ToolPin

io.heronapp/heron

io.heronapp/heron · v1.2.0 · MCP 2025-11-25

Signed security scores for what an AI agent runs and reads: skills, MCP servers, prompts, tokens.

Reachability reachable
checked 2026-07-14 04:30 UTC
Registry status active
Tools pinned 14
038bb1fb1a7a
Tools last changed unchanged since first capture 2026-07-14

Provenance

Registry namespace io.heronapp (domain verified by the official registry)
Website https://heronapp.io
Remote endpoints
https://heronapp.io/mcp (streamable-http)

Observed changes

When (UTC)EventDetail
2026-07-14 03:23 first capture 14 tools pinned

Pinned tool definitions (14)

ToolDescription
heron_skill_scan Check whether an agent SKILL.md skill is SAFE TO RUN before you install it. Provide EITHER `url` (a GitHub link — repo, folder, or SKILL.md; Heron pulls the manifest + its scripts) OR `skill_md` (the manifest text). Returns a...
heron_mcp_scan Check whether an MCP SERVER is SAFE TO CONNECT before you add it. An MCP server's tool names, descriptions and schemas are injected into your context, and you will obey instructions hidden there ("tool poisoning"). Provide...
heron_agent_redteam Red-team an AI agent's SYSTEM PROMPT for injection-resilience (static, safe — nothing is sent anywhere). Pass the agent's `system_prompt` (and optionally its `tools`). Returns a 0-100 resilience score, a verdict (resilient /...
heron_inspect Prompt Firewall — inspect UNTRUSTED text your agent is about to trust (a user message, a tool's output, a retrieved/RAG document, an email) BEFORE you act on it. Returns an action (allow / flag / block), a 0-100 score, and the...
heron_agent_posture Agent Posture Score — ONE signed 0-100 security posture for a WHOLE agent, combining Heron's products with a weakest-link rule (you are only as safe as your weakest part). Give any subset: the agent's `system_prompt`, a list of...
heron_token_scan Token Safety — is a token contract safe to BUY, APPROVE, or let your agent interact with? Give a token contract `address` (and `chain`: base / ethereum / bsc). Returns a FREE 0-100 safety score + which risk categories tripped,...
heron_agent_identity Look up an agent's Heron identity: its wallet-signed passport and its portable, signed attestations (skill scans, MCP scans, red-team runs it has bound to its identity). Anyone can verify the signatures with...
heron_trust_index The public Heron skill-trust index: recently analyzed public agent skills with their 0-100 trust scores and verdicts. Use it to see what has already been vetted.
heron_verify_attestation Verify a Heron skill-attestation signature yourself (EIP-191) — confirms Heron's wallet signed this exact analysis digest. No trust in Heron required.
heron_methodology How Heron computes a skill trust score — the public rules, severity weights, scoring formula and model. A signed attestation proves integrity, not correctness, so the method is open: audit it before you rely on a score.
heron_score Free instant AI-visibility (GEO) score for a URL: how citable the page is to AI search engines (ChatGPT, Claude, Perplexity, Gemini, Google AI Overviews). Returns overall 0-100 score, grade, per-dimension breakdown and a...
heron_full_report Get the FULL Heron report (executive summary, all fixes, 30/60/90 roadmap) as machine-readable JSON. Pay-per-use over x402. First call (no order): returns HTTP 402 details — pay the given USDC amount on Base to the pay_to...
heron_negotiate Name-your-price for the full report. Propose `bid` (USD). If your bid is at or above Heron's transparent floor it is accepted at that price (capped at the list price); below the floor you get a counter-offer. Then pay the...
heron_manifest Heron service description, pricing and payment (x402) details.

Status badge

ToolPin status badge for io.heronapp/heron

[![ToolPin](https://toolpin.dev/badge/io.heronapp/heron.svg)](https://toolpin.dev/servers/io.heronapp/heron)

Maintain this server? Add the badge to your README — it links your users to this live status page.