Pricing

Five tiers, two ways to pay (USDC or invoice). Built so an agent or a procurement team can compare in one fetch — JSON-LD embedded in this page.

Open Source CLI

$0 Free, forever

Run the scanner anywhere with one command. No API key, no telemetry, zero dependencies.

  • 37 rules across TS/JS, Python, Go, Rust, C#, Java, Kotlin
  • OWASP LLM Top 10 + NIS2 mapped
  • Offline CVE database (40+ top packages)
  • Docker-isolated scan mode included

For: Indie developers, agent builders, security researchers

Get it on GitHub

Hosted API (free)

$0 Rate-limited

POST a public GitHub URL, get a structured report back. Useful when you don't want to install Node.js.

  • Same 37 rules as the CLI, same disclaimer in every response
  • Idempotency-Key + ETag + Cache-Control headers
  • OpenAPI spec at /openapi.json
  • MCP tool at /mcp/ for agent-native invocation

For: Agents and operators evaluating MCP servers

Try POST /v1/scan

Hosted API (x402)

$0.10 Per scan, USDC on Base L2

Same endpoint, accessed via x402 micropayment. No account, no API key — pay per call.

  • Pay-as-you-go via x402 protocol
  • Settlement to Coinbase wallet on Base L2
  • Discoverable at /.well-known/x402.json
  • Same response shape as free tier

For: Autonomous agents in the Coinbase Agent.market ecosystem

See /v1/scan/pay

MCP Security Audit

$5K – $30K Per engagement

Manual review of your MCP server. L2 authorization, L3 tool integrity, L4 monitoring maturity.

  • L2: RBAC, secrets handling, JWT, PII/GDPR review
  • L3: SSRF, SQLi in tools, prompt-injection resistance
  • L4: audit logging, rate limiting, error leakage
  • Written report + read-out + 30-day Q&A window

For: Enterprises shipping MCP to production

Book a discovery call

AI Procurement Risk Audit

$5K – $15K Per engagement

Independent due-diligence on your AI vendor contracts and inference logs. Three-layer framework.

  • Layer 1 (Factual): tokens/cost/routing measured per workflow
  • Layer 2 (Negotiation): reserved-vs-best-efforts review
  • Layer 3 (Operational): hidden human-in-loop flagging
  • 15–30 page written report + executive read-out

For: CFO / CTO / CISO buying enterprise AI capacity (OpenAI, Anthropic, hyperscalers)

Read the checklist

How to pick

Just want to scan something?
Open-source CLI is the fastest path. No signup, no rate limit. Run npx compuute-scan ./your-mcp-server.
Building an autonomous agent that should check things at runtime?
Use the hosted API. Free tier works for most agents — call POST /v1/scan. The x402 tier exists for agents that prefer to pay rather than handle API keys; same response shape.
Shipping MCP servers to production and need a sign-off?
MCP Security Audit. We deliver a written report with verified findings, not raw scanner output. See the docs for the methodology.
Procurement reviewing a new AI vendor contract?
AI Procurement Risk Audit. The lead-magnet checklist is free to read — walk through it yourself before deciding whether you want us to walk it through with you.