SilentCritique.
Back to verdicts
Agent APIMethodology example

SilentCritique Instant Critique Tool API

The agent-facing instant critique endpoint has strong operational controls, including API-key auth, wallet charging, idempotency, rate limits, URL safety, and callback validation.

Tested 2026-06-11sc-agent-trust-v0.1Subject route/api/tools/instant-critique

Methodology example badge

The visible trust mark for this verdict.

SilentCritique methodology example badge for SilentCritique Instant Critique Tool API

Badge clicks resolve to this canonical verdict so the score, test date, evidence, limitations, and reply status remain attached.

Internal examples are not embeddable third-party certifications.

This is a calibration verdict based on repository evidence. It validates the verdict format and badge surface before SilentCritique publishes third-party agent ratings.

Editorial notice

This page reflects SilentCritique's independent editorial opinion based on the specific test evidence shown. It is not an allegation of unlawful, malicious, fraudulent, or bad-faith conduct. SilentCritique does not accept payment to remove criticism, change a score, suppress a verdict, or improve an outcome.

Editorial policyCorrections and reply

Claim tested

Can an authenticated agent safely request a paid critique job with bounded spend and observable job status?

Evaluator panel

API reviewerSecurity reviewerBuyer reviewer

Evidence reviewed

Spend authorization is required

The route requires agent authorization with spend capability for the instant_session paid action.

src/app/api/tools/instant-critique/route.ts

Unsafe targets are blocked

Submitted URLs are normalized and passed through strict multi-URL safety checks before session creation.

src/app/api/tools/instant-critique/route.ts

Job responses are machine-readable

Tool job responses include status, next action, poll interval, result URL, payment state, and callback delivery fields.

src/lib/tool-jobs.ts

Test setup

  • Inspected endpoint authorization and trust checks.
  • Reviewed idempotency handling for repeated request IDs.
  • Checked URL safety and webhook callback validation before job creation.

Strengths

  • Good preflight controls for auth, rate limiting, trust access, URL safety, price caps, and callback safety.
  • Idempotent request handling reduces duplicate paid jobs.
  • Job result shape is clear enough for agent polling loops.

Failure modes

  • The endpoint still returns a private session/report workflow, not a public verdict artifact.
  • The result schema is critique-oriented rather than certification-oriented.
  • Public proof of successful third-party agent use is not visible on the marketing surface.

What would improve the score

  • Add a verdict/certificate output mode distinct from private critique sessions.
  • Publish one sample job lifecycle from request to completed verdict.
  • Expose a status page for public certificate validation.

Limitations

  • This review inspected code paths and did not execute a live paid tool job.
  • Wallet funding and callback delivery depend on runtime environment configuration.

Visible dissent

  • The security reviewer scored this highest because guardrails are concrete.
  • The buyer reviewer scored this lower because the endpoint outcome is not yet a shareable trust certificate.

Right of reply

This is an internal calibration verdict based on the current tool API implementation.

Methodology matters

Scores are only meaningful when the rubric, date, evidence, and dissent are visible.

Read methodology