PALADINFI

Don't let your agent sign into a honeypot.

One call. OFAC SDN + GoPlus + Etherscan source verification + anomaly heuristics, composed into a single allow / warn / block verdict your agent can branch on. $0.001 USDC/call via x402 on Base, a free wallet-OFAC SDN screen, plus a free fixture-only endpoint for CI testing. Drop-in for ElizaOS and Coinbase AgentKit.

Live · Base 8453 OFAC SDN GoPlus Etherscan Anomaly x402-paid

What it does

Single API call returns a recommendation (allow / warn / block) plus a per-factor breakdown. The intended pattern: agent abstains on block, surfaces a warning on warn, proceeds on allow.

Factor	Source	Cadence
OFAC SDN	U.S. Treasury SDN XML feed (cryptocurrency-tagged via Feature 345 / Detail 1432)	Daily refresh target (we run a once-per-24h cron against the Treasury XML feed). Operationally we may miss refreshes during outages — for sub-daily or audit-grade compliance, query Treasury directly.
GoPlus	GoPlus trust-list + token-security API	On-call (recently-deployed contracts may not yet be classified)
Etherscan	Source-code verification via `getSourceCode`	Cached per `(address, chainId)`
Anomaly	Contract age (1h / 24h / 7d windows), address-kind classification (contract vs. EOA), no-outbound transaction history	On-call

Three modes — read this first

There are three endpoints. They look similar but serve different scopes:

Picker: sanctions compliance only → free wallet-OFAC. Full token-contract risk → paid. CI / shape testing → free preview.

Endpoint	What it returns	Cost
`POST /v1/trust-check` Paid (full composition)	Live composed evaluation across all four factor sources (OFAC SDN + GoPlus + Etherscan source + anomaly heuristics). Each factor has `real: true`. Recommendation is one of `allow` / `warn` / `block`. Use this for production agent decisions on token contracts.	$0.001 USDC/call settled via x402 on Base
`POST /v1/trust-check/ofac` Free wallet-OFAC screen NEW — v0.11.77	Live OFAC SDN screen on a single wallet/EOA address. Anonymous, no auth. Real data (`_real: true`) — not a fixture. Returns `allow` / `block` (no `warn` state — OFAC is binary). Response includes `_ofac_list_updated_at` + `_ofac_sdn_count` for freshness audit, plus a `_paid_endpoint_info` upgrade hint pointing at the full composition endpoint. Scope: wallet/EOA addresses from US Treasury OFAC SDN feed only. For token-contract risk evaluation, use the paid endpoint above.	Free, rate-limited at 1 req/sec + burst 3
`POST /v1/trust-check/preview` Free sample fixtures	Sample fixtures only — NOT a real evaluation. Every factor has `real: false`. Recommendation is prefixed `sample-` (`sample-allow`, `sample-warn`, `sample-block`). Response carries `_preview: true`. Intended for CI / shape testing / development. Do NOT use the preview verdict to gate real swaps.	Free, no auth, no payment

Why we built it this way. The free preview lets you wire up your agent and verify the response shape without spending USDC. But because the verdict is a fixture, we mark it explicitly so it cannot be cropped or re-served as a real risk assessment. If you see a recommendation prefixed sample- or a factor with real: false, you're looking at a fixture, not an evaluation. Conversely, on the paid endpoint a sample- recommendation or real: false factor would indicate a server-side defect — treat it as an error, not a verdict.

REST API

Quick start (free preview)

Wire up a preview call with no auth, no API key, no SDK. Use this to verify response shape in CI; switch to the paid endpoint below for real verdicts.

curl -X POST https://swap.paladinfi.com/v1/trust-check/preview \
  -H "content-type: application/json" \
  -d '{"chainId":8453,"address":"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"}'

Returns (sample fixture — not a real evaluation):

{
  "trust": {
    "recommendation": "sample-allow",
    "factors": [
      {"source":"ofac",             "signal":"not_listed", "real": false},
      {"source":"etherscan_source", "signal":"verified",   "real": false},
      {"source":"goplus",           "signal":"ok",         "real": false},
      {"source":"anomaly",          "signal":"ok",         "real": false}
    ],
    "version": "1.1",
    "_preview": true
  }
}

Branch your code on trust.recommendation before composing the swap. For real evaluation (live OFAC SDN, GoPlus, Etherscan source, anomaly heuristics): POST /v1/trust-check — $0.001 USDC/call settled via x402 on Base. See below.

