Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database
Server Details
Real-time CVE, exploit, and vulnerability intelligence for AI assistants (350K+ CVEs, 115K+ PoCs)
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.4/5 across 17 of 17 tools scored.
Each tool has a clearly distinct purpose: audit_stack for stack scanning, check_health for API status, generate_finding for report generation, get_author/ get_cwe/ get_exploit_analysis/ get_exploit_code/ get_nuclei_templates/ get_platform_stats/ get_vulnerability for retrieving specific details, list_authors/ list_cwes/ list_products/ list_vendors for enumerations, lookup_alt_id for ID mapping, and search_exploits/ search_vulnerabilities for filtered searching. The descriptions precisely differentiate similar tools (e.g., search_exploits uses structured filters while search_vulnerabilities supports free-text).
All tool names follow a consistent verb_noun pattern with imperative verbs: audit, check, generate, get, list, lookup, search. The naming is uniform and predictable across the entire set, making it easy for an agent to infer tool functionality from the name alone.
Seventeen tools is an appropriate number for a vulnerability intelligence platform. The count covers essential operations (health check, statistics, vulnerability/ exploit details, searches, listings) without being overwhelming or too sparse. Each tool addresses a specific need in the domain.
The tool surface comprehensively covers the vulnerability intelligence domain: searching and retrieving vulnerabilities and exploits, analyzing exploits (AI analysis, code retrieval), accessing supporting data (CWE, vendors, products, authors), performing stack audits, generating report findings, and checking API health. There are no obvious gaps for a read-only query platform, and it includes useful extras like Nuclei templates and alternate ID lookup.
Available Tools
17 toolsaudit_stackAudit Tech StackARead-onlyIdempotentInspect
Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and searches for critical/ high severity CVEs with public exploits for each one, sorted by EPSS exploitation probability. Use this when a user describes their infrastructure and wants to know what to patch first. Example: technologies='nginx, postgresql, node.js' returns a risk-sorted list of exploitable CVEs grouped by technology. Rate-limit cost: each technology requires up to 2 API calls; 5 technologies counts as up to 10 calls toward your rate limit.
| Name | Required | Description | Default |
|---|---|---|---|
| technologies | Yes | Comma-separated list of technologies (e.g. 'nginx, postgresql, node.js'). Max 5. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Discloses important behavioral traits beyond annotations: searches for critical/high severity CVEs with public exploits, sorted by EPSS, max 5 technologies, rate-limit cost of 2 API calls per technology. No contradiction with annotations (readOnlyHint, idempotentHint).
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Concise at about 5 sentences, each adds value. Front-loaded with purpose, then parameter, usage, example, and rate-limit info. No redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool has one parameter, no output schema, and good annotations, the description covers what the tool does, how to invoke it, what to expect, and rate-limit implications. Complete for its complexity.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so baseline is 3. The description adds meaning by explaining that the parameter is used to search for exploits and CVEs, and provides an example, which adds value beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states the action 'audit' on 'technology stack' for exploitable vulnerabilities, and distinguishes from sibling tools like search_exploits by focusing on a stack list and prioritization by EPSS.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides explicit when-to-use guidance: 'Use this when a user describes their infrastructure and wants to know what to patch first.' Includes an example. However, it does not explicitly mention when not to use or alternative sibling tools.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_healthCheck API HealthARead-onlyIdempotentInspect
Check the EIP API health and data freshness. Returns database status and timestamps for each of the 10 ingestion sources (NVD, KEV, EPSS, ExploitDB, GitHub, Metasploit, etc.).
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, idempotentHint=true, destructiveHint=false. The description adds specific return context (database status, timestamps, ingestion sources) without contradicting annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, no unnecessary words. Front-loaded with action and resource, efficiently covering purpose and output.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given zero parameters, no output schema, and robust annotations, the description adequately covers the tool's functionality. Could mention that it's a safe, idempotent call but not required.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters exist (0 params), so baseline is 4. The description compensates with output details, though no parameter information is needed.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool checks 'EIP API health and data freshness' and lists return values (database status, timestamps for 10 ingestion sources), distinguishing it from sibling data-retrieval tools.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage for health checks but does not explicitly state when to use this tool over alternatives or provide any conditions or exclusions.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
generate_findingGenerate Pentest FindingARead-onlyIdempotentInspect
Generate a pentest report finding in Markdown format for a specific vulnerability. Fetches full detail and formats it as a professional finding with severity, CVSS, description, affected products, exploit availability, and references. Accepts both CVE-IDs and EIP-IDs. Optionally include the target system tested and tester notes. The output is ready to paste into a pentest report. Example: cve_id='CVE-2024-3400', target='fw.corp.example.com', notes='Confirmed RCE via GlobalProtect gateway'.
