There's a service in the Coinbase x402 discovery index called OATP. In the last 30 days, 2,236 unique wallets paid it $0.50 per call to risk-scan Solana tokens, calling it over 11,000 times. Its transaction explainer cleared 18,000 calls. You can verify every number yourself: the CDP Bazaar index publishes per-endpoint call counts and payer counts at api.cdp.coinbase.com/platform/v2/x402/discovery/resources.
That's a swarm of AI agents -- autonomous ones, with funded wallets -- paying real money for one specific thing: knowing whether an on-chain action is safe before taking it so that they don't get burned.
I spent the last few months building the cross-chain version of this same idea. It's called AgentForge, and this post is about what I learned building for customers that aren't human.
What it is
AgentForge is a DeFi safety layer, which means it's the service an agent calls before executing on-chain actions which may be risky or of unknown provenance. It has 19 endpoints across Ethereum, Base, Arbitrum, Optimism, Polygon, and Solana. It requires no API keys, and no accounts, as every endpoint is payable per-request via x402 (USDC on Base or Solana), and every tool is also free via MCP.
The Solana suite of features, which I just added yesterday, includes:
-
POST /v1/solana/token-risk-scan($0.35) — mint/freeze authority checks, top-holder concentration with liquidity-pool accounts excluded, DexScreener liquidity depth, deterministic 0-100 score. -
POST /v1/solana/tx-simulate($0.15) — realsimulateTransactionexecution against mainnet state: balance deltas, program logs, authority-change flags, a proceed/caution/avoid verdict. A failed simulation is returned with an actionable answer rather than an error. -
POST /v1/solana/tx-explain($0.05) — any signature decoded to labeled instructions, token movements, and a plain-English summary. -
GET /v1/solana/program-lookup(free) — a curated, hand-verified registry of Solana programs with protocol labels and risk levels.
The EVM side works the same way, with wallet safety scans ($0.10) that combine approval auditing, activity-pattern detection, and target-contract assessment in one call, as well as transaction decoding, contract monitoring, and auto-generated contract documentation with proxy resolution. There are currently 319 contracts pre-computed, so an agent asking about Lido stETH, for example, will get the implementation's 35 functions with risk flags in under a second rather than burning tokens by using five ABI shells.
What I learned selling to agents
1. Agents buy de-risking and information that enables them to prove that a system works in a deterministic way. My first token-risk products were LLM syntheses, which were effectively automatically generated prose risk assessments. Those were actually useless. A trading agent needs canMint: true and top10Pct: 71.4, numbers it can threshold on. The LLM now only writes optional one-line summaries, so every score is pure computation.
2. The moat is accumulated token spending/AI labor, not intelligence. Any agent has its own LLM. What it doesn't have is a hand-verified program/contract registry, pre-resolved proxy chains, multi-source pipelines with rate limiting and graceful degradation already built. This project is renting out the accumulated value that's derived from tokens I've already spent to ensure the agents don't ever have to, at per-call prices.
3. Discovery is brutal. My endpoints were invisible for weeks. The cause: the Bazaar probes your resource using the example input you declare — mine were empty {}, so every probe 400'd against my own validation, and only my two no-body GET endpoints ever indexed. One fix (real example inputs on every route) took indexing from 2/16 to 15/16 within hours. If you're shipping x402 services: Coinbase's validator at agentic.market's Seller Tools will find what you can't.
4. Env vars will hurt you in ways tests won't catch. A trailing \n from echo piped into vercel env add corrupted my payTo address inside every payment requirement, silently rejecting real payments while my own test harness passed. My takeaway here is to use printf.
Try it
MCP (free, all 20 tools — Claude Desktop, Cursor, Windsurf):
{ "mcpServers": { "agentforge": { "url": "https://agentforge-taupe.vercel.app/mcp" } } }
x402 (any agent with a funded wallet):
import { wrapFetch } from '@x402/fetch';
const fetch402 = wrapFetch(fetch, { privateKey: process.env.WALLET_PRIVATE_KEY, network: 'base' });
const scan = await fetch402('https://agentforge-taupe.vercel.app/v1/solana/token-risk-scan', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ mint: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v' }),
});
Skill file for coding agents: agentforge-taupe.vercel.app/SKILL.md. MCP registry: io.github.acarchidi/agentforge. Everything else: agentforge-taupe.vercel.app.
Building in the x402 economy, or running agents that touch DeFi? I want to hear what safety checks you're missing and would want to use, so let me know in the comments.
Tags: x402, solana, ai, defi, agents, web3
Top comments (0)