feat: add plugin-scout for x402 trust intelligence and transaction safety

[yaooooooooooooooo]

Relates to

• x402 Protocol - trust scoring for the x402 payment ecosystem
• ScoutScore - the trust intelligence platform

Risks

Low. This is a self-contained new plugin with no modifications to existing code. Zero runtime dependencies beyond @elizaos/core. All API calls go to the ScoutScore public API (free during launch period).

Background

What does this PR do?

Adds plugin-scout - gives ElizaOS agents trust intelligence for the x402 ecosystem. Before your agent pays for an x402 service, it can verify whether that service is trustworthy, check if it actually delivers what it advertises, and block unsafe transactions automatically.

The x402 protocol enables HTTP-native micropayments, but agents need a way to evaluate whether services are safe before sending money. ScoutScore provides that trust layer - scoring 400+ x402 services across 4 pillars and monitoring them continuously.

What kind of change is this?

Feature (non-breaking change which adds functionality)

Actions

Action	Description
CHECK_SERVICE_TRUST	Score any x402 service across 4 trust pillars (Contract Clarity, Availability, Response Fidelity, Identity & Safety)
CHECK_FIDELITY	Probe whether a service actually follows the x402 protocol and delivers what it advertises
SCAN_SKILL	Security scan a GitHub-hosted skill or MCP server before installing
BROWSE_LEADERBOARD	Discover trusted x402 services by category (AI & ML, Trading & DeFi, Data & Analytics, etc.)
BATCH_SCORE_SERVICES	Score up to 20 services at once for comparison

Providers

Provider	Description
scout_trust_context	Automatically injects trust data for any domain mentioned in conversation - the LLM sees scores without the user asking
scout_trust_policy	Injects the agent's configured risk tolerance (min score, auto-reject flags) so the LLM respects safety constraints

Evaluator

Evaluator	Description
scout_transaction_guard	Watches for payment-related messages and blocks/warns based on service trust score, auto-reject flags, and transaction amount limits

Background Service

Service	Description
TrustMonitorService	Monitors watched domains for significant trust score changes (>=10 point delta or level change) at configurable intervals

How it works

Trust Context (automatic):
When a user mentions a domain, the trust-context provider automatically fetches its score and injects it into the LLM context:

Trust context for questflow.ai: Score 78/100 (HIGH).
Pillars: Contract 85, Availability 100, Fidelity 72, Safety 55.
Verdict: RECOMMENDED (max $5,000). Health: UP (142ms).

Transaction Guard (example - blocking an unsafe payment):

User: "Pay $500 to sketchy-api.xyz for their data service"

Agent: Transaction BLOCKED.

sketchy-api.xyz has a trust score of 12/100 (VERY_LOW) with critical flags:
- ENDPOINT_DOWN: Service endpoint is not responding
- WALLET_SPAM_FARM: Wallet address associated with spam

This service is not recommended for any x402 transactions.
Recommended action: Do not proceed with payment.

Trust Policy (customizable risk tolerance):

# Conservative agent - only transact with highly trusted services
SCOUT_MIN_SERVICE_SCORE=75
SCOUT_AUTO_REJECT_FLAGS=WALLET_SPAM_FARM,TEMPLATE_SPAM,ENDPOINT_DOWN,SCHEMA_PHANTOM

# Permissive agent - broader access, lower threshold
SCOUT_MIN_SERVICE_SCORE=30
SCOUT_AUTO_REJECT_FLAGS=WALLET_SPAM_FARM

Configuration

All environment variables are optional with sensible defaults:

Variable	Default	Description
SCOUT_API_URL	https://scoutscore.ai	Scout API base URL
SCOUT_MIN_SERVICE_SCORE	50	Minimum trust score for x402 payments
SCOUT_AUTO_REJECT_FLAGS	WALLET_SPAM_FARM,TEMPLATE_SPAM,ENDPOINT_DOWN	Comma-separated auto-reject flags
SCOUT_CACHE_TTL	30	Cache TTL in minutes
SCOUT_WATCHED_DOMAINS	(empty)	Comma-separated domains to monitor
SCOUT_WATCH_INTERVAL	60	Monitor check interval in minutes
SCOUT_API_KEY	(empty)	API key for authenticated endpoints

Trust Levels

Score	Level	Verdict	Max Transaction
>= 75	HIGH	RECOMMENDED	$5,000
>= 50	MEDIUM	USABLE	$1,000
>= 25	LOW	CAUTION	$100
< 25	VERY_LOW	NOT_RECOMMENDED	$0 (blocked)

Architecture

• Zero runtime dependencies beyond @elizaos/core - clean and lightweight
• WeakMap-based state storage - no monkey-patching IAgentRuntime, automatic GC
• In-memory LRU cache with TTL-based expiry (500 entries, 30-min default)
• ReDoS-safe domain extraction with bounded regex quantifiers and input length caps
• Graceful degradation - API failures don't crash the plugin or block other actions

Documentation changes needed?

No changes to existing project documentation. The plugin includes its own README with usage examples, configuration reference, and trust level documentation.

Full documentation: ScoutScore Docs

Testing

Test suite

236 unit tests, all passing. Covers every action, provider, evaluator, service, utility, and client method.

Test Files  17 passed (17)
     Tests  236 passed (236)
  Duration  392ms

Test breakdown:

• 5 action test suites (check-service, check-fidelity, scan-skill, browse-leaderboard, batch-score)
• 2 provider test suites (trust-context, trust-policy)
• 1 evaluator test suite (transaction-guard)
• 1 service test suite (trust-monitor)
• 1 client test suite (scout-client)
• 1 cache test suite
• 1 config test suite
• 1 runtime-store test suite
• 4 utility test suites (domain extraction, flag interpreter, recommendations, trust levels)

Where should a reviewer start?

