{"api_version":"2026-03-27","product":"Vibe Check Scan","site_url":"https://vibecheckscan.com","auth_required":false,"auth_discovery":{"published":false,"reason":"OAuth/OIDC discovery endpoints are intentionally not published because the public scan API does not currently require tokens."},"discovery_resources":{"api_catalog":"https://vibecheckscan.com/.well-known/api-catalog","mcp_server_card":"https://vibecheckscan.com/.well-known/mcp/server-card.json","agent_skills_index":"https://vibecheckscan.com/.well-known/agent-skills/index.json","health":"https://vibecheckscan.com/api/health"},"capabilities":[{"name":"start_scan","description":"Start an asynchronous security scan of a public URL. Returns a scanId immediately. Use poll_scan_status to track progress, then get_scan_result if you need a separate result fetch.","implementation_status":"implemented","auth_required":false,"exposed_via":["rest"],"endpoint":{"method":"POST","path":"/api/scan/start"},"input_schema":{"type":"object","required":["url"],"properties":{"url":{"type":"string","format":"uri","description":"Fully-qualified public URL to scan (http or https). Private/internal addresses are blocked.","example":"https://example.com"}}},"output_schema":{"type":"object","properties":{"scanId":{"type":"string","description":"32-char hex scan identifier."},"queued":{"type":"boolean","description":"True if queued due to concurrency limits."}}}},{"name":"poll_scan_status","description":"Poll the progress of a running scan. Each module (headers, tls, cors, apiSurface) reports its own status. The scan is complete when the top-level status becomes \"completed\" or \"error\". Final status responses can include the result inline.","implementation_status":"implemented","auth_required":false,"exposed_via":["rest"],"endpoint":{"method":"GET","path":"/api/scan/status"},"input_schema":{"type":"object","required":["id"],"properties":{"id":{"type":"string","description":"The scanId returned by start_scan."},"format":{"type":"string","enum":["full","summary","agent"],"default":"full","description":"\"agent\" includes a message-ready result payload when the scan has finished."}}},"output_schema":{"type":"object","properties":{"status":{"type":"string","enum":["queued","running","completed","error"]},"scanId":{"type":"string"},"url":{"type":"string"},"timestamp":{"type":"number"},"modules":{"type":"object","additionalProperties":{"type":"object","properties":{"status":{"type":"string","enum":["pending","running","done","error"]}}}},"result":{"type":"object","description":"Present on terminal responses. Shape depends on requested format."}}},"polling_guidance":"Poll every 2-3 seconds. Prefer format=agent and stop when the top-level status becomes \"completed\" or \"error\"."},{"name":"get_scan_result","description":"Retrieve the completed scan report. Includes overall grade (A-F), score, and per-module findings. Results expire after 24 hours.","implementation_status":"implemented","auth_required":false,"exposed_via":["rest"],"endpoint":{"method":"GET","path":"/api/scan/result"},"input_schema":{"type":"object","required":["id"],"properties":{"id":{"type":"string","description":"The scanId returned by start_scan."},"format":{"type":"string","enum":["full","summary","agent","text","markdown","telegram","whatsapp"],"default":"full","description":"\"full\" returns all findings. \"summary\" returns condensed JSON. \"agent\" returns JSON with text and markdown. \"text\"/\"markdown\" return message-ready content."}}}},{"name":"check_rsc_vulnerability","description":"Check a URL for React Server Component vulnerabilities: CVE-2025-55182 (RCE), CVE-2025-55183 (source code exposure), CVE-2025-55184 (DoS). Passive probes only.","implementation_status":"implemented","auth_required":false,"exposed_via":["rest"],"endpoint":{"method":"POST","path":"/api/cve-2025-55182/check"},"input_schema":{"type":"object","required":["url"],"properties":{"url":{"type":"string","format":"uri","description":"Fully-qualified public URL to check.","example":"https://example.com"}}}}]}