Free wallet-OFAC screen (NEW — v0.11.77)

Anonymous endpoint for wallet-address OFAC SDN screening. No card, no API key, no signup. Rate-limited at 1 request per second + burst 3. Real data, no auth, no gas — for off-chain agents that need an OFAC verdict before composing a paid full evaluation.

curl -X POST https://swap.paladinfi.com/v1/trust-check/ofac \
  -H "content-type: application/json" \
  -d '{"chainId":8453,"address":"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"}'

Returns (real data; clean USDC address):

{
  "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
  "chainId": 8453,
  "trust": {
    "recommendation": "allow",
    "factors": [
      {"source": "ofac", "signal": "not_listed", "weight": 0, "details": "", "real": true}
    ],
    "version": "1.1",
    "_real": true,
    "_scope": "ofac-only (wallet-address screen; use /v1/trust-check for full composition: GoPlus + Etherscan + anomaly heuristics)",
    "_ofac_list_updated_at": "2026-05-23T04:06:35Z",
    "_ofac_sdn_count": 93
  },
  "_paid_endpoint_info": {
    "url": "https://swap.paladinfi.com/v1/trust-check",
    "method": "POST",
    "auth": "x402 (USDC EIP-3009 transferWithAuthorization on Base)",
    "price_usdc": "0.001",
    "plugins": { "elizaos": "@paladinfi/eliza-plugin-trust", "agentkit": "@paladinfi/agentkit-actions" },
    "docs": "https://paladinfi.com/trust-check/"
  }
}

For an SDN-listed address the response is the same shape with recommendation: "block" and the factor's signal: "sdn_listed" + weight: 100. The endpoint screens against the US Treasury OFAC SDN feed only — multi-jurisdictional sanctions (EU, UK, UN) are out of scope for this free tier. The SDN list is wallet-level chain-agnostic in concept, but the endpoint scope is Base (chainId 8453) only today — Ethereum mainnet + other EVMs return HTTP 400; planned for future versions. For in-contract gate logic (Solidity modifier on a settlement contract), on-chain sanctions oracles remain the canonical surface; this endpoint serves the off-chain path — agents, bots, web apps, MCP clients — where an HTTP call beats an RPC round-trip.

Want to start with just OFAC screening? Walk through the drop-in cURL and React hook at /docs/screen-wallets/.

MCP integration

The free preview + free OFAC endpoints are also available as MCP tools at trust.paladinfi.com/mcp (Streamable HTTP transport). The package is listed in the MCP Registry as com.paladinfi/trust-check-mcp. Wire it into Claude Code or any MCP-compatible client with one command:

claude mcp add --transport http --scope user paladin-trust https://trust.paladinfi.com/mcp

Three tools surface: trust_check_ofac_free (live OFAC wallet screen, binary allow/block, real data), trust_check_preview (sample fixture for shape testing, _real: false), trust_check_health (service liveness + OFAC list freshness). No payment surface, no transaction execution, no calldata, no signing — pure information retrieval. For the paid composition endpoint via MCP, use the npm plugins (@paladinfi/eliza-plugin-trust, @paladinfi/agentkit-actions) which handle x402 settlement natively.

Paid: real evaluation

curl -sS https://swap.paladinfi.com/v1/trust-check \
  -H 'content-type: application/json' \
  -d '{
    "chainId": 8453,
    "address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
  }'
# Returns 402 with payment-required headers. Use an x402-aware client
# (e.g. @x402/fetch + wallet) to retry; settles $0.001 USDC on Base.

