There's a project called Zauth that monitors x402 endpoints. Their bots ping services, check uptime, and track response times. It's useful work.
It's also not risk scoring.
Knowing that an API endpoint responds with 200 OK tells you the pipe works. It doesn't tell you who's on the other end.
An endpoint can have 99.9% uptime and still be run by a sanctioned entity. A service can respond in 50ms and still have a wallet funded by a mixer yesterday. A domain can serve valid SSL and still be 3 days old with no WHOIS history.
Uptime monitoring answers: "Does this endpoint work?"
Risk scoring answers: "Should my agent send money to this counterparty?"
These are different questions. Both matter. But conflating them is dangerous, because an agent that checks endpoint health and skips counterparty risk will happily pay a functional scam.
Revettr scores the counterparty across four signal groups:
Every signal is checked in parallel. You get a 0–100 composite score, a risk tier, and per-signal flags — all in under 2 seconds.
Check the endpoint health. Then check the counterparty. In that order.