| Name | Required | Description | Default |
|---|---|---|---|
| notes | No | Tester notes to include in the finding. Optional. | |
| cve_id | Yes | CVE or EIP identifier (e.g. 'CVE-2024-3400') | |
| target | No | Target system tested (e.g. 'fw.corp.example.com'). Optional. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, idempotentHint, and destructiveHint. The description adds context about fetching full detail and producing Markdown output, but does not disclose additional behavioral traits beyond what annotations provide.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is three sentences plus an example, efficiently covering purpose, details, and usage. No unnecessary words or redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description adequately explains the output format (Markdown) and contents (severity, CVSS, description, etc.). All parameters are covered, and the example clarifies usage.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so baseline is 3. The description adds an example showing how to use cve_id, target, and notes together, but does not significantly enhance meaning beyond the schema descriptions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool generates a pentest report finding in Markdown format for a specific vulnerability. It specifies the verb (generate), resource (pentest report finding), format (Markdown), and accepted identifiers (CVE-IDs and EIP-IDs). This distinguishes it from sibling tools like search_exploits or get_vulnerability.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explains that it accepts CVE-IDs and EIP-IDs and optionally includes target and notes, with an example. However, it does not explicitly state when to use this tool over siblings, such as when a formatted report is needed versus raw data.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_authorGet Author ProfileARead-onlyIdempotentInspect
Get an exploit author's profile with all their exploits. Returns author name, handle, total exploit count, activity start date, and a paginated list of their exploits with CVE context. Use this when asked about a specific researcher like 'show me all exploits by Chocapikk'.
| Name | Required | Description | Default |
|---|---|---|---|
| author_name | Yes | Author name (e.g. 'Chocapikk') |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare read-only and non-destructive behavior. Description adds return field details (name, handle, exploit count, etc.) and mentions pagination and CVE context, which is valuable beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two short sentences: first defines action and returns, second gives usage guidance. Every sentence adds value; no wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given simple tool with one well-documented parameter and rich annotations, the description covers purpose and return details. Lacks explicit pagination parameters or depth of return schema, but sufficient for use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema describes the parameter completely with 100% coverage, including an example. Description does not add extra meaning beyond indicating it's for a specific researcher; baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clear verb ('Get') and specific resource ('exploit author's profile with all their exploits'). Distinguishes from sibling 'list_authors' by focusing on a specific researcher, with an example usage. No ambiguity.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly states when to use ('when asked about a specific researcher'), providing a concrete example. Lacks explicit when-not-to-use or alternative tools, but the context is sufficient for typical queries.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_cweGet CWE DetailARead-onlyIdempotentInspect
Get details for a specific CWE including full name, description, exploit likelihood, parent CWE, and total vulnerability count. Example: cwe_id='CWE-79' returns details about Cross-Site Scripting.
| Name | Required | Description | Default |
|---|---|---|---|
| cwe_id | Yes | CWE identifier (e.g. 'CWE-79' or '79') |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare safety traits (readOnlyHint, idempotentHint). Description adds behavioral detail by listing exactly what details are returned, enhancing transparency beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences with zero waste. First sentence states purpose and what is returned; second sentence provides a practical example. Perfectly structured for quick comprehension.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple, single-parameter tool with no output schema, the description adequately covers what the tool returns and how to use it. No missing context given the tool's straightforward nature.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, but description adds value with a concrete example (cwe_id='CWE-79') and clarifies the identifier format, aiding correct invocation beyond the schema's pattern.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description explicitly states 'Get details for a specific CWE' and lists the fields returned (full name, description, exploit likelihood, parent CWE, total vulnerability count). It clearly distinguishes from sibling tools like list_cwes and search_vulnerabilities.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides an example (cwe_id='CWE-79' returns XSS details) which implies when to use. Does not explicitly state when not to use, but sibling list_cwes covers listing. Context is clear enough.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_exploit_analysisGet Exploit AI AnalysisARead-onlyIdempotentInspect
Get the full AI analysis for a single exploit by its platform ID. Returns classification (working_poc, trojan, suspicious, scanner, stub, writeup), attack type, complexity, reliability, confidence score, authentication requirements, target software, a summary of what the exploit does, prerequisites, MITRE ATT&CK techniques, deception indicators for trojans, and the standalone backdoor-review verdict with operator-risk notes when available. Use this to check if an exploit is safe before reviewing its code. Example: exploit_id=61514 returns a TROJAN warning with deception indicators.
