DepScan API
Dependency health checker for AI agent skills. Validates external endpoints, SSL certificates, domain reputation and blacklists before your agent trusts a skill's infrastructure.
Live endpoint: https://depscan.net Health check: https://depscan.net/v1/health
Why this exists
A skill can have clean code and still connect to malicious or unreliable infrastructure. DepScan checks the external dependencies a skill reaches out to — the attack surface that code scanners miss.
What it checks
- HTTP/HTTPS uptime and response latency
- SSL certificate validity and days until expiration
- Domain age and ownership history (WHOIS)
- IP abuse reputation score (AbuseIPDB)
- Blacklist status (Spamhaus DBL)
Quick start
1. Get an API key
Create a Stripe checkout session — the key is pre-generated and activates after payment:
curl -X POST https://depscan.net/v1/billing/checkout \
-H "Content-Type: application/json" \
-d '{"tier": "single_starter"}'
Response:
{
"checkout_url": "https://checkout.stripe.com/...",
"api_key": "dsk_live_...",
"note": "Save your API key now — it will not be shown again."
}
Store api_key. Complete payment at checkout_url. Key activates automatically within seconds.
2. Run a scan
curl -X POST https://depscan.net/v1/scan-deps \
-H "Content-Type: application/json" \
-H "Authorization: Bearer dsk_live_your_key" \
-d '{
"skill_url": "https://github.com/owner/skill-repo",
"scan_type": "deep"
}'
3. Response
{
"scan_id": "dep_x9y8z7w6v5u4t3s2",
"overall_score": 61,
"status": "CAUTION",
"recommendation": "REVIEW_BEFORE_INSTALL",
"endpoints": [
{
"url": "https://api.example.com",
"status": "UP",
"latency_ms": 210,
"ssl_valid": true,
"ssl_expires_days": 14,
"domain_age_days": 23,
"abuse_score": 0,
"in_blacklist": false,
"flags": ["SSL_EXPIRING", "NEW_DOMAIN"]
}
],
"timestamp": "2026-03-01T12:00:00Z"
}
Flags: SSL_EXPIRING · SSL_EXPIRED · NEW_DOMAIN · OWNER_CHANGED · ABUSE_REPORTED · IN_BLACKLIST · HIGH_LATENCY · NO_HTTPS · REDIRECT_CHAIN
Scan types
| Type | Description | Credits |
|---|---|---|
single | Uptime + SSL + Spamhaus blacklist | 1 credit |
deep | Single + WHOIS + domain age + AbuseIPDB | 1 credit |
Results cached 24 hours — rescanning the same domain costs zero credits.
Pricing (MXN)
| Tier | Credits | Price | Type |
|---|---|---|---|
single_starter | 25 | $25 | One-time |
single_pro | 100 | $80 | One-time |
single_business | 500 | $299 | One-time |
deep_starter | 10 | $30 | One-time |
deep_pro | 50 | $120 | One-time |
deep_business | 200 | $499 | One-time |
monitor | 500/month | $199/month | Subscription |
unlimited | Unlimited | $999/month | Subscription |
Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
POST | /v1/billing/checkout | None | Create checkout session + pre-generate API key |
POST | /v1/scan-deps | Bearer | Submit skill or endpoint list for scanning |
GET | /v1/scan/{scan_id} | Bearer | Retrieve scan result |
POST | /v1/monitor/subscribe | Bearer | Subscribe skill to Monitor tier |
GET | /v1/monitor/{skill_id}/history | Bearer | Monitor scan history (last 30 days) |
GET | /v1/health | None | Service status |
Input options
{ "skill_url": "https://github.com/owner/skill-repo", "scan_type": "single" }
{ "endpoints": ["https://api.one.com", "https://api.two.com"], "scan_type": "deep" }
Score interpretation
| Score | Status | Recommendation |
|---|---|---|
| 80–100 | SAFE | SAFE_TO_INSTALL |
| 60–79 | CAUTION | REVIEW_BEFORE_INSTALL |
| 40–59 | RISK | REVIEW_BEFORE_INSTALL |
| 0–39 | CRITICAL | DO_NOT_INSTALL |
Latency & availability
- Average scan time: < 5 seconds (parallel async checks)
- Uptime: 99.9% (Contabo dedicated VPS)
- Response format: JSON
Companion service
SecurityScan API analyzes skill source code for security vulnerabilities (prompt injection, malware, OWASP LLM Top 10): https://apisecurityscan.net
License
MIT — this repository contains documentation and skill package only. Service source code is proprietary.