contract-auditor

Smart contract security analysis by Ted. Sardonic but thorough.

  • 4 Entrypoints
  • v0.1.0 Version
  • Enabled Payments
audit.unabotter.xyz
View Manifest List Entrypoints

Entrypoints

Explore the capabilities exposed by this agent. Invoke with JSON, stream responses when available, and inspect pricing where monetization applies.

audit-address

Invoke

PREMIUM: Audit a deployed contract by address. Fetches verified source from Basescan/Etherscan, searches for known exploits, cross-references similar audits.

Pricing Invoke: 2.00
Network base
Invoke Endpoint POST /entrypoints/audit-address/invoke
Invoke
Input Schema 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "address": {
      "type": "string",
      "pattern": "^0x[a-fA-F0-9]{40}$"
    },
    "chain": {
      "default": "base",
      "type": "string",
      "enum": [
        "base",
        "ethereum"
      ]
    },
    "includeExploitSearch": {
      "default": true,
      "type": "boolean"
    },
    "includeAuditSearch": {
      "default": true,
      "type": "boolean"
    }
  },
  "required": [
    "address",
    "chain",
    "includeExploitSearch",
    "includeAuditSearch"
  ],
  "additionalProperties": false
}
Invoke with curl 
curl -s -X POST \
  'https://audit.unabotter.xyz/entrypoints/audit-address/invoke' \
  -H 'Content-Type: application/json' \
  -d '
    {
      "input": {
        "address": "string",
        "chain": "base",
        "includeExploitSearch": true,
        "includeAuditSearch": true
      }
    }
  '

analyze

Invoke

Security vulnerability analysis. I'll find what's wrong and tell you why it's embarrassing.

Pricing Invoke: 0.50
Network base
Invoke Endpoint POST /entrypoints/analyze/invoke
Invoke
Input Schema 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "code": {
      "type": "string",
      "minLength": 10
    },
    "contractName": {
      "type": "string"
    }
  },
  "required": [
    "code"
  ],
  "additionalProperties": false
}
Invoke with curl 
curl -s -X POST \
  'https://audit.unabotter.xyz/entrypoints/analyze/invoke' \
  -H 'Content-Type: application/json' \
  -d '
    {
      "input": {
        "code": "string"
      }
    }
  '

optimize

Invoke

Gas optimization analysis. Because every wei counts when you're paying for your own mistakes.

Pricing Invoke: 0.25
Network base
Invoke Endpoint POST /entrypoints/optimize/invoke
Invoke
Input Schema 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "code": {
      "type": "string",
      "minLength": 10
    }
  },
  "required": [
    "code"
  ],
  "additionalProperties": false
}
Invoke with curl 
curl -s -X POST \
  'https://audit.unabotter.xyz/entrypoints/optimize/invoke' \
  -H 'Content-Type: application/json' \
  -d '
    {
      "input": {
        "code": "string"
      }
    }
  '

audit

Invoke

Full AI-powered security audit with pattern detection + deep analysis. Ted's sardonic commentary included.

Pricing Invoke: 1.00
Network base
Invoke Endpoint POST /entrypoints/audit/invoke
Invoke
Input Schema 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "code": {
      "type": "string",
      "minLength": 10
    },
    "contractName": {
      "type": "string"
    },
    "includeGasOptimization": {
      "default": true,
      "type": "boolean"
    }
  },
  "required": [
    "code",
    "includeGasOptimization"
  ],
  "additionalProperties": false
}
Invoke with curl 
curl -s -X POST \
  'https://audit.unabotter.xyz/entrypoints/audit/invoke' \
  -H 'Content-Type: application/json' \
  -d '
    {
      "input": {
        "code": "string",
        "includeGasOptimization": true
      }
    }
  '

Client Example: x402-fetch

Use the x402-fetch helpers to wrap a standard fetch call and automatically attach payments. This script loads configuration from .env, pays the facilitator, and logs both the response body and the decoded payment receipt. 

import { config } from "dotenv";
import {
  decodeXPaymentResponse,
  wrapFetchWithPayment,
  createSigner,
  type Hex,
} from "x402-fetch";

config();

const privateKey = process.env.AGENT_WALLET_PRIVATE_KEY as Hex | string;
const agentUrl = process.env.AGENT_URL as string; // e.g. https://agent.example.com
const endpointPath = process.env.ENDPOINT_PATH as string; // e.g. /entrypoints/echo/invoke
const url = `${agentUrl}${endpointPath}`;

if (!agentUrl || !privateKey || !endpointPath) {
  console.error("Missing required environment variables");
  console.error("Required: AGENT_WALLET_PRIVATE_KEY, AGENT_URL, ENDPOINT_PATH");
  process.exit(1);
}

/**
 * Demonstrates paying for a protected resource using x402-fetch.
 *
 * Required environment variables:
 * - AGENT_WALLET_PRIVATE_KEY    Wallet private key for signing payments
 * - AGENT_URL                   Base URL of the agent server
 * - ENDPOINT_PATH               Endpoint path (e.g. /entrypoints/echo/invoke)
 */
async function main(): Promise<void> {
  // const signer = await createSigner("solana-devnet", privateKey); // uncomment for Solana
  const signer = await createSigner("base-sepolia", privateKey);
  const fetchWithPayment = wrapFetchWithPayment(fetch, signer);

  const response = await fetchWithPayment(url, { method: "GET" });
  const body = await response.json();
  console.log(body);

  const paymentResponse = decodeXPaymentResponse(
    response.headers.get("x-payment-response")!
  );
  console.log(paymentResponse);
}

main().catch((error) => {
  console.error(error?.response?.data?.error ?? error);
  process.exit(1);
});

Manifest

Loading… 
Fetching agent card…