| Name | Required | Description | Default |
|---|---|---|---|
| exploit_id | Yes | Platform exploit ID (the [id=XXXXX] number from results — NOT the EDB number) |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations (readOnlyHint, idempotentHint, destructiveHint) indicate safe operation. Description adds return types and a warning example, providing full behavioral context without contradiction.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Concise, well-structured, front-loaded with purpose, then details, then usage example. Every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, description fully describes return values (classification, attack type, etc.) and provides example. Input is clearly explained. Complete for the tool's complexity.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with description. Description adds crucial clarification that exploit_id is the platform ID, not EDB number, adding value beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states the tool retrieves full AI analysis for a single exploit by platform ID, lists return fields, and distinguishes from sibling tools like get_exploit_code.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly tells when to use: 'Use this to check if an exploit is safe before reviewing its code.' Provides a real example with a trojan warning.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_exploit_codeGet Exploit Source CodeARead-onlyIdempotentInspect
Retrieve the source code of a specific exploit by its platform ID. IMPORTANT: Use the platform's internal ID shown as [id=XXXXX] in results, NOT the ExploitDB number (EDB-XXXXX). These are different numbering systems. Returns code from the exploit archive. If no file_path is specified, auto-selects the most relevant code file. Use this to analyze exploit mechanics, understand attack techniques, or review PoC code.
| Name | Required | Description | Default |
|---|---|---|---|
| file_path | No | Relative path inside the exploit archive (optional — auto-selects if omitted). Absolute paths and traversal patterns are rejected. | |
| exploit_id | Yes | Platform exploit ID (the [id=XXXXX] number from results — NOT the EDB number) |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, idempotentHint, and destructiveHint=false. The description adds auto-selection of the most relevant code file when file_path is omitted, and confirms the return source code from the archive. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Three efficient sentences: purpose, critical ID clarification, and added behavior/use cases. No redundant words; information is front-loaded and easily scannable.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
No output schema exists, but the description mentions 'Returns code from the exploit archive,' which is adequate. While the return format is not specified (e.g., text/plain), the tool is straightforward and the context is sufficient for typical use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so baseline is 3. The description reinforces the ID distinction and auto-select behavior, but does not add significant new parameter meaning beyond what the schema already provides (e.g., 'Relative path inside the exploit archive (optional — auto-selects if omitted)').
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool retrieves exploit source code using a platform-specific internal ID, distinguishing it from siblings like search_exploits or get_exploit_analysis. The verb 'Retrieve' and resource 'source code' are specific and unambiguous.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly warns about the ID system difference (platform ID vs EDB number) and provides example use cases (analyze mechanics, understand techniques, review PoC). However, it does not contrast with alternatives like get_exploit_analysis for deeper analysis.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_nuclei_templatesGet Nuclei TemplatesARead-onlyIdempotentInspect
Get Nuclei scanner templates and recon dorks for a vulnerability. Returns template metadata, severity, verification status, tags, and ready-to-use Shodan, FOFA, and Google dork queries for target identification. Accepts both CVE-IDs and EIP-IDs. Use this to plan scanning or reconnaissance.
