Obsmetrics
I cannot provide an accurate description as no technical details about Obsmetrics' micropayment API services are available.
Trust signal
4 of 4 pillars
coverage 100%
Pillars
Signals
Evidence tiers, not an endorsement · trust model v0.1.0 (provisional) · CDP-lane settlement only (D3) · Trust API coming soon
On-chain traction
ERC-8004 agent registry
Not found in the ERC-8004 agent registry. This is the default state — absence is not a negative signal.
Identity & classification
Settlement volume
USDC settled on-chain · monthly
as of Jul 12, 2026
Endpoints(7)
Pre-execution safety oracle for agent actions: submit the tool call you are about to run (shell, http, sql, file, code, env) plus your stated intent, and get a machine-enforceable verdict before you execute it. Decodes what the call does, flags the danger toolkit (rm -rf, reverse shell, curl|sh, SSRF to cloud metadata, credential reads, DROP/DELETE-without-WHERE, path traversal, dynamic eval), and binds it to your intent (allowedHosts/allowedPaths/readOnly/noNetwork) - only a fully pinned, clean, intent-matched call is auto-exec-safe. Hybrid: a deterministic, uninjectable detector engine (authoritative) plus an LLM classifier that can only raise the risk. Fails closed. Detection of known-dangerous patterns, not a proof of safety; it never executes the call.
Untrusted-content guardrail for agents: submit a blob of text you are about to feed to your own LLM (scraped web content, a tool result, another agent's message) and get a machine-enforceable verdict - is this a prompt-injection / jailbreak / data-exfiltration / tool-hijack attempt? Returns a risk level, the detected classes with spans, the unicode obfuscation it found (zero-width, bidi-override, tag-chars, homoglyphs), and a SANITIZED copy safe to feed onward. Hybrid: a deterministic, uninjectable pattern engine (authoritative) plus an LLM classifier that can only raise the risk, never clear a flag. Detection of known injection classes - not a proof of safety.
Turn a git diff into a clear PR description or release notes.
Security review of a code snippet or diff. Returns structured findings (severity, CWE, location, remediation).
Leaked-credential guardrail for agents: submit a blob you are about to commit, log, post, or hand to another tool (a diff, a config, an .env, an LLM output) and get a machine-enforceable verdict - does it contain a live secret? Detects cloud keys (AWS), VCS tokens (GitHub/GitLab), provider API keys (Stripe, OpenAI, Anthropic, Google, Slack), private-key blocks, JWTs, and credentials embedded in URLs, plus high-entropy key=value assignments. Returns a risk level, the detected classes with a MASKED locator (never the secret itself, so the verdict cannot re-leak), and a REDACTED copy safe to emit onward. Deterministic, sub-second, never fetches. Detection of known secret formats - not a proof of cleanliness.
Pre-sign safety oracle for agent wallets: submit the transaction or EIP-712 message you are about to sign and get a machine-enforceable verdict. Decodes the calldata/typed-data, flags the drainer toolkit (unlimited approvals, setApprovalForAll, permit/permit2 + EIP-3009 to an unexpected party, transferFrom draining an unnamed account, ownership transfer, raw ETH to a stranger), and binds the decoded action to your stated intent - only a fully pinned, clean action is auto-sign-safe. Fails closed: an undecodable on-chain call is cautioned and an unrecognized off-chain signature grant is blocked. Deterministic, sub-second, no endpoint fetch. It vouches that the action matches what you said; it does NOT vouch that a counterparty is trustworthy.
Vet an x402 counterparty before settling USDC: scores the advertised payment requirements AND (when supplied) the EIP-3009 authorization you are about to sign. Returns a machine-enforceable trust verdict (per-entry scores, coverage-honest trustScore, spend-constraint + tamper-evident fingerprint) for buyer agents and wallet/spend-policy layers. No endpoint fetch.