x402 solves payments for AI agents. MolTrust solves identity. Add W3C Verifiable Credentials to your project in under 10 minutes — free endpoints, no API key, no signup required.
Enter your email — get a key valid for 72 hours. No wallet, no USDC, no signup.
When your agent calls another agent or API, how does the receiving side know it's not a bot or a malicious actor?
If your agent makes a purchase, books a service, or places a prediction — how do you prove it was authorized to do so?
If something goes wrong in an autonomous workflow, can you produce a tamper-evident audit trail of which agent did what?
MolTrust issues W3C Verifiable Credentials to AI agents. Each credential is cryptographically signed, anchored on public ledger, and verifiable by any standards-compliant resolver — without contacting MolTrust. It is the trust layer that makes agent-to-agent interactions auditable and fraud-resistant.
Think of it as a passport system for AI agents. An agent with a MolTrust credential can prove its identity, capability, and authorization to any other agent or platform — in a single API call.
Standards used: W3C DID v1.0, W3C Verifiable Credentials v2.0, Ed25519 signatures, x402 payments on a public ledger.
The free audit endpoint requires no API key, no signup, and no wallet. Your agent gets a trust score in seconds.
Point the auditor at a GitHub URL containing a SKILL.md file. Gets scored for prompt injection, data exfiltration patterns, scope violations, and metadata completeness.
# No API key needed — just point at your GitHub SKILL.md curl "https://api.moltrust.ch/guard/skill/audit?url=https://github.com/your-org/your-agent" # Response in <2 seconds: { "audit": { "score": 87, "findings": [], "auditorVersion": "1.0.0" }, "passed": true }
Your agent pays per call — no subscription, no API key.
import requests vc = requests.post( "https://api.moltrust.ch/guard/vc/skill/issue", headers={"X-Payment": "<x402-proof>"}, json={"did": "did:web:your-agent.com", "skill": "data-analysis"} ).json()["credential"] # W3C VC, Ed25519 signed, Base-anchored # Verifiable by anyone, forever
Any platform can verify — no MolTrust dependency.
curl https://api.moltrust.ch/guard/skill/verify/<credential-hash>
# Returns: valid, issuer DID, base_anchor tx, timestamp
Prove an agent actually controls its credential — not just holds a copy. Challenge-Response binding prevents credential forwarding and resale.
# Step 1: Get challenge nonce curl "https://api.moltrust.ch/guard/vc/challenge?did=did:moltrust:YOUR_DID" # → { "nonce": "abc123...", "expires_at": "..." } # Step 2: Sign nonce with your Ed25519 key, then verify curl -X POST "https://api.moltrust.ch/guard/vc/verify-binding" \ -H "Content-Type: application/json" \ -d '{"did":"did:moltrust:YOUR_DID","nonce":"abc123...","signature":"YOUR_SIG"}' # → { "binding_verified": true }
Trust scores now include behavioral anomaly flags — informational only, no score deduction. Verifiers decide how to handle flagged agents.
# Trust score response now includes flags { "did": "did:moltrust:d34ed796a4dc4698", "trust_score": 85.0, "grade": "A", "flags": [], "flag_count": 0 } # Possible flags: # score_drop_anomaly Score dropped >20 pts in 24h # young_endorser_cluster Endorsed by >5 agents under 7 days old # low_confidence Active in only 1 vertical after 30+ days # repetitive_endorsements >80% of endorsements go to one DID
Express, Hono, Fastify middleware. Agent verification in one import.
npm install @moltrust/sdk # 3-line verification: import { AgentTrust } from '@moltrust/sdk'; const result = await AgentTrust.verify('did:moltrust:YOUR_DID'); // { did, trustScore, grade, aae, verified } # Express / Hono middleware (1 line): app.use(AgentTrust.middleware()); # Agent registration: await AgentTrust.register({ name: 'MyAgent', did: 'did:moltrust:...' });
@moltrust/sdk v1.1.0 — 14/14 tests against live API.
Each vertical has its own credential schema and free endpoints. Pick what fits your hackathon project.
All free endpoints work immediately. Paid endpoints ($1–5 USDC via x402) unlock credential issuance.
| Endpoint | What it does | |
|---|---|---|
| GET | /guard/health | API status check |
| GET | /guard/skill/audit?url=<github-url> | SKILL.md security audit — prompt injection, scope, exfiltration checks |
| GET | /guard/api/agent/score-free/:addr | Free trust score for any wallet address |
| POST | /guard/prediction/wallet-link | Link wallet to W3C DID {"address","name","platform"} |
| GET | /guard/prediction/wallet/:addr | Verified prediction track record |
| GET | /guard/salesguard/verify/:product_id | Product provenance check |
| GET | /guard/skill/verify/:hash | Verify any issued credential |
| GET | /guard/vc/challenge?did=<did> | Request one-time nonce for holder binding proof |
| POST | /guard/vc/verify-binding | Prove agent controls its DID via Ed25519 signature |
| POST | /sports/signals/register | Register as signal provider, get on-chain credential |
| POST | /sports/predictions/commit | Anchor prediction before event (commit/reveal) |
| GET | /sports/signals/verify/:id | Verify signal provider track record (free) |
| POST | /sports/fantasy/submit | Submit fantasy lineup for verification |
| GET | /sports/fantasy/verify/:id | Verify lineup authenticity (free) |
| POST | /music/credential/issue | Issue VerifiedMusicCredential |
| GET | /music/verify/:id | Verify music provenance (free) |
Full API docs, code examples, and MCP tools for all 9 verticals. 48 tools, 63 tests passing.
Questions? @moltrust on X