| Name | Required | Description | Default |
|---|---|---|---|
| cve_id | Yes | CVE or EIP identifier (e.g. 'CVE-2024-27198') |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate readOnly, openWorld, idempotent, and non-destructive behavior. The description adds context by listing specific return fields (template metadata, severity, verification status, tags, dork queries) and confirming acceptance of both CVE and EIP IDs, which aligns with and enriches the annotation hints.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences with no wasted words: the first sentence states purpose and outputs, the second sentence clarifies accepted ID types and use case. Front-loaded and efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the low complexity (single parameter, no output schema, comprehensive annotations), the description fully covers what the tool does, what it returns, and how to use it. It is complete for an agent to select and invoke correctly.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The schema already fully describes the single parameter with a pattern and example, achieving 100% coverage. The description reinforces acceptance of both CVE and EIP IDs but does not add new meaning beyond the schema. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it retrieves Nuclei templates and recon dorks for a vulnerability, specifying the types of IDs accepted (CVE, EIP) and the returned data (template metadata, severity, etc.). It distinguishes from siblings like get_exploit_code or search_vulnerabilities by focusing on scanning/recon planning.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly states 'Use this to plan scanning or reconnaissance,' providing clear context for when to use the tool. While it doesn't explicitly mention when not to use it or alternatives, the usage hint is sufficient given sibling tools.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_platform_statsGet Platform StatisticsARead-onlyIdempotentInspect
Get platform-wide statistics from the Exploit Intelligence Platform. Returns total counts of vulnerabilities, exploits, KEV entries, Nuclei templates, vendors, and authors, plus the last data update timestamp.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, openWorldHint, idempotentHint, and destructiveHint, so safety and idempotency are clear. Description adds value by specifying the exact data returned (counts and timestamp).
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with purpose, and no wasted words. Every sentence adds necessary information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple read-only stats tool with no output schema, the description fully covers what the tool does and returns. Annotations handle behavioral hints. No missing context.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters in schema (100% coverage). With 0 parameters, baseline is 4. Description correctly implies no parameters needed and states what is returned.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states it retrieves platform-wide statistics and lists specific metrics (vulnerabilities, exploits, etc.). It distinguishes from siblings like get_author or check_health by providing aggregate data.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Description implies usage for obtaining overall platform stats but does not explicitly state when to use this tool over alternatives or provide exclusions. Context from sibling names suggests specificity, but no guidance is given.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_vulnerabilityGet Vulnerability DetailARead-onlyIdempotentInspect
Get a full intelligence brief for a specific vulnerability. Accepts both CVE-IDs (e.g. CVE-2024-3400) and EIP-IDs (e.g. EIP-2026-12345 for pre-CVE entries). Returns detailed information including CVSS score and vector, EPSS exploitation probability, CISA KEV status, description, affected products, ranked exploits (grouped by Metasploit modules, verified ExploitDB, GitHub PoCs, and trojans), Nuclei scanner templates with recon dorks, alternate identifiers, and references. Exploits are ranked by quality: Metasploit modules first (peer-reviewed), then verified ExploitDB, then GitHub by stars. Trojans are flagged at the bottom.
| Name | Required | Description | Default |
|---|---|---|---|
| cve_id | Yes | CVE or EIP identifier (e.g. 'CVE-2024-3400' or 'EIP-2026-12345') |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, idempotentHint=true, and destructiveHint=false, so the safety profile is clear. The description adds value by detailing the rich return content (CVSS, EPSS, exploits ranked by quality) and explaining exploit ranking logic, providing behavioral context beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise (5 sentences) with the core purpose front-loaded. Each sentence adds necessary detail without redundancy. Efficient and well-structured for quick comprehension.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a single-parameter, no-output-schema tool, the description is highly complete. It explains the ID format, all key return fields (CVSS, EPSS, KEV, exploits, etc.), and exploit ranking criteria. No critical information is missing for an agent to understand what to expect.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with a description for cve_id, but the tool description adds examples (CVE-2024-3400, EIP-2026-12345) and explains the EIP-ID as pre-CVE entries. This enriches parameter understanding beyond the schema alone, justifying a score above baseline.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool gets a full intelligence brief for a specific vulnerability, distinguishing it from sibling tools like search_vulnerabilities (list) and get_exploit_code (exploit-specific). It explicitly mentions accepted ID formats (CVE and EIP), leaving no ambiguity about the resource and action.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage for detailed vulnerability lookup but does not explicitly state when to use this tool versus alternatives like search_vulnerabilities or get_exploit_analysis. No direct guidance on when not to use it or which sibling tools to prefer for related tasks.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_authorsList Exploit AuthorsARead-onlyIdempotentInspect
List exploit authors/researchers ranked by exploit count. Returns the top security researchers with their exploit counts and handles. Use this when asked 'who are the top exploit authors?' or 'who writes the most exploits?'
