$ man pypi-trust-pack
/pypi-trust-pack
PRICE / CALL
$0.04
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
composeCATEGORY
uncategorized
STATUS
● live
NAME
pypi-trust-pack — vets a python package before pip install in one call: supply-chain risk score plus package stats
SYNOPSIS
POST https://x402.agentutility.ai/pypi-trust-pack
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call →
402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.DESCRIPTION
Vets a Python package before pip install in one call: supply-chain risk score plus package stats. Composite: one call runs pypi-package-risk + pypi-package-stats in parallel for any Python package. Returns the 0-10 risk score with risk_level bucket, contributing factors, typosquat candidates, and plain-English summary, plus the raw PyPI metrics: latest version, version count, age, days since last release, author/maintainer, classifiers, and pypistats day/week/month downloads. Includes composed_of + per-component telemetry; partial failure degrades instead of failing. Use it as a pip install pre-flight, typosquat check + downloads + release history bundle, or requirements.txt + pyproject.toml vetting bundle.
INPUT — request schema
| property | type | description | req? |
|---|---|---|---|
| package | string | PyPI package name (case-insensitive, PEP 503 normalized). Max 214 chars. | required |
OUTPUT — response shape
| field | type | description |
|---|---|---|
| package | string | — |
| risk | string | — |
| stats | string | — |
| composed_of | string | — |
| components | string | — |
| degraded | string | — |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/pypi-trust-pack \
-H 'Content-Type: application/json' \
-d '{ }'first response =
402 Payment Required with payment requirements; sign + retry with X-PAYMENT.EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster npx -y @agentutility/mcp-<cluster> # Required: EVM private key with USDC on Base export X402_PRIVATE_KEY=0x... # Then call the pypi-trust-pack tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- composepypitrustpackpypi-trust-pack
- methods
- POST
- cluster
- compose
- price
- $0.04 USDC per call
ADJACENT — other endpoints in compose
| endpoint | description | price |
|---|---|---|
| article-brief | Analyzes a news article from its URL into a summary, named entities, and sentiment in one call. | $0.04 |
| company-verify-pack | Checks that a company exists and its public signals are consistent, in one call: profile, registrar, domain age, and TLS. | $0.04 |
| content-quality-pack | Runs the standard pre-publish content checks on text in one call: AI-detection, PII scan, moderation, and sentiment. | $0.04 |
| contract-trust-pack | Gathers smart-contract due-diligence data in one call: source verification, honeypot simulation, and LP lock check. | $0.04 |
| defi-protocol-dossier | Profiles a DeFi protocol's TVL and yield pools in one call using DeFiLlama data. | $0.04 |
| domain-dossier | Builds a full domain report in one call: WHOIS, DNS, TLS, age, risk, and DMARC. | $0.04 |
| image-caption-localize | Captions an image and translates the caption into any of 100+ languages in one call. | $0.04 |
| image-intel-pack | Analyzes an image in one call: description, brand logo detection, and content moderation. | $0.04 |
SEE ALSO