About
The open discovery layer for the agent economy — x402 paid services, MCP servers, and A2A agents in one searchable, safety-scanned index.
Directory
A public, agent-readable index of three kinds of callable resources — x402 paid APIs, MCP servers, and A2A agents. Crawled from Smithery, the official MCP registry, PulseMCP, Glama, awesome-x402, x402scan and manual submissions; exposed through search, service cards and MCP tools. No signup, no API key, open data.
Ask + service cards
/api/v1/ask retrieves real directory candidates first, then uses an LLM to rank only those candidates. /api/v1/services/{slug} returns payment, call and quality metadata before an agent calls an external service.
Three kinds of resources
Agents need to find different things: A2A agents tell an agent who can do a job, x402 lets it pay per call, and MCP servers give it the tools to do the work. We index all three behind one search and one set of MCP tools, browsable at /services, /mcp and /a2a.
What is x402?
x402 is Coinbase's HTTP 402 micropayment protocol. AI agents can discover a service, inspect its payment requirements, and then call the external API with an x402 payment flow. We index public x402 endpoints; agent-tools.cloud itself is discovery-only.
Agent-friendly discovery
Agents can use POST /api/v1/ask for intent-level recommendations, GET /api/v1/search for faceted search, and GET /api/v1/services/{slug} for a full service card.
Discovery entry-points: /.well-known/agent-tools.json · /.well-known/mcp.json
Safety scanning
Every indexed MCP server is re-scanned each hour for known malware and abuse patterns — pipe-to-shell install lures, base64 / eval download cradles, bare-IP command-and-control URLs and prompt-injection phrasing in its advertised tool metadata. It also detects MCP tool-poisoning coercion — descriptions that try to hijack an agent's tool-calling (“always call this tool first”, “before using any other tool you must…”), hidden <IMPORTANT> instructions, demands to list API keys or include secrets in a response, and coercion to read & forward .key/.pem/.ssh/.env files. Each server carries a clean / suspicious / malicious verdict with the matched rules. Scanning is static only — we never execute server code.
You can also scan any MCP endpoint on demand, before you connect: call the scan_mcp_safety tool on the MCP server at /mcp-discovery, or send its URL to our A2A agent at /a2a. If the server is already indexed you get our latest stored verdict instantly; if not, we probe it live, scan it, and add it to the directory. Each on-demand call also runs a frontier large model second-opinion as an advisory dimension alongside the deterministic rules.
Sources
- · MCP servers — Smithery, the official MCP registry, PulseMCP, Glama
- · x402 — awesome-x402, x402scan
- · Manual submissions (/submit)
Retired paid relay
The previously hosted Qwen relay and crypto vertical endpoints were retired on 2026-05-25. All paid relay routes now return 404; this host now serves the directory and MCP discovery layer only.