directory
Server Details
Search a directory of SOC 2 audit and compliance firms; read GRC migration guides. Read-only.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 5 of 5 tools scored.
Each tool has a clearly distinct purpose: get_firm and search_firms both deal with firms but one is singular lookup and the other is search; get_resource and list_resources similarly distinguish; get_introduction_path is unique. No ambiguity.
All tools follow verb_noun snake_case pattern consistently: get_firm, get_introduction_path, get_resource, list_resources, search_firms. No deviations.
With 5 tools, the set is well-scoped for a read-only directory: separate tools for retrieving vs listing firms and resources, plus a specialized introduction path tool. Neither too sparse nor bloated.
The tools cover all necessary read operations: get and list for both firms and resources, plus search for firms and a specific informational tool. No obvious gaps for a read-only directory.
Available Tools
5 toolsget_firmAInspect
Get one firm's public directory record by slug. Returns null for unknown or non-public (suppressed) firms.
| Name | Required | Description | Default |
|---|---|---|---|
| slug | Yes | firm slug, e.g. "a-lign" |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. Discloses that returns null for unknown or non-public firms, which is key behavioral info. Lacks other details like permissions or side effects, but for a read tool this is sufficient.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences with no unnecessary words. Front-loaded with the primary action and includes the important null return behavior.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (1 required parameter, no output schema), the description fully covers what it does, the input format, and the return behavior for all cases including null.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% for the single parameter. The tool description adds only the context that the record is public and an example slug value ("a-lign"), which adds minor value beyond the schema baseline.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states it gets a firm's public directory record by slug. Distinguishes from sibling tools like search_firms which searches multiple, and get_introduction_path which is different.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Indicates to use by slug and what the return value means (null for unknown/non-public), but does not explicitly state when to use vs alternatives or mention any exclusions.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_introduction_pathAInspect
Get the public directory URL and what an introduction to a firm requires. READ-ONLY: returns instructions only — it does not submit a request or create a lead.
| Name | Required | Description | Default |
|---|---|---|---|
| firm_slug | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Despite no annotations, the description fully transparently declares read-only behavior and confirms no side effects (no lead creation). This provides clear behavioral expectations for the agent.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences achieve efficient communication: first sentence states purpose, second adds critical behavioral note. No wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple tool with one parameter and no output schema, the description provides sufficient context. It could improve by hinting at the response structure, but overall it enables correct invocation.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 0% schema description coverage, the description compensates by implying the firm_slug parameter identifies the firm. However, it does not explain what a slug is or how to obtain it, leaving some ambiguity.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool retrieves a public directory URL and introduction requirements for a firm. The verb 'get' and resource 'introduction path' are specific, and the read-only clarification distinguishes it from sibling tools like get_firm and search_firms.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly states it is read-only and does not submit requests or create leads, guiding the agent to use it for exploratory or informational purposes. However, it does not explicitly mention when not to use it or suggest specific alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_resourceAInspect
Get one guide, question page, or blog post by slug — its title, description, and content (blog body markdown, or the FAQ question/answer pairs for guides and question pages).
| Name | Required | Description | Default |
|---|---|---|---|
| slug | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. It discloses returned fields per resource type (title, description, content). However, it does not mention error handling or required permissions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Single concise sentence that front-loads the action and resource, with parenthetical details about content variants. No wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
No output schema, so description must explain return values. It does so by listing title, description, and content specifics per resource type. It omits behavior on missing slugs or multiple matches.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Only one parameter 'slug' with 0% schema coverage. The description adds context by stating 'by slug' and explaining what the slug identifies, but does not specify slug format or examples.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description explicitly states 'Get one guide, question page, or blog post by slug' with details on returned fields. It clearly distinguishes from siblings like get_firm and get_introduction_path.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description specifies the resource types (guides, question pages, blog posts), implying when to use. It does not explicitly state when not to use, but sibling names provide differentiation.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_resourcesAInspect
List GRC Migrate guides, question pages, and blog posts available to read (title, description, url, type). Read-only.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description carries full behavioral burden. It states 'Read-only' which is helpful, but lacks details on authentication requirements, response structure (e.g., pagination, ordering), or any limitations. More transparency would improve agent decision-making.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Single sentence efficiently conveys action, resource type, and key output fields. No redundancy, front-loaded with the verb and resource.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (no params, no output schema), the description provides sufficient context: what is listed and the fields returned. It lacks explicit mention of list ordering or whether output is paginated, but remains largely adequate.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters exist and schema coverage is 100%, so the description cannot add parameter-level detail. Baseline score of 4 applies, as there is no omission.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool lists specific resources (GRC Migrate guides, question pages, blog posts) and specifies the returned fields (title, description, url, type). It distinguishes from siblings like get_resource (single resource) or search_firms (different resource type) through the explicit resource listing.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No explicit when-to-use guidance or alternatives are given. The 'Read-only' hint and listing nature imply usage for exploring available content, but there is no comparison with siblings like get_resource or search_firms.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
search_firmsAInspect
Search the GRC Migrate directory of SOC 2 audit and compliance-readiness firms (facts compiled from public sources). Filter by framework, ecosystem, partner status, or category. Read-only.
| Name | Required | Description | Default |
|---|---|---|---|
| category | No | e.g. "pen_test", "vciso_advisory" | |
| ecosystem | No | compliance platform ecosystem, e.g. "vanta" or "drata" | |
| framework | No | e.g. "SOC 2", "ISO 27001", "HIPAA" | |
| partner_status | No | only "listed" or "partner"; "suppressed" is never valid |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description declares 'Read-only', indicating no destructive side effects, and notes 'facts compiled from public sources'. However, it does not discuss pagination, rate limits, or behavior with no results. With no annotations, some transparency is missing.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences. First sentence states purpose and resource; second lists filters and read-only status. Efficient and front-loaded.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema and 4 optional parameters, the description adequately covers the tool's purpose and filters. It could mention pagination or default result limits, but overall complete for a search tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so baseline is 3. The description adds context about the directory's content but does not enrich parameter meaning beyond what the schema already provides.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb ('Search'), the specific resource ('GRC Migrate directory of SOC 2 audit and compliance-readiness firms'), and supports filtering. It distinguishes from siblings like 'get_firm' which retrieves a single firm.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage for filtering firms but does not explicitly state when to use this tool vs alternatives (e.g., get_firm for details). No guidance on when not to use or prerequisites.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!