npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agentutility/mcp-web-probe

v0.2.2

Published

MCP server for the @agentutility web-probe cluster — pay-per-call x402 tools, no API keys, USDC on Base.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

agentutilityagentutility

Keywords

mcpmodel-context-protocolx402agentutilityagent-toolsweb-probe

Readme

@agentutility/mcp-web-probe

Inspect any website. Pay per look.

DNS, SSL, WHOIS, DMARC, subdomain enumeration, scraping, screenshots, Wikipedia, HN, arXiv. The agent's pre-flight check for the open web.

Pricing: pay-per-call in USDC on Base. No subscriptions, no API keys. See per-tool prices below.

Install — Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "agentutility-web-probe": {
      "command": "npx",
      "args": ["-y", "@agentutility/mcp-web-probe"],
      "env": { "X402_PRIVATE_KEY": "0xYOUR_PRIVATE_KEY_HEX" }
    }
  }
}

Restart Claude Desktop. 44 tools appear in the tool palette.

Install — Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "agentutility-web-probe": {
      "command": "npx",
      "args": ["-y", "@agentutility/mcp-web-probe"],
      "env": { "X402_PRIVATE_KEY": "0x..." }
    }
  }
}

Funding

Send any amount of USDC on Base mainnet to the address derived from your X402_PRIVATE_KEY. The MCP server uses it to pay for tool calls automatically.

USDC on Base contract: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913

Tools (44)

