Skip to main content
Glama

Opzyai Vibe Check

Server Details

Free no-account URL security scan: 0-100 Launch Readiness score for any live site in ~15 seconds.

Status
Healthy
Last Tested
Transport
Streamable HTTP
URL

Glama MCP Gateway

Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.

MCP client
Glama
MCP server

Full call logging

Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.

Tool access control

Enable or disable individual tools per connector, so you decide what your agents can and cannot do.

Managed credentials

Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.

Usage analytics

See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.

100% free. Your data is private.
Tool DescriptionsA

Average 4.3/5 across 1 of 1 tools scored.

Server CoherenceA
Disambiguation5/5

Only one tool exists, so there is no risk of confusing it with any other tool.

Naming Consistency5/5

With a single tool, naming is inherently consistent. 'scan_url' follows a clear verb_noun pattern.

Tool Count3/5

A single tool for a narrowly scoped security scanning server is reasonable, but the server's potential seems underexpressed with only one action.

Completeness2/5

The server provides only a single scanning operation, lacking any ability to manage or retrieve past scans, which limits its usefulness for broader workflows.

Available Tools

1 tool
scan_urlRun a Vibe CheckA
Read-only
Inspect

Scan a live URL for leaked API keys, exposed config files and missing security headers. Returns a Launch Readiness score (0-100) and a paste-ready fix for each finding. Use before deploying, or when checking the security of an app built with AI coding tools like Cursor, Lovable, v0 or Bolt.

ParametersJSON Schema
NameRequiredDescriptionDefault
urlYesThe full public URL of the live app to scan, e.g. https://myapp.vercel.app

Output Schema

ParametersJSON Schema
NameRequiredDescription
hostYes
scoreYes
findingsYes
reportUrlYes
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already mark readOnlyHint=true and openWorldHint=true, indicating a safe read operation. The description adds that it returns a Launch Readiness score and paste-ready fixes, which enriches the understanding of behavior without contradiction.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two sentences, concise and front-loaded. Every sentence adds value: the first defines the action and findings, the second gives usage guidance. No wasted words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's simplicity (1 parameter, no siblings, output schema present), the description covers purpose, usage, and behavioral outcomes completely. No gaps remain.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% for the single 'url' parameter, which includes a clear description and example. The description does not add further parameter details beyond what the schema provides, so a baseline of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description starts with 'Scan a live URL for leaked API keys, exposed config files and missing security headers.' This clearly states the action (scan) and the specific resources checked, providing a precise purpose. No siblings exist, so no differentiation needed.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description includes 'Use before deploying, or when checking the security of an app built with AI coding tools like Cursor, Lovable, v0 or Bolt.' This gives concrete use cases. It does not explicitly mention when not to use or alternatives, but the context is sufficient.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Discussions

No comments yet. Be the first to start the discussion!

Try in Browser

Your Connectors

Sign in to create a connector for this server.

Resources