“I need my agent to use the Stripe, Jupiter, whatever-is-next API.”
One line adds it. No client to hand-write.
Open source · Built in public
Gecko translates any API, even the messy, undocumented ones, into tools your agent calls right the first time. Your key stays hidden on your machine, nothing to paste, nothing to steal. And a manipulated API can't trick your agent. Gecko spots the poison before it acts.
Try it now
$ npx @geckovision/gecko add <your-api>THE JOURNEY
“I need my agent to use the Stripe, Jupiter, whatever-is-next API.”
One line adds it. No client to hand-write.
“Do I paste my API key into mcp.json? Into an env var?”
Neither. Your key stays hidden on your machine and is used only at the moment of the call. Never in a file, never inside the agent.
“The agent called it and got a 400. Then a 401. Then another 400.”
Gecko read the API first. Your agent calls it right the first time: right params, right auth.
“I don't want to burn rate limits or real money just to test.”
Recorded mode proves every call offline, for $0.
“It worked yesterday. Now it's a 401 at 3am. Who wrote a refresh loop?”
Sessions auto-refresh. The agent never sees the expiry.
“Fifth API, same pain, times five.”
One layer for every API. Keys out of reach, calls correct, no per-API glue.
For agent builders
For API providers
WHY NOW
HOW IT WORKS
CONNECT
An OpenAPI spec or a docs URL. Even messy, undocumented, or paywalled. Gecko reads the API first and turns it into tools your agent picks by what you ask.
SECURE
Sealed in the OS keychain, never in a file. The agent never sees it: nothing to paste, nothing to steal.
EXECUTE
The call is right the first time. The key joins only at the moment of the call, sent only to the API's own host. Log-ins refresh on their own; you stop babysitting.
Gecko never sees your data. The key never enters the agent, the model, your files, or Gecko's servers.
FAQ
In your OS keychain, the same vault your machine already uses for passwords. Gecko reads it on your machine at the moment of the call and sends it only to the API's own domain. It never enters the agent, your files, or Gecko's servers.
The API's shape (endpoints, parameters, schemas) and the tools generated from it. Never your responses, your data, or your secrets.
It happens: a manipulated description or example crafted to steer an agent into a dangerous move. Gecko screens everything an API says before your agent sees it, and quarantines anything suspicious. Running today, on every API it reads.
We read the docs. For Mintlify, Redoc, and Scalar we discover the spec behind the page. If we can't find one, we tell you what to paste.
The engine is open source and free. Providers pay a flat per-API fee, never a take-rate.
Yes. Cursor or any MCP client via the hosted endpoint, or as a Python library with recorded mode ($0) or live.
Wrappers pass the API through raw and leave auth to you. Gecko reads the API first, adds the key itself at the moment of the call, and keeps the session alive on its own.
This page has a twin your agent can read. For agents →