| Name | Required | Description | Default |
|---|---|---|---|
| page | No | Page number (default: 1) | |
| per_page | No | Results per page (1-50, default: 25) |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, openWorldHint=true, idempotentHint=true, destructiveHint=false, so the safety profile is clear. The description adds behavioral details: ranking by exploit count, returning top researchers with handles and counts, which goes beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences plus a usage instruction, no fluff. Front-loaded with verb and resource. Every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Tool is simple with no output schema, but description specifies return values (exploit counts and handles). Annotations cover safety. Schema covers pagination. Minor gap: doesn't mention that it's paginated, but page/per_page parameters imply it. Good enough.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with both parameters (page, per_page) having descriptions. The description does not add any additional parameter-specific meaning, so baseline 3 applies. No extra value.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description uses specific verb 'list' and resource 'exploit authors', adds ranking detail 'ranked by exploit count', and clearly states what is returned (counts, handles). Distinguishes from sibling 'get_author' which likely returns details of a single author.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly provides query examples ('who are the top exploit authors?') that tell the agent when to use this tool. Does not provide exclusions or mention alternatives like 'get_author' for single author queries, but the context is clear enough.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_cwesList CWE CategoriesARead-onlyIdempotentInspect
List CWE (Common Weakness Enumeration) categories ranked by vulnerability count. Returns CWE IDs, names, short labels, exploit likelihood, and how many CVEs have that weakness. Use this when asked 'what are the most common vulnerability types?'
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare read-only, idempotent, and non-destructive behavior. The description adds value by specifying that results are ranked by vulnerability count and include exploit likelihood and CVE count. No contradiction with annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Extremely concise: two sentences that efficiently convey purpose and a typical query. No redundant or extraneous information. Every word earns its place.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (no parameters, no nested objects, no output schema), the description covers the core functionality well. It could mention that the output format is a list, but that's implicit. Overall, sufficiently complete for the complexity level.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has zero parameters with 100% coverage (trivially). The description does not need to add parameter info. Per guidance, baseline for 0 parameters is 4. No additional parameter details required.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('List'), resource ('CWE categories'), and ordering ('ranked by vulnerability count'), and lists the returned fields. It effectively distinguishes from sibling tools like get_cwe (detailed single CWE) and search_vulnerabilities (search CVEs).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides a clear use case ('Use this when asked what are the most common vulnerability types?'). While it doesn't explicitly exclude alternatives, the context suggests appropriate usage. Slightly more guidance on when not to use (e.g., for specific CWE details) would improve it.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_productsList Vendor ProductsARead-onlyIdempotentInspect
List products for a specific vendor with vulnerability counts. Use this to discover exact product names for filtering. Product names in the database use CPE conventions (e.g. 'exchange_server' not 'exchange', 'windows_10' not 'windows 10'). Example: vendor='microsoft' returns products like exchange_server, windows_10, office, edge_chromium.
| Name | Required | Description | Default |
|---|---|---|---|
| vendor | Yes | Vendor name (e.g. 'microsoft', 'apache', 'fortinet') |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnly, idempotent, and non-destructive behavior. The description adds value by stating that it returns vulnerability counts and that product names use CPE conventions, providing useful behavioral context.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two focused sentences plus an example. No extraneous information, every sentence serves a purpose.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the single required parameter and sufficient annotations, the description covers the tool's purpose, usage, and naming conventions. It could mention result limits or pagination, but it's largely complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema coverage, the baseline is 3. The description adds example values and explains CPE naming conventions, enhancing parameter understanding beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'List products for a specific vendor with vulnerability counts' and explains that it helps discover exact product names for filtering, distinguishing it from sibling tools like list_vendors.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides explicit guidance on when to use the tool (to discover exact product names) and gives naming conventions and an example, though it lacks explicit exclusion of alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_vendorsList VendorsARead-onlyIdempotentInspect
List software vendors ranked by vulnerability count. Returns the top 200 vendors with their total CVE counts. Use this when asked 'which vendors have the most vulnerabilities?' or to understand the threat landscape by vendor.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations declare readOnlyHint, openWorldHint, idempotentHint, and not destructive. The description adds that it returns top 200 vendors with total CVE counts, which is useful behavioral detail beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, no wasted words, front-loaded with action and resource. Efficient and clear.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a zero-parameter, read-only tool with no output schema, the description fully explains what it returns (top 200 vendors, count) and when to use it. No gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters exist, so schema coverage is 100% automatically. The description correctly omits parameter details, and baseline 4 is appropriate for zero-parameter tools.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool lists software vendors ranked by vulnerability count, returns top 200 with total CVE counts, and gives example queries. This distinguishes it from siblings like list_authors or list_products.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly states 'Use this when asked which vendors have the most vulnerabilities?' and provides context for understanding threat landscape. No specific exclusions or alternatives, but context is clear for a simple tool.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
lookup_alt_idLookup Alternate IDARead-onlyIdempotentInspect
Look up a vulnerability by an alternate identifier such as an ExploitDB ID (EDB-XXXXX) or GitHub Security Advisory ID (GHSA-XXXXX). Returns the matching CVE-ID with basic severity info. Use this when you have an EDB number or GHSA ID and need to find the corresponding CVE.
