{"name":"OT/ICS Threat Intelligence API","description":"Hardware-aware threat intel for ICS/SCADA environments. Twelve pay-per-call endpoints covering CVE triage, patch feasibility, internet-exposed device lookup, ICS threat actor profiles, sector threat mapping, IOC enrichment, live CISA advisory feed, asset risk verdict (escalate:true/false), active campaign tracker, sector change feed, ICS malware encyclopedia, and complete sector threat brief with risk trend. DeepSeek-enriched. No API keys — pure USDC micropayments on Base via x402.","url":"https://ot-intel-api.onrender.com","version":"1.0.0","documentationUrl":"https://ot-intel-api.onrender.com/SKILL.md","a2aEndpoint":"https://ot-intel-api.onrender.com/a2a","provider":{"organization":"OT Intel API","url":"https://ot-intel-api.onrender.com"},"capabilities":{"streaming":false,"pushNotifications":false,"stateTransitionHistory":false},"payment":{"protocol":"x402","network":"eip155:8453","asset":"USDC","facilitator":"CDP (Coinbase Developer Platform)"},"skills":[{"id":"ot-cve-triage","name":"CVE Triage","description":"OT-contextualised CVE triage with OT-adjusted severity, CISA KEV status, and cyber-physical impact assessment.","tags":["cve","ics","scada","vulnerability","security"],"examples":["Triage CVE-2023-38802 for ICS impact","Is CVE-2021-34527 exploited in OT environments?"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.02},{"id":"ot-patch-feasibility","name":"Patch Feasibility","description":"AI-powered patch feasibility assessment for OT/ICS environments with downtime estimation and deployment strategy.","tags":["patch","ics","scada","vulnerability management"],"examples":["Can I patch CVE-2021-34527 without downtime?","Patch strategy for Siemens S7-1200"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.05},{"id":"ot-device-exposure","name":"Device Exposure Lookup","description":"Internet-exposed OT device lookup by vendor/model with default credential risk and hardening recommendations.","tags":["device","ics","scada","exposure","shodan"],"examples":["Is Siemens S7-1200 exposed online?","Default credentials for Unitronics Vision"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.05},{"id":"ot-threat-actor","name":"ICS Threat Actor Profiles","description":"ICS threat actor profiles with physical impact assessment, targeted sectors, and MITRE ATT&CK for ICS mapping.","tags":["threat actor","apt","ics","scada","mitre"],"examples":["Profile VOLTZITE threat actor","SANDWORM MITRE techniques"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.03},{"id":"ot-actor-sector","name":"Sector Threat Actor Mapping","description":"All ICS threat actors targeting a specific industrial sector — energy, water, manufacturing, oil-and-gas, nuclear, chemical, transportation.","tags":["threat actor","sector","ics","energy","critical infrastructure"],"examples":["Which actors target energy sector?","ICS groups targeting water utilities"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.03},{"id":"ot-ioc-enrichment","name":"IOC Enrichment","description":"IOC enrichment with ICS campaign context via AlienVault OTX — checks if indicator appears in OT-targeting threat feeds.","tags":["ioc","threat intel","ics","scada","otx"],"examples":["Is 185.220.101.45 associated with ICS attacks?","Enrich domain evil.com for OT context"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.01},{"id":"ot-cisa-advisory","name":"CISA ICS Advisory Feed","description":"Live CISA ICS-CERT security advisories filtered by vendor or sector.","tags":["cisa","advisory","ics","scada","vulnerability"],"examples":["Latest CISA advisories for Siemens","Recent ICS advisories for energy sector"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.02},{"id":"ot-exposure","name":"Asset Risk Verdict","description":"Asset-specific risk score and escalation verdict for OT/ICS devices. Returns risk_score (0-100), escalate (boolean), recommended_action, and contributing threat actors. Firmware-aware when firmware param provided.","tags":["risk-score","ics","scada","triage","escalation","asset-risk"],"examples":["What is the risk of internet-facing Siemens S7-1500 in energy sector?","Should I escalate this Schneider Modicon exposure?"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.05},{"id":"ot-campaign","name":"Active ICS Campaign Tracker","description":"Active campaigns targeting a specific industrial sector right now. Returns campaign name, actor, start date, targeted geography, TTPs in use, and CVEs being exploited.","tags":["campaign","ics","scada","active-threat","sector-monitoring"],"examples":["What campaigns are active in the electric sector?","Active ICS campaigns targeting water utilities"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.05},{"id":"ot-delta","name":"Sector Change Feed","description":"What is NEW for a sector in the last N days — new CVEs, new CISA advisories, new actor activity. Designed for cron-based monitoring agents. Only returns changes, not the full picture.","tags":["delta","change-feed","ics","scada","monitoring","cron"],"examples":["What changed in water sector this week?","New ICS CVEs in energy sector last 7 days"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.03},{"id":"ot-malware","name":"ICS Malware Encyclopedia","description":"Structured profiles of known ICS malware: PIPEDREAM, TRITON, INDUSTROYER2, CRASHOVERRIDE, FROSTYLOOP, BLACKENERGY. Returns capabilities, targeted protocols, attributed actor, and MITRE ATT&CK for ICS techniques.","tags":["malware","ics","scada","pipedream","triton","industroyer"],"examples":["Profile PIPEDREAM malware","What protocols does TRITON target?"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.02},{"id":"ot-brief","name":"Sector Threat Brief","description":"Complete 30-day threat brief for an industrial sector. Returns active actors, new CVE counts, active campaigns, top advisories, risk trend (increasing/stable/decreasing), and top 3 recommended actions. One call replaces 5+ chained calls.","tags":["brief","threat-brief","ics","scada","sector-report","risk-trend","compliance"],"examples":["Generate a 30-day threat brief for energy sector","What is the risk trend for water utilities?"],"inputModes":["application/json"],"outputModes":["application/json"],"price_usd":0.1}]}