WalletGuard

$0.10/call

Wallet AML & compliance risk screening.

POST /api/agent-services/walletguard/score

walletamlriskx402deficrypto

What it does

Deterministic wallet AML & compliance risk scorer for finance and crypto agents. From caller-provided context — sanctions hits, exposure tags, counterparty labels, fund sources — it returns a 0-100 risk score, a risk level, an evidence-backed finding per signal, and a fund-source breakdown. Pure scoring: no chain data is fetched and nothing is fabricated.

Sanctions, exposure & fund-source signals
0–100 risk score with severity level
Evidence-backed findings, never fabricated

Example request

POST /api/agent-services/walletguard/score

{
  "wallet": "0x9999999999999999999999999999999999999999",
  "sanctionsHits": [
    "OFAC-SDN-9999"
  ],
  "exposures": [
    "sanctions:ofac",
    "other"
  ],
  "labels": [
    "high-risk:ofac-listed"
  ]
}

Example response (HTTP 200)

Deterministic — the same inputs always return the same audited output.

{
  "status": "scored",
  "service": "walletguard",
  "requestId": "wg-5a6c8099",
  "wallet": "0x9999999999999999999999999999999999999999",
  "riskScore": 50,
  "riskLevel": "critical",
  "findings": [
    {
      "id": "sanctions.hit:0",
      "rule": "sanctions.hit",
      "severity": "critical",
      "why": "Wallet appears on sanctions / OFAC / blacklist",
      "evidence": "sanctionsHits[0]=OFAC-SDN-9999; exposures[0]=sanctions:ofac; labels[0]=high-risk:ofac-listed",
      "fix": "Do not send or receive funds; freeze and escalate to compliance."
    }
  ],
  "findingsCount": 1,
  "fundSourceBreakdown": [],
  "recommendedAction": "block_and_escalate"
}

Input schema

Top-level request fields. Nested shapes are shown in the example above and the OpenAPI spec.

Field	Type	Required	Description
wallet	string	Yes	Wallet address (0x + 32-48 hex chars)
labels	array	—	Labels like exchange:binance, contract:..., sanctions:...
transfers	array	—
exposures	array	—	Signals e.g. mixer:tornado, sanctions:ofac
sanctionsHits	array	—
fundingSources	array	—

How to call it over x402

1. Send the request. The first unpaid call returns HTTP 402 with an x402 payment challenge — $0.10, USDC on Base, and the recipient.
2. Pay per call. Your x402 client signs the USDC payment and retries automatically — no API key, no account, no subscription. New to x402?
3. Read the result. HTTP 200 returns the computed values plus evidence-backed findings.

With the x402 fetch client (Node / TypeScript)

import { wrapFetchWithPayment } from "@x402/fetch";
import { privateKeyToAccount } from "viem/accounts";

const account = privateKeyToAccount(process.env.AGENT_WALLET_KEY);
const pay = wrapFetchWithPayment(fetch, account); // USDC on Base

const res = await pay("https://hermesplant.com/api/agent-services/walletguard/score", {
  method: "POST",
  headers: { "content-type": "application/json" },
  body: JSON.stringify({
  "wallet": "0x9999999999999999999999999999999999999999",
  "sanctionsHits": [
    "OFAC-SDN-9999"
  ],
  "exposures": [
    "sanctions:ofac",
    "other"
  ],
  "labels": [
    "high-risk:ofac-listed"
  ]
}),
});

const result = await res.json();

Inspect the 402 with curl

curl -i -X POST https://hermesplant.com/api/agent-services/walletguard/score \
  -H "content-type: application/json" \
  -d '{"wallet":"0x9999999999999999999999999999999999999999","sanctionsHits":["OFAC-SDN-9999"],"exposures":["sanctions:ofac","other"],"labels":["high-risk:ofac-listed"]}'
# → HTTP/1.1 402 Payment Required  (x402 challenge: price, USDC asset, Base network, recipient)
# → sign the USDC-on-Base payment and retry to receive HTTP 200

Prefer zero code? This endpoint is also exposed as a tool on the Hermes Plant MCP server, so an MCP-capable agent can call it with its own x402 wallet.