registry
Server Details
The MCP server that vets MCP servers: identity, risk grade and per-tool risk before you install.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.2/5 across 4 of 4 tools scored.
Each tool has a clear and distinct purpose: checking a server vs. checking a specific tool, searching the registry, and retrieving change events. No overlap in functionality.
All tool names follow a consistent verb_noun pattern with snake_case (check_mcp_server, check_tool, get_change_events, search_registry), making them predictable and easy to understand.
With 4 tools, the set is well-scoped for a registry server: search, check server, check tool, and monitor changes. It covers the essential operations without being too sparse or bloated.
The tool surface is complete for a read-only registry consumer. It provides search, server verification, tool risk assessment, and change events—covering all likely needs. Missing operations like registration are out of scope.
Available Tools
4 toolscheck_mcp_serverAInspect
Check an MCP server against the PolicyLayer registry BEFORE installing or allowing it. Accepts a registry slug, an npm package name (scoped or not), or a server name. Returns the full published record: identity verification with its evidence, risk grade, auth posture, freshness, and the tool surface listed riskiest-first. A server the registry does not know is queued for scanning by this very call — check back shortly.
| Name | Required | Description | Default |
|---|---|---|---|
| server | Yes | Registry slug, npm package name (e.g. @acme/mcp-server), or server name. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description carries the full burden. It discloses that the tool returns a detailed record including identity verification, risk grade, auth posture, freshness, and riskiest-first tool surface. It also notes that unknown servers are queued for scanning. This is good transparency, though it could mention if there are any side effects or rate limits.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, front-loading the purpose and usage. Every sentence adds essential information without wasted words. It is concise yet comprehensive.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the simplicity (one parameter, no output schema, no annotations), the description is quite complete. It covers what the tool does, input types, output content, and behavior for unknown servers. It could add error handling or rate limits, but overall it is sufficient.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% for the single parameter. The description adds nuance by noting that the input can be a 'scoped or not' npm package name and provides an example format, adding value beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: checking an MCP server against the PolicyLayer registry before installation. It uses specific verbs and resources, and the sibling tools (check_tool, get_change_events, search_registry) indicate distinct functionality, avoiding confusion.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly advises using this tool 'BEFORE installing or allowing' a server, providing clear context. It also lists accepted identifier types. However, it does not explicitly state when not to use it or directly compare to siblings, though the usage context is well defined.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_toolAInspect
One tool's full risk classification on a published MCP server: category, severity, risk analysis and evidence, OWASP classes, parameter schema and the recommended policy default. Use when deciding whether to allow a specific tool call, e.g. "should execute_sql on this server be permitted?"
| Name | Required | Description | Default |
|---|---|---|---|
| tool | Yes | Tool name as the server declares it. | |
| server | Yes | Registry slug or npm package name of the server. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description must cover behavioral traits. It only describes output content, not side effects, auth needs, or read-only status. For a risk assessment tool, it likely is read-only but does not confirm, leaving uncertainty.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Single sentence efficiently conveys purpose, components, and usage example. No redundant information; every part adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Despite lacking an output schema, the description enumerates output fields (category, severity, etc.) and use case. For a two-parameter tool with no nested objects, this is adequately comprehensive.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% and both parameters have descriptions. The description adds no additional meaning beyond what schema provides, so baseline score of 3 applies.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states the tool returns risk classification for a specific tool on a server, with explicit components (category, severity, etc.). It distinguishes itself from siblings by focusing on a single tool rather than the whole server or other functions.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides direct guidance: 'Use when deciding whether to allow a specific tool call' with an illustrative example. Lacks explicit exclusion of alternative tools, but the context is sufficient.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_change_eventsAInspect
The registry change feed: tool-surface drift, auth-posture flips, impostor flags, version bumps — every event the freshness watchers emit, id-cursored so a consumer resumes exactly where it stopped. Requires a Registry Licence key (Authorization: Bearer plr_...); self-serve at https://policylayer.com/registry/pricing.
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Max events (1-1000, default 200). | |
| after_id | No | Return events with id greater than this cursor (default 0). | |
| severity | No | Minimum severity: that level and above. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description fully discloses behaviors: it is a read-only feed, requires a Registry License key with specific authorization header, and provides a self-service link for obtaining the key.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two efficiently packed sentences with front-loaded purpose and no wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the 3 parameters have full schema coverage and no output schema exists, the description adequately covers purpose, cursor usage, and licensing. A minor gap: no hint about the expected response structure.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so baseline is 3. The description adds value by explaining the 'after_id' parameter as a cursor for resumption, going beyond the schema's generic description.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description uses specific verbs ('get...change feed') and lists concrete event types (tool-surface drift, auth-posture flips, etc.), clearly distinguishing this tool from siblings like search_registry.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
It explains the cursor pattern for resuming ('id-cursored so a consumer resumes exactly where it stopped') and mentions the required license key, but does not explicitly state when not to use or compare to alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
search_registryAInspect
Search the PolicyLayer registry of published MCP servers by name, slug or package substring. Returns candidate matches with risk grade, identity confidence (verified / unverified / mismatch — mismatch means it claims to be an official server with no verifiable link to the brand) and tool count — follow up with check_mcp_server on the match you meant.
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Max matches to return (1-20, default 10). | |
| query | Yes | Substring to match against slug, name and packages. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries the full burden. It discloses that the tool returns candidate matches with specific fields (risk grade, identity confidence, tool count) and implies it is a read operation. However, it does not mention any rate limits, authentication, or destructive behavior, but for a search tool, this is adequate.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences: first defines purpose, second lists returns and gives usage hint. No redundant information, front-loaded.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The description covers purpose, return values, and a follow-up suggestion. It is complete for a simple two-parameter search tool with no output schema. Could mention limit default but that is in schema.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%; both parameters are documented in the schema. The description reinforces that query is for name/slug/package substring but adds no new semantic details beyond the schema. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool searches the PolicyLayer registry by name, slug, or package substring, and lists the return fields (risk grade, identity confidence, tool count). It distinguishes itself from sibling tool check_mcp_server by suggesting a follow-up.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly says to use this tool for initial search and then follow up with check_mcp_server, providing clear context and an alternative. It doesn't exclude other usage scenarios but offers strong guidance.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!