security.cwe
Authoritative MITRE CWE (Common Weakness Enumeration) lookup. Pass id (e.g. CWE-79, or just 79) for the canonical weakness — name, abstraction, description, extended description, ChildOf/ParentOf relationships (with names), and mapped CAPEC attack patterns (with names) — or query for a keyword search returning ranked matches. Bundled catalog (~970 weaknesses), zero external calls. Agents hallucinate CWE IDs and names constantly; this returns exact, citeable, version-pinned data. Pairs with security.cve (which returns CWE ids) and security.capec.
price
$0.0010 USDC per call
method
GET
/api/security/cwepayment
x402 v2 · USDC on Base (EIP-3009) or Solana (SPL transfer)
auth
None. Sign the payment, retry with
PAYMENT-SIGNATURE.tier
Tier 0 — no paid upstream
Parameters
| Name | Type | Description |
|---|---|---|
id | string | min 1 chars · max 20 chars |
query | string | min 2 chars · max 80 chars |
limit | integer | min 1 · max 100 |
Code samples
cURLbash
# 1. Probe with no auth → 402 envelope with PaymentRequirements curl -sS 'https://2s.io/api/security/cwe?id=example&query=xx&limit=1' # 2. Sign + retry with PAYMENT-SIGNATURE: curl -sS 'https://2s.io/api/security/cwe?id=example&query=xx&limit=1' \ -H 'PAYMENT-SIGNATURE: <base64-json-payload>' # Or use the canonical runner (handles probe → sign → retry): # EVM_PRIVATE_KEY=0x... node --env-file=.env.local \ # --experimental-strip-types scripts/x402-pay.ts \ # 'https://2s.io/api/security/cwe?id=example&query=xx&limit=1'
TypeScript / Node — @2sio/sdktypescript
import { TwoS } from '@2sio/sdk'
const client = new TwoS({
privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})
const result = await client.security.cwe({
"id": "example",
"query": "xx",
"limit": 1
})
console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)Python — 2siopython
import os
from twosio import TwoS
client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])
result = client.security.cwe(id="example", query="xx", limit=1)
print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)MCP — Claude Desktop / AgentKit / any MCP hostjson
// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
// EVM_PRIVATE_KEY funds x402 payments per call.
// claude_desktop_config.json
{
"mcpServers": {
"2sio": {
"command": "npx",
"args": ["-y", "@2sio/mcp"],
"env": { "EVM_PRIVATE_KEY": "0x..." }
}
}
}
// 2. Once the server is running, agents call this tool via standard MCP:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "security.cwe",
"arguments": {
"id": "example",
"query": "xx",
"limit": 1
}
}
}Response
| Field | Type | Description |
|---|---|---|
ok | boolean | one of: true |
items | array | |
total | integer | Total matching rows upstream; null when unknown. |
source | object |
Example response datajson
{
"ok": true,
"items": [
{}
],
"total": 1,
"source": {
"provider": "example",
"url": "example",
"license": "example"
}
}Discovery
- /api/directory — full catalog of every endpoint
- /openapi.json — OpenAPI 3.1 spec (per-op x-payment-info, x402Payment security)
- /.well-known/x402 — machine-readable service descriptor for x402-aware crawlers
- /.well-known/mcp/server-card.json — MCP SEP-1649 server card
- /llms.txt — plain-text manifest for LLM ingestion
2s.io is x402-native. Every call is paid per-request from a USDC-funded EVM wallet on Base — no signup, no API keys, no monthly fees. Source code: github.com/2s-io/sdk.