| Tool | Description | |---|---| | archive-snapshot | (0.02 USDC/call) Wayback Machine API / archive.org wrapper. Returns closest archived snapshot URL + timestamp. Optionally fetches and cleans the archived page text. For historical content + reference rot fixes. | | arxiv-bibtex | (0.002 USDC/call) arXiv to BibTeX / arxiv citation generator / paper bibtex / LaTeX citation builder / academic citation lookup. Pulls a paper's title, authors, year, abstract, and DOI from the arXiv API and generates a properly-formatted BibTeX entry with an auto-derived cite key (or your own). Free public arXiv API. Pure XML parse — no upstream auth. | | arxiv-search | (0.03 USDC/call) arXiv full-text search. Search by query / author / category / id-list. Returns title, authors, abstract, primary category, dates, PDF URL, DOI. Public arXiv API. | | arxiv-summarize | (0.04 USDC/call) arXiv paper summarizer / research-paper TLDR. Given an arXiv ID or URL, fetches the abstract via arXiv API and produces structured summary: TLDR, key findings, methods, limitations, so-what, keywords. Plus authors, categories, DOI, PDF URL. | | disposable-email-check | (0.005 USDC/call) Disposable email detector / fake email filter / fraud signup defense. Cross-checks 100k+ disposable domains list. Flags role accounts (admin@, noreply@). Verifies MX record via Cloudflare DoH. | | dmarc-check | (0.02 USDC/call) DMARC / SPF / DKIM checker. Email-authentication audit — pulls TXT records, parses DMARC policy (none/quarantine/reject), SPF mechanisms, DKIM selectors. Returns 0-100 score + grade A-F + reasons. | | dns-lookup | (0.02 USDC/call) DNS lookup / DNS resolver / DoH proxy. Query A, AAAA, MX, TXT, NS, CNAME, SOA, PTR, SRV, CAA, DNSKEY, DS, TLSA, HTTPS, SVCB records via Cloudflare DNS-over-HTTPS. No DNS infrastructure required. | | domain-availability | (0.005 USDC/call) Domain availability / RDAP lookup / WHOIS replacement / domain registration checker / expiry date lookup. Returns is_registered, registrar, registration date, expiry date, days_until_expiry, and current EPP status flags for any TLD that supports RDAP (effectively all gTLDs and most ccTLDs). Backed by rdap.org, the public RFC-7480-compliant aggregator. 404s map to is_registered: false rather than an error. | | domain-suggest | (0.05 USDC/call) Brandable domain suggester / startup-name brainstormer / product-name proposer / domain candidate generator. LLM brainstorms N short brandable candidates fitting a concept + tone, then verifies TLD availability across up to 6 TLDs via in-process domain-availability lookups. Returns candidates ranked by # available TLDs then brandability score, with per-TLD registrar info for each candidate. Pair with brand-clearance (Prooflayer) on the shortlist for trademark + Wikipedia + HN signal before adopting. Allowlisted TLDs: com, ai, dev, io, co, app, xyz, org, net, tech, tools, page, studio, shop. | | expand-url | (0.02 USDC/call) URL expander / redirect chain tracer / link-shortener resolver. Follows HTTP redirects step-by-step, returns every hop with status, location, redirect type, response time. Phishing-link analysis, marketing attribution, click-tracking. | | github-readme | (0.002 USDC/call) GitHub README fetch / repo readme / open-source-readme-as-markdown / package documentation puller. Pulls the raw README markdown for any public GitHub repository via the official GitHub REST API — no auth required for public repos. Returns the unaltered markdown plus byte size and char count. Useful for agents documenting a stack, explaining a library, or snipping an example. | | github-stars-history | (0.005 USDC/call) GitHub stars history / star growth chart / repo popularity over time / trending tracker. Current star count plus a sampled cumulative-stars-vs-date series for any public GitHub repo. Walks 1-10 evenly-spaced pages of /stargazers using application/vnd.github.star+json so each sample carries a starred_at timestamp. Free public API, no auth (subject to GitHub's 60 req/h unauthenticated limit). | | hacker-news-search | (0.001 USDC/call) Hacker News search / HN search / yc-news / Algolia HN. Searches 30M+ Hacker News stories and comments. Filter by type (story/comment/poll), author, min points, ISO8601 date range; sort by relevance or recency. Returns title, author, points, comment count, URL. | | hn-search | (0.001 USDC/call) HN search / Hacker News search / yc-news / startup-news search / Algolia HN / who-is-hiring scraper / programmer-news firehose. Searches 30M+ Hacker News stories and comments via the public Algolia HN index. Filter by type (story|comment|poll), author, minimum points, ISO8601 date range (since/until), and sort by relevance or recency. Returns total hit count plus per-hit objectID, title, author, points, comment count, created_at, URL, and story/comment text. Public Algolia API — no auth, commercial-OK. | | homoglyph-check | (0.003 USDC/call) Homoglyph attack detector / Unicode lookalike scanner. Detects Cyrillic / Greek / fullwidth / mathematical lookalikes commonly used in phishing (apple.com vs аpple.com). Plus invisible / zero-width / RTL-override characters. Risk score 0-100 + normalized form. | | ip-asn | (0.001 USDC/call) IP to ASN / IP geolocation / IP-to-ISP lookup / WHOIS for IP / cloud-provider attribution. For any IPv4 or IPv6 address, returns ASN number, ASN org, ISP, country, region, city, postal, latitude/longitude, and timezone. Primary backend: ipapi.co (1k req/day free). Fallback: ip-api.com (45 req/min free). Both are free public APIs with no auth. | | jwt-decode | (0.003 USDC/call) JWT decoder / token inspector / debug tool. Splits a JWT into header / payload / signature, base64url-decodes each, parses claims (iss, aud, sub, jti, iat, exp, nbf, kid, alg), and reports clock-validity. Does NOT verify signatures. | | keyword-suggest | (0.002 USDC/call) Keyword autocomplete / search suggest / SEO keyword research / query expansion / autocomplete suggestions. Aggregates suggestions from Wikipedia OpenSearch + DuckDuckGo's autocomplete (both public, no auth) into a de-duplicated ranked list. Useful for SEO content-gap analysis, LLM query expansion, agent-driven research. | | link-extract | (0.005 USDC/call) Link extractor / extract links from URL / list all anchor links / page outlink crawler / scrape outbound links / get hrefs from page. Fetches an HTML URL and returns every link with its anchor text, rel attribute, and an is_external flag. Resolves relative URLs against the page's or final URL. Lighter than full scrape / metadata endpoints — exact tool for the agent task 'walk this page, pick which links to follow.' Default 500-link cap. SSRF-guarded (no loopback / RFC1918 targets). | | mcp-tools-list | (0.005 USDC/call) MCP tools-list / Model Context Protocol discovery / list MCP server tools / tools/list JSON-RPC / agent capability discovery / MCP catalog lookup. Pass any MCP server URL (HTTP transport) — completes the initialize handshake and returns the tool catalog (names, descriptions, JSON-schema input shapes). Optionally also lists resources and prompts. Pure agent infrastructure: an agent that discovers an unknown MCP server URL gets back its capabilities without running its own MCP client. No API key. SSRF-guarded (no loopback / RFC1918 targets). | | npm-package-stats | (0.003 USDC/call) npm package stats / npm registry lookup / npm downloads / package release history / lightweight package metadata. Fetches the public npm registry record for a package and returns description, license, repository, latest version, total version count, recent versions with publish timestamps and deprecation flags, age in days, days since last release, maintainer count + list, and downloads for the last day, week, month, year. Lightweight companion to package-risk-npm — same registry, but just the numbers, no LLM risk synthesis. Public npm registry (registry.npmjs.org + api.npmjs.org), no auth, commercial use permitted under the npm Public Registry Open Source Terms. | | password-strength | (0.02 USDC/call) Password strength meter + breach checker. Entropy bits, character-class diversity, common-pattern penalties, estimated crack times (online/offline/GPU). Plus Have I Been Pwned k-anonymity breach lookup — full password never leaves the server. | | pubmed-search | (0.01 USDC/call) PubMed biomedical literature search. NIH E-utilities. Returns PMID, title, abstract, authors, journal, MeSH terms, DOI. Federal public. | | pypi-package-stats | (0.003 USDC/call) PyPI package stats / Python package registry lookup / pip package metadata / pypistats downloads / Python ecosystem metadata. Fetches the public PyPI JSON record for a Python package and returns summary, license, homepage, repository, documentation, issues URL, author, maintainer, classifiers, latest version, total version count, recent versions with publish timestamps and yanked flags, age in days, days_since_last_release. Also pulls last-day / last-week / last-month download counts from pypistats.org (Linehaul-derived). Lightweight companion to package-risk-pypi for cases where you just need the numbers, no risk synthesis. Public PyPI + pypistats APIs, no auth. | | qr-code-decode | (0.002 USDC/call) QR decoder / QR reader / scan QR from URL / QR code OCR / barcode reader / link extraction from QR. Reads QR codes out of any public image URL (PNG / JPG / GIF / BMP) and returns the decoded text strings. Multiple QR codes in a single image are returned as separate entries. Wraps qrserver.com's free public read-qr-code API (true DIY decode requires canvas, which Workers don't have natively). Returns an empty codes array plus a descriptive note if the image can't be fetched or no QR is found. | | qr-code-generate | (0.001 USDC/call) QR code generator / QR maker / vCard QR / WiFi QR / URL to QR / SVG QR / PNG QR / customizable error correction. Generates a QR code from arbitrary text — URL, vCard, WiFi join string, plain text — and returns it as a base64-encoded PNG (default) or SVG. Configurable size (64-1024 px), error correction level (L/M/Q/H), quiet-zone margin, and foreground/background hex colors. Pure JS encoder via the qrcode npm package — no upstream API call, deterministic output. | | rss-from-anything | (0.04 USDC/call) RSS feed generator / HTML to RSS converter. Auto-detects article items on any HTML page, OR pass CSS selectors. RSS 2.0 output. For sites that don't publish a feed. | | scrape | (0.04 USDC/call) Web scraper / HTML extractor. Title, OG/Twitter meta, body in text/HTML/markdown, optional links. Cheerio-based. | | scrape-website | (0.04 USDC/call) Web scraper / HTML to text / website content extractor. Returns title, OG/Twitter meta, body in text/HTML/markdown. Optional links. Cheerio-based — fast, no headless browser. | | screenshot | (0.04 USDC/call) Website screenshot / URL to PNG/JPG. Configurable viewport, retina, crop/fit, transparent BG, JPG quality, JS wait conditions. | | sitemap-fetch | (0.005 USDC/call) Sitemap fetcher / sitemap.xml parser / sitemap index resolver / SEO sitemap reader / robots.txt sitemap discovery / website URL inventory. Accepts a site root (will discover sitemap via robots.txt or /sitemap.xml convention) OR a direct sitemap.xml URL. Recurses through sitemap-index nesting. Returns the URL list with lastmod / changefreq / priority and aggregate stats (count, oldest/newest lastmod). Useful for SEO audits, content-freshness monitoring, RAG ingestion seeding. | | ssl-cert | (0.03 USDC/call) SSL certificate inspector / TLS cert checker / certificate transparency lookup / ssl expiry. Issuer, subject, SAN list, validity dates, days-until-expiry. Sourced from Certificate Transparency logs (crt.sh). | | ssl-cert-info | (0.03 USDC/call) SSL / TLS certificate inspector. Issuer, subject, SAN list, validity dates, days-until-expiry, expires-soon flag. Sourced from Certificate Transparency logs (crt.sh). Optional cert history. | | subdomain-enum | (0.03 USDC/call) Subdomain enumeration / attack-surface mapping / DNS recon. Certificate Transparency log mining (crt.sh). All-public data. Each subdomain with first-seen, last-seen, cert count. | | tech-stack-detect | (0.01 USDC/call) Tech stack detector / website fingerprint / Wappalyzer alternative. Detects WordPress / Shopify / Webflow / Ghost / Next.js / Nuxt / Astro / Gatsby / React / Vue / Vercel / Netlify / Cloudflare / Stripe / Intercom / 50+ more. Header + meta + script + cookie patterns. | | tld-info | (0.001 USDC/call) TLD info / top-level domain registry lookup / ccTLD vs gTLD / TLD introduction year / new gTLD registry. For any top-level domain, returns the registry operator, type (gTLD / ccTLD / sTLD), country (for ccTLDs), introduction year, and notes. In-handler dictionary covers ~80 of the most common TLDs; falls back to a structural guess for unrecognized TLDs. | | url-metadata-extract | (0.003 USDC/call) URL metadata extractor / OG tags / Open Graph parser / Twitter Card parser / meta tag extractor / link preview / page metadata / favicon resolver / JSON-LD reader / canonical URL extractor. Fetches a webpage and parses head-level metadata: title, description, Open Graph (og:), Twitter Card (twitter:), canonical link, favicon, html lang, keywords, robots, author, article:published_time, JSON-LD blocks. Returns absolute URLs for image and favicon. Useful for SEO audits, link-preview generation, content cataloging, RAG ingestion. | | user-agent-parse | (0.001 USDC/call) User-Agent parser / UA classifier / browser detection / OS detection / bot detection / AI crawler identifier (GPTBot, ClaudeBot, PerplexityBot). Pure-local regex parser — detects browser (Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Samsung), OS (Windows, macOS, iOS, Android, Linux, ChromeOS) with version, device type (desktop / mobile / tablet / bot), and identifies 32+ specific bots/crawlers. No upstream call. | | webpage-diff | (0.04 USDC/call) Webpage change detection / website monitor / content diff. Cleans HTML to text + SHA-256 hash. Pass previous hash/text to get added/removed line lists. Price + policy + status-page monitoring. | | website-screenshot | (0.04 USDC/call) URL to PNG / JPG / website screenshot tool. Configurable viewport, retina, crop/fit, transparent BG, JPG quality, JS wait conditions. CloudConvert capture. | | whois | (0.02 USDC/call) Domain WHOIS / RDAP lookup. Registration, age, expiration, registrar, contacts, nameservers, DNSSEC, status flags. | | whois-lookup | (0.02 USDC/call) WHOIS / RDAP domain lookup. Registration date, age, expiration, registrar, contacts, nameservers, DNSSEC, status flags, transfer history. Optional certificate-transparency summary. | | wikipedia | (0.005 USDC/call) Wikipedia API / encyclopedia lookup. Title, summary, image, sections, Wikidata id, optional 25k-char extract. 300+ languages. | | wikipedia-lookup | (0.005 USDC/call) Wikipedia API / encyclopedia lookup / structured article fetch. Title, summary, image, sections, Wikidata id, optional 25k-char extract. 300+ languages. |

How it works

  1. Agent calls a tool (e.g. archive-snapshot).
  2. MCP server POSTs to https://x402.agentutility.ai/archive-snapshot.
  3. The endpoint responds HTTP 402 with payment instructions.
  4. The MCP server signs an EIP-3009 USDC transfer authorization with X402_PRIVATE_KEY and retries.
  5. CDP facilitator settles on Base.
  6. The endpoint returns the actual response.

The agent never sees the payment flow — it just gets the result.

Links

  • Cluster overview: https://agentutility.ai/web-probe/
  • All MCP packages: https://mcp.agentutility.ai/
  • Source: https://github.com/rooz21/x402/tree/main/packages/mcp-web-probe

Version: 0.2.2 · License: MIT