PALADINFI

Don't let your agent sign into a honeypot.

One call. OFAC SDN + GoPlus + Etherscan source verification + anomaly heuristics, composed into a single allow / warn / block verdict your agent can branch on. $0.001 USDC/call via x402 on Base, plus a free fixture-only endpoint for CI testing. Drop-in for ElizaOS and Coinbase AgentKit.

Live · Base 8453 OFAC SDN GoPlus Etherscan Anomaly x402-paid

What it does

Single API call returns a recommendation (allow / warn / block) plus a per-factor breakdown. The intended pattern: agent abstains on block, surfaces a warning on warn, proceeds on allow.

Factor	Source	Cadence
OFAC SDN	U.S. Treasury SDN XML feed (cryptocurrency-tagged via Feature 345 / Detail 1432)	Daily refresh target (we run a once-per-24h cron against the Treasury XML feed). Operationally we may miss refreshes during outages — for sub-daily or audit-grade compliance, query Treasury directly.
GoPlus	GoPlus trust-list + token-security API	On-call (recently-deployed contracts may not yet be classified)
Etherscan	Source-code verification via `getSourceCode`	Cached per `(address, chainId)`
Anomaly	Fresh-deploy / low-holder / proxy patterns	On-call

Two modes — read this first

There are two endpoints. They look similar but mean different things:

Endpoint	What it returns	Cost
`POST /v1/trust-check` Paid (real evaluation)	Live composed evaluation. Each factor has `real: true`. Recommendation is one of `allow` / `warn` / `block`. Use this for production agent decisions.	$0.001 USDC/call settled via x402 on Base
`POST /v1/trust-check/preview` Free sample fixtures	Sample fixtures only — NOT a real evaluation. Every factor has `real: false`. Recommendation is prefixed `sample-` (`sample-allow`, `sample-warn`, `sample-block`). Response carries `_preview: true`. Intended for CI / shape testing / development. Do NOT use the preview verdict to gate real swaps.	Free, no auth, no payment

Why we built it this way. The free preview lets you wire up your agent and verify the response shape without spending USDC. But because the verdict is a fixture, we mark it explicitly so it cannot be cropped or re-served as a real risk assessment. If you see a recommendation prefixed sample- or a factor with real: false, you're looking at a fixture, not an evaluation. Conversely, on the paid endpoint a sample- recommendation or real: false factor would indicate a server-side defect — treat it as an error, not a verdict.

REST API

Paid: real evaluation

curl -sS https://swap.paladinfi.com/v1/trust-check \
  -H 'content-type: application/json' \
  -d '{
    "chainId": 8453,
    "address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
  }'
# Returns 402 with payment-required headers. Use an x402-aware client
# (e.g. @x402/fetch + wallet) to retry; settles $0.001 USDC on Base.

Free: sample fixtures (NOT real)

curl -sS https://swap.paladinfi.com/v1/trust-check/preview \
  -H 'content-type: application/json' \
  -d '{
    "chainId": 8453,
    "address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
  }'
# Returns 200 with a sample fixture. Recommendation is "sample-allow"/
# "sample-warn"/"sample-block"; every factor has real:false; response
# includes _preview:true. Useful for CI; DO NOT use for production verdicts.

Sample paid response (Base USDC contract — verified live)

{
  "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
  "chainId": 8453,
  "trust": {
    "risk_score": 0,
    "recommendation": "allow",
    "factors": [
      {"source": "ofac",            "signal": "not_listed",            "details": ""},
      {"source": "paladin.anomaly", "signal": "address_kind_contract", "details": "eth_getCode = non-empty"},
      {"source": "goplus",          "signal": "trust_list",            "details": "GoPlus trust list (curated)"},
      {"source": "etherscan_source","signal": "verified",              "details": "Verified as FiatTokenProxy"},
      {"source": "etherscan_source","signal": "proxy",                 "details": "Proxy contract"}
    ],
    "version": "1.0"
  }
}
# Note: paid responses omit the per-factor `real` field (implicit true);
# preview responses include real:false explicitly + a `_preview: true` marker.
# Number of factors per response varies (typically 3–5) depending on which
# anomaly + GoPlus + Etherscan signals fire for the queried address.

Plugins

The same trust-check API, packaged as a drop-in tool for two agent frameworks:

ElizaOS — @paladinfi/eliza-plugin-trust adds paladin_trust_check to your character's action graph. Natural-language extraction (composes via the v2-alpha prompt-template flow); preview by default, paid mode opt-in via factory + viem LocalAccount.
Coinbase AgentKit — @paladinfi/agentkit-actions ships a class-based PaladinActionProvider with @CreateAction decorator. supportsNetwork gates to Base mainnet only; paid mode automatic via the AgentKit wallet provider's toSigner().

Pre-sign safety (paid mode)

When using @paladinfi/eliza-plugin-trust ≥ 0.1.0 or @paladinfi/agentkit-actions ≥ 0.1.0, the paid path validates the server's 402 challenge against hard-coded constants before the wallet signs anything. Specifically:

Asset must be Base USDC (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913)
Recipient must be the published treasury (0xeA8C33d018760D034384e92D1B2a7cf0338834b4)
Network must be eip155:8453
Amount capped at $0.01 (10× the unit price)
Validity window capped at 10 minutes
Asset transfer method must be EIP-3009 (no Permit2)
EIP-712 domain integrity enforced (USD Coin, version 2)

If any field deviates, the call aborts client-side and the wallet never signs. A compromised server cannot redirect a signed authorization to a different recipient, asset, or chain.

If you're rolling your own x402 client (not using one of the plugins above), you are responsible for replicating these checks yourself before signing the EIP-3009 authorization. The constants above are the canonical values your client should validate against. They are versioned with the API: any breaking rotation (e.g., a new treasury address) will be announced on /health and in the changelog ahead of cut-over, so unmaintained DIY clients fail closed rather than silently signing under stale assumptions.

Coverage caveats

Chain coverage: Base (chainId 8453) only at this time. Other EVMs return HTTP 400.
Recently-deployed contracts may not yet appear in GoPlus or Etherscan source-verification feeds. The composed verdict may return warn due to insufficient signal rather than known-bad signal.
Out of scope today: LP-lock status, deployer rug history, pump-dump / wash-trade signals.

Pricing

Paid evaluation (/v1/trust-check): $0.001 USDC per call, settled via x402 on Base. The 10 bps swap fee from Swap is unrelated — different surface, different pricing.
Free preview (/v1/trust-check/preview): no charge. Returns sample fixtures, not evaluations.