Sample paid response (Base USDC contract — verified live)

{
  "address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
  "chainId": 8453,
  "trust": {
    "risk_score": 0,
    "recommendation": "allow",
    "factors": [
      {"source": "ofac",            "signal": "not_listed",            "details": ""},
      {"source": "paladin.anomaly", "signal": "address_kind_contract", "details": "eth_getCode = non-empty"},
      {"source": "goplus",          "signal": "trust_list",            "details": "GoPlus trust list (curated)"},
      {"source": "etherscan_source","signal": "verified",              "details": "Verified as FiatTokenProxy"},
      {"source": "etherscan_source","signal": "proxy",                 "details": "Proxy contract"}
    ],
    "version": "1.0"
  }
}
# Note: paid responses omit the per-factor `real` field (implicit true);
# preview responses include real:false explicitly + a `_preview: true` marker.
# Number of factors per response varies (typically 3–5) depending on which
# anomaly + GoPlus + Etherscan signals fire for the queried address.

Plugins

The same trust-check API, packaged as a drop-in tool for two agent frameworks:

ElizaOS — @paladinfi/eliza-plugin-trust adds paladin_trust_check to your character's action graph. Natural-language extraction (composes via the v2-alpha prompt-template flow); preview by default, paid mode opt-in via factory + viem LocalAccount.
Coinbase AgentKit — @paladinfi/agentkit-actions ships a class-based PaladinActionProvider with @CreateAction decorator. supportsNetwork gates to Base mainnet only; paid mode automatic via the AgentKit wallet provider's toSigner().

Pre-sign safety (paid mode)

When using @paladinfi/eliza-plugin-trust ≥ 0.1.0 or @paladinfi/agentkit-actions ≥ 0.1.0, the paid path validates the server's 402 challenge against hard-coded constants before the wallet signs anything. Specifically:

Asset must be Base USDC (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913)
Recipient must be the published treasury (0xeA8C33d018760D034384e92D1B2a7cf0338834b4)
Network must be eip155:8453
Amount capped at $0.01 (10× the unit price)
Validity window capped at 10 minutes
Asset transfer method must be EIP-3009 (no Permit2)
EIP-712 domain integrity enforced (USD Coin, version 2)

If any field deviates, the call aborts client-side and the wallet never signs. A compromised server cannot redirect a signed authorization to a different recipient, asset, or chain.

If you're rolling your own x402 client (not using one of the plugins above), you are responsible for replicating these checks yourself before signing the EIP-3009 authorization. The constants above are the canonical values your client should validate against. They are versioned with the API: any breaking rotation (e.g., a new treasury address) will be announced on /health and in the changelog ahead of cut-over, so unmaintained DIY clients fail closed rather than silently signing under stale assumptions.

Coverage caveats

Chain coverage: Base (chainId 8453) only at this time. Other EVMs return HTTP 400.
Free OFAC tier scope: US Treasury SDN feed only — currently 93 wallet/EOA addresses (matches Treasury's published count as of 2026-05-21; refreshed daily). Multi-jurisdictional sanctions (EU, UK, UN) are out of scope for this tier. Token-contract sanctioned addresses (e.g., Tornado Cash routers) require an extended list not present today; planned for future versions.
Recently-deployed contracts may not yet appear in GoPlus or Etherscan source-verification feeds. The composed verdict may return warn due to insufficient signal rather than known-bad signal.
Out of scope today: LP-lock status, deployer rug history, pump-dump / wash-trade signals.

Pricing

Paid evaluation (/v1/trust-check): $0.001 USDC per call, settled via x402 on Base. No public per-account rate limit; contact us for volume / enterprise. The 10 bps swap fee from Swap is unrelated — different surface, different pricing.
Free wallet-OFAC screen (/v1/trust-check/ofac): no card, no API key, no signup. Anonymous, rate-limited at 1 req/sec + burst 3. Real data, US OFAC SDN scope only.
Free preview (/v1/trust-check/preview): no charge. Returns sample fixtures, not evaluations.

$0.001/call is priced for autonomous agents gating swaps economically — most trust providers price for human-analyst dashboards.