| Name | Required | Description | Default |
|---|---|---|---|
| alt_id | Yes | Alternate ID (e.g. 'EDB-48537', 'GHSA-jfh8-c2jp-5v3q') |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, idempotentHint=true, destructiveHint=false, indicating safe, read-only, idempotent behavior. The description adds that it returns the matching CVE-ID and basic severity info, which is useful but not required beyond annotations. No contradiction.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences that are direct and front-loaded: the first sentence states the purpose, the second clarifies when to use it. No unnecessary words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (single parameter, no output schema, rich annotations), the description fully covers what the agent needs to know: what it does, when to use it, and what input is expected. No gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 100% coverage, describing the 'alt_id' parameter as a string with maxLength. The description goes further by providing concrete examples (e.g., 'EDB-48537', 'GHSA-jfh8-c2jp-5v3q') and clarifying the expected format, adding value beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states the tool looks up a vulnerability by an alternate identifier (ExploitDB ID or GitHub Security Advisory ID) and returns the corresponding CVE-ID with severity info. This distinguishes it from sibling tools like get_vulnerability (which likely uses CVE) or search_exploits (which may return multiple results).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly advises use when the user has an EDB number or GHSA ID and needs the corresponding CVE. Does not explicitly state when not to use it, but the context of the sibling tools makes the usage clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
search_exploitsSearch ExploitsARead-onlyIdempotentInspect
Browse and filter exploits using STRUCTURED FILTERS ONLY (no free-text query). Use this to filter by source (github, metasploit, exploitdb, nomisec, gitlab, inthewild, vulncheck_xdb, patchapalooza, oscs, poc_monitor), language (python, ruby, etc.), LLM classification (working_poc, trojan, suspicious, scanner, stub, writeup, tool, no_code), author, min stars, code availability, CVE ID, vendor, or product. Also filter by AI analysis: attack_type (RCE, SQLi, XSS, DoS, LPE, auth_bypass, info_leak), complexity (trivial/simple/moderate/complex), reliability (reliable/unreliable/untested/theoretical), requires_auth. NOTE: To search by product name (e.g. 'OpenSSH', 'Apache'), use search_vulnerabilities instead — it has free-text query and get_vulnerability already includes exploits in the response. Examples: source='metasploit' for all Metasploit modules; attack_type='RCE' with reliability='reliable' for weaponizable RCE exploits; cve='CVE-2024-3400' for all exploits targeting a specific CVE; vendor='mitel' for all Mitel exploits.
| Name | Required | Description | Default |
|---|---|---|---|
| cve | No | Filter by CVE ID (e.g. 'CVE-2024-3400') — returns all exploits for that CVE | |
| page | No | Page number (default: 1) | |
| sort | No | Sort order | |
| author | No | Filter by author name | |
| source | No | Filter by source | |
| vendor | No | Filter by vendor name (e.g. 'mitel', 'fortinet') — returns exploits for all CVEs affecting that vendor | |
| product | No | Filter by product name (e.g. 'micollab', 'pan-os') | |
| has_code | No | Only exploits with downloadable code | |
| language | No | Filter by language: python, ruby, go, c, etc. | |
| per_page | No | Results per page (1-25, default: 10) | |
| min_stars | No | Minimum GitHub stars | |
| complexity | No | Filter by exploit complexity | |
| attack_type | No | Filter by attack type from AI analysis (case-insensitive on input; canonical casing returned) | |
| reliability | No | Filter by exploit reliability | |
| requires_auth | No | Filter by whether exploit requires authentication | |
| llm_classification | No | Filter by LLM classification |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate readOnlyHint=true, idempotentHint=true, destructiveHint=false, openWorldHint=true. The description consistently emphasizes read-only behavior with 'browse and filter' and 'no free-text query'. No contradictions; it adds context about structured filters and parameter interactions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is verbose but well-organized, front-loading the key restriction. Every sentence adds value, though it could be slightly trimmed. Structure with examples and filter categories aids readability.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given 16 parameters, 6 enums, and no output schema, the description comprehensively covers all filter categories, provides examples, and guides on tool selection. It adequately addresses the tool's complexity and usage context.