TrustLayer

deploy: https://trust-layer-web-seven.vercel.app/

github: https://github.com/Fbiondo00/TrustLayer

You're one click away from connecting your wallet to an AI agent — but do you know what it can actually do with your money? TrustLayer answers that before you connect, with a single grade from A+ to F: a credit score for autonomous agents.

Under the hood it's a deterministic analysis pipeline, not an LLM guessing. On EVM chains it fetches and, if needed, decompiles the contract, runs Slither's ~90 vulnerability detectors, pulls Dedaub token-risk flags, maps permission patterns, analyzes on-chain transaction history, and scans live ERC-20 approvals via multicall. On Solana — where there's no Slither or Dedaub — it parses the BPF upgrade authority, mint/freeze authority, signature history, and SPL delegations. Six weighted layers produce a 0–100 score, with hard security caps: two high-severity findings can't score above F, and it never awards an A+ when static analysis couldn't run.

The AI does only the last 5% — it translates mechanical findings into plain English, and never decides the grade. That's the thesis: mechanical first, AI explains. The score is reproducible and auditable instead of hallucinated.

The entire engine lives in one orchestrator core, consumed by three thin clients: a web scanner, an MCP server (so agents inside Cursor or Claude Code can vet a contract before they act), and a CLI that can fail a CI build on an F. Five chains today: Ethereum, Base, Arbitrum, Optimism, Solana.

And it's honest by design: real USDC scores B+ 83, not a convenient A+. We measure blast radius, not intentions — because you can't patch prompt injection, but you can see exactly how much damage an agent is capable of before you ever connect.