1. src/index.ts - plugin definition, init flow, and exports
2. src/evaluators/transaction-guard.ts - the transaction safety guard (most interesting piece)
3. src/providers/trust-context.ts - automatic trust context injection
4. src/client/scout-client.ts - API client with caching

Detailed testing steps

cd packages/plugin-scout
bun install
bun run test

Screenshots

Links

• ScoutScore - trust intelligence platform
• ScoutScore Leaderboard - 400+ scored x402 services
• x402 Protocol
• ScoutScore MCP Server

Greptile Summary

Added plugin-scout - a self-contained trust intelligence plugin for the x402 payment ecosystem. Provides trust scoring, transaction safety guards, and skill scanning capabilities for autonomous agents.

Key Features:

• Transaction Guard Evaluator: Automatically blocks/warns on unsafe payments based on trust scores and auto-reject flags
• Trust Context Provider: Enriches LLM context with domain trust data for up to 3 domains per message
• Trust Policy Provider: Injects agent risk tolerance configuration
• 5 Actions: CHECK_SERVICE_TRUST, CHECK_FIDELITY, SCAN_SKILL, BROWSE_LEADERBOARD, BATCH_SCORE_SERVICES
• Background Monitoring: Watches configured domains for trust score changes at configurable intervals

Architecture Highlights:

• Zero runtime dependencies beyond @elizaos/core
• WeakMap-based state storage (no runtime monkey-patching)
• LRU cache with TTL-based expiry (500 entries, 30-min default)
• ReDoS-safe domain extraction with bounded regex quantifiers
• HTTPS enforcement for API URLs
• Graceful degradation on API failures

Test Coverage:
236 unit tests across 17 test suites covering all actions, providers, evaluators, services, utilities, and client methods.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• Self-contained new plugin with zero modifications to existing code, comprehensive test coverage (236 tests), clean architecture using WeakMap-based state management, proper security considerations (HTTPS enforcement, ReDoS prevention, graceful error handling), and zero runtime dependencies beyond @elizaos/core
• No files require special attention

Important Files Changed

Filename	Overview
packages/plugin-scout/src/index.ts	Plugin definition and initialization - clean architecture with WeakMap-based state management
packages/plugin-scout/src/config.ts	Configuration loader with HTTPS enforcement and safe parsing of environment variables
packages/plugin-scout/src/evaluators/transaction-guard.ts	Transaction safety evaluator - blocks/warns based on trust scores and auto-reject flags
packages/plugin-scout/src/providers/trust-context.ts	Automatic trust context injection - enriches LLM context with domain trust data
packages/plugin-scout/src/client/scout-client.ts	API client with proper error handling, caching, and authentication headers
packages/plugin-scout/src/runtime-store.ts	WeakMap-based state storage - avoids monkey-patching runtime, enables GC
packages/plugin-scout/src/utils/domain.ts	ReDoS-safe domain extraction with bounded quantifiers and length limits
packages/plugin-scout/package.json	Package manifest with zero runtime dependencies beyond @elizaos/core

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[User Message] --> B{Contains Payment Keywords?}
    B -->|No| C[Trust Context Provider]
    B -->|Yes| D[Transaction Guard Evaluator]
    
    C --> E{Domain Mentioned?}
    E -->|Yes| F[Extract Domains]
    E -->|No| G[Skip]
    
    F --> H[Scout API Client]
    H --> I[Cache Check]
    I -->|Hit| J[Return Cached Score]
    I -->|Miss| K[Fetch from API]
    K --> L[Update Cache]
    L --> M[Inject Trust Context]
    M --> N[LLM Processing]
    
    D --> O[Extract Domain & Amount]
    O --> H
    H --> P{Check Auto-Reject Flags}
    P -->|Match| Q[BLOCK Transaction]
    P -->|Pass| R{Score >= Min Threshold?}
    
    R -->|No| S[WARN Below Minimum]
    R -->|Yes| T{Amount <= Max Transaction?}
    T -->|No| U[WARN Exceeds Limit]
    T -->|Yes| V[ALLOW Transaction]
    
    Q --> W[Return to User]
    S --> W
    U --> W
    V --> W
    
    X[Trust Monitor Service] -.->|Background| H
    X --> Y[Batch Score Watched Domains]
    Y --> Z{Significant Change?}
    Z -->|Yes| AA[Log Score Delta]
    Z -->|No| AB[Continue Monitoring]

Loading

_{Last reviewed commit: b8b4d69}

_{(2/5) Greptile learns from your feedback when you react with thumbs up/down!}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

_{42 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[douglasborthwick-crypto]

plugin-scout addresses service-level trust (is this x402 endpoint safe to pay?). The complementary gap is wallet-level trust: is the counterparty wallet behind that service legitimate?

A service can score well on Contract Clarity and Response Fidelity but still be operated by a freshly created wallet with no on-chain history. Conversely, a new service with limited ScoutScore data might be operated by a wallet holding governance tokens across multiple chains.

We built POST /v1/trust for this layer. Returns a signed fact profile: 14 checks across stablecoins, governance tokens, and NFTs on 31 EVM chains. ECDSA P-256 signed, 30-minute expiry. An ElizaOS agent could combine ScoutScore (service trust) with a wallet trust profile (counterparty trust) for a more complete pre-transaction decision.

MCP server: mcp-server-insumer
Spec: insumermodel.com/openapi.yaml

[odilitime]

you create plugin by making your own repo and publishing in on https://github.com/elizaos-plugins/registry

[douglasborthwick-crypto]

Already submitted — elizaos-plugins/registry#278. Addressing the review comments now.