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with detailed descriptions. The description adds significant value by grouping filters, providing usage examples, and noting case-insensitivity for attack_type. It explains how filters like product and vendor relate, exceeding baseline expectations.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool browses and filters exploits using structured filters only, with no free-text query. It distinguishes from sibling search_vulnerabilities by specifying that product name searches should use that tool. The purpose is specific and unambiguous.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool (structured filtering) and when not to (free-text product search, directing to search_vulnerabilities). It includes examples and explains filter relationships, ensuring proper usage.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
search_vulnerabilitiesSearch VulnerabilitiesARead-onlyIdempotentInspect
Search the Exploit Intelligence Platform for vulnerabilities (CVEs). Returns a list of matching CVEs with CVSS scores, EPSS exploitation probability, exploit counts, CISA KEV status, VulnCheck KEV, InTheWild.io exploitation signals, and ransomware attribution. Supports full-text search, severity/vendor/product/ecosystem/CWE filters, CVSS/EPSS thresholds, plus any_exploited and ransomware filters. When sort is omitted, the API may automatically prefer newest exploitation, exploit, or nuclei-template activity based on the filters you set. Examples: query='apache httpd' with has_exploits=true; vendor='fortinet' with severity='critical' and is_kev=true sorted by epss_desc; any_exploited=true with ransomware=true for ransomware-linked CVEs; cwe='89' with min_cvss=9 for critical SQL injection CVEs.
| Name | Required | Description | Default |
|---|---|---|---|
| cwe | No | Filter by CWE ID (e.g. '79' or 'CWE-79') | |
| page | No | Page number (default: 1) | |
| sort | No | Sort order. Aliases are normalized to the current server schema. | |
| year | No | Filter by CVE year (e.g. 2024) | |
| query | No | Search keywords (e.g. 'apache httpd', 'log4j'). Optional if filters are provided. | |
| is_kev | No | Only return CISA Known Exploited Vulnerabilities | |
| vendor | No | Filter by vendor name (e.g. 'microsoft', 'fortinet') | |
| date_to | No | End date for CVE publication (YYYY-MM-DD) | |
| product | No | Filter by product name (e.g. 'exchange', 'pan-os') | |
| min_cvss | No | Minimum CVSS v3 score (0-10) | |
| min_epss | No | Minimum EPSS score (0-1) | |
| per_page | No | Results per page (1-25, default: 10) | |
| severity | No | Filter by severity level | |
| date_from | No | Start date for CVE publication (YYYY-MM-DD) | |
| ecosystem | No | Filter by package ecosystem | |
| min_score | No | Minimum score for the selected score_version (0-10) | |
| has_nuclei | No | Only return CVEs with Nuclei scanner templates | |
| ransomware | No | Only return CVEs with confirmed ransomware campaign use | |
| has_exploits | No | Only return CVEs with public exploit code | |
| any_exploited | No | Only return CVEs exploited in the wild (CISA KEV + VulnCheck KEV + InTheWild.io) | |
| score_version | No | Score family for min_score / score_desc |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, destructiveHint=false, and idempotentHint=true. The description adds behavioral detail about automatic sort preference when sort is omitted, which is valuable beyond the annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single paragraph but contains dense, useful information including a list of returned fields, supported filters, and four examples. It is not overly long, though could benefit from a more structured format like bullet points.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given 21 parameters (all described in schema) and no output schema, the description covers the tool's purpose, input parameters through examples, and behavioral nuances (automatic sort). It lists the returned fields, but could be more explicit about pagination behavior and output structure.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so baseline is 3. The description adds value by grouping parameters and providing example combinations (e.g., 'vendor='fortinet' with severity='critical' and is_kev=true sorted by epss_desc'), which aids understanding of parameter interactions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'Search the Exploit Intelligence Platform for vulnerabilities (CVEs)' and specifies the returned fields. This distinguishes it from sibling tools like search_exploits, which search for exploits instead.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides clear context on supported filters and includes example queries, but does not explicitly state when not to use this tool or mention alternatives like search_exploits.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!