CertScore.ai
Server Details
Scan public websites for privacy, cookie, tracker, consent, policy, and disclosure risk signals. Start instantly with zero-auth Light mode—no account or API key required.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.5/5 across 3 of 3 tools scored.
Each tool has a distinct role: scan_site initiates scans, get_scan_status checks progress, get_scan_bundle retrieves results. No overlap.
All tools follow a consistent verb_noun snake_case pattern (scan_site, get_scan_status, get_scan_bundle).
Three tools appropriately cover the full scanning lifecycle (initiate, monitor, collect results) without redundancy.
The tool set provides a complete workflow for scanning a public web page, including initiation, status polling, and result retrieval.
Available Tools
3 toolsget_scan_bundleGet compact CertScore scan bundleARead-onlyInspect
Recommended second call after scan_site. Returns the canonical scan state, compact report summary, findings, bounded evidence summary, and pre-consent inventory in one agent-friendly response.
| Name | Required | Description | Default |
|---|---|---|---|
| scanId | Yes | Stable CertScore scan ID. | |
| maxFindings | No | Maximum compact findings to return. Defaults to 20. | |
| maxPreConsentRows | No | Maximum pre-consent inventory rows to return. Defaults to 20. |
Output Schema
| Name | Required | Description |
|---|---|---|
| noGo | No | |
| scan | Yes | |
| type | Yes | |
| links | No | |
| scanId | Yes | |
| status | Yes | |
| summary | No | |
| findings | Yes | |
| disclaimer | Yes | |
| evidenceSummary | No | |
| resultDisposition | No | |
| recommendedNextTool | Yes | |
| preConsentCookiesTrackers | No |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations declare readOnlyHint and openWorldHint, so the description adds value by detailing the multi-component response (scan state, findings, evidence summary, pre-consent inventory) and noting it is agent-friendly, without contradicting annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, front-loaded sentence that efficiently communicates the tool's purpose and composition without excess.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a tool with an output schema and comprehensive annotations, the description adequately covers the tool's role as a bundle returner, fulfilling the needs for an AI agent to select and invoke it correctly.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so baseline is 3. The description does not elaborate on parameters beyond what the schema provides, adding no extra semantic meaning.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it is the recommended second call after scan_site and enumerates the components it returns (scan state, report summary, findings, etc.), distinguishing it from siblings like scan_site and get_scan_status.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly recommends using this tool as the second call after scan_site, providing clear usage context. It implicitly advises against using it before scan_site, and the sibling tools have distinct purposes.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_scan_statusGet CertScore Pulse scan statusARead-onlyInspect
Retrieve terminal status, including completed_limited no-go disposition and reason-specific guidance. Pass jobId only before a stable scanId is available.
| Name | Required | Description | Default |
|---|---|---|---|
| jobId | No | Pulse job ID for a just-created scan that has not yet returned a scanId. | |
| scanId | No | Preferred stable CertScore scan ID for API v2 scan status. |
Output Schema
| Name | Required | Description |
|---|---|---|
| noGo | No | |
| type | No | |
| error | No | |
| jobId | No | |
| domain | No | |
| scanId | No | |
| status | No | |
| scan_id | No | |
| startedAt | No | |
| completedAt | No | |
| scanTimeSeconds | No | |
| resultDisposition | No |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint and openWorldHint. Description adds details on status content (completed_limited no-go disposition, guidance) but no additional behavioral traits like rate limits or auth needs. Consistent with annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences: first states purpose, second gives critical usage hint. No unnecessary words; front-loaded with key information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Output schema exists, so return values need not be explained. Description mentions specific status components and usage guidance. Covers essential aspects for a status retrieval tool with optional parameters.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema describes both parameters well (100% coverage). Description adds value by stating the conditional usage of jobId vs scanId, clarifying when each is appropriate beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states 'Retrieve terminal status' with specific content (completed_limited no-go disposition, guidance). Distinguishes from siblings: get_scan_bundle (batch) and scan_site (creation).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides explicit condition: use jobId only before scanId is available. Does not explicitly contrast with sibling tools, but conditional guidance is clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
scan_siteScan siteAInspect
Recommended first call. Starts or reuses a public-web scan, reports freshness and anonymous quota decisions, and waits up to 45 seconds by default. If still running, use get_scan_status; otherwise use get_scan_bundle. Completed no-go scans retain completed_limited status and reason-specific guidance.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Public URL or domain to scan. | |
| scanFrom | No | Optional scan execution context for newly queued scans. | |
| freshness | No | Use latest to reuse recent scans or refresh to request a new scan when eligible. | |
| maxWaitSeconds | No | Maximum time to wait before returning the still-running job. Defaults to 45 seconds; never turns an active scan into an error. | |
| waitForCompletion | No | Wait for a completed scan resource in this tool call. Defaults to true. Set false only for an explicitly asynchronous workflow. |
Output Schema
| Name | Required | Description |
|---|---|---|
| noGo | No | |
| type | Yes | |
| jobId | No | |
| domain | No | |
| scanId | No | |
| status | Yes | |
| scanFrom | No | |
| startedAt | No | |
| completedAt | No | |
| scanTimeSeconds | No | |
| resultDisposition | No |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Discloses waiting behavior, non-error handling of still-running scans, and result status for no-go scans. Annotations are consistent and description adds valuable context beyond structured fields.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Three sentences, front-loaded with primary purpose, and concise branching logic for next steps. No wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Covers essential workflow, default behavior, error handling, and result types. With output schema present, return values are sufficiently documented. Addresses asynchronous workflows and quota decisions.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema covers all 5 parameters with full descriptions. Description does not add significant parameter-specific details beyond schema, but baseline 3 is appropriate given high schema coverage.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states it starts or reuses public-web scans, reports freshness and quota decisions, and waits up to 45 seconds. Explicitly distinguishes from siblings by directing when to use get_scan_status or get_scan_bundle.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly marked as 'Recommended first call' and provides clear when-to-use instructions for alternatives. Also describes behavior for completed no-go scans.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!