • Category breakdown with clear scores
  • Findings grouped by severity
  • AI advisory labeled non-scoring
Reliability88
API correctness84
Security hygiene79
Agent usability80
Marketplace readiness76

Illustrative layout — live scores come from deterministic checks only.

Safety by default

Built for public targets with conservative, non-destructive sampling.
  • Passive public audit only — no write, mutate, or exploit attempts.
  • No credentials required or accepted.
  • Private, local, and reserved network targets are rejected.
  • Raw response bodies are not persisted in reports.
  • Sensitive query strings are stripped from stored display URLs.

Clear limitations

AgentLint is a readiness scanner — not a full security engagement.
  • Limited sampling of a public endpoint at a point in time.
  • No authenticated or session-based testing.
  • Not continuous monitoring or uptime SLAs.
  • Not a replacement for a full security assessment or penetration test.
Ready when you are

Ready to audit a public endpoint?

Run a passive readiness audit and get a deterministic score, findings, and optional AI guidance you can share with your team.

AgentLint

Passive public readiness audits for agents, MCP services, and APIs.

AgentLint is a readiness scanner — not a penetration test or continuous monitoring service. Only public targets you are authorized to test should be submitted.

© 2026 AgentLint.