cloud-pathfinder
Server Details
IaC attack-path auditor: finds internet-to-crown-jewel chains in Terraform/CFN/K8s.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.7/5 across 2 of 2 tools scored.
The two tools have clearly distinct purposes: one analyzes a single IaC state for attack paths, while the other compares two states to detect changes in attack surface. There is no overlap.
Both tools follow a consistent verb_noun pattern (audit_attack_paths, diff_attack_paths) using snake_case, making the naming predictable and clear.
With only 2 tools, the server is slightly minimal but each tool provides essential functionality for the domain. It falls at the low end of the typical range but still earns its place.
The server covers the core workflows of static IaC attack-path analysis (single-state audit and differential comparison). Minor gaps exist, such as lack of support for other IaC providers or more granular query tools, but the main use cases are addressed.
Available Tools
2 toolsaudit_iac_attack_pathsAInspect
Find real ATTACK PATHS in Infrastructure-as-Code (Terraform, CloudFormation, Kubernetes) — not a linter. Give it your IaC files (a map of filename→content, or a single source blob) and it parses them into a resource graph, resolves cross-resource relationships, and searches for chains from the public INTERNET to your crown jewels (data stores, secrets, admin). It returns a BREACHABLE / EXPOSED / HARDENED verdict and the concrete multi-hop routes an attacker would walk — e.g. 'open security group (SSH 0.0.0.0/0) → EC2 instance-profile role → iam:PassRole privilege escalation to admin → S3 exfiltration'. Understands AWS managed-policy permissions, 20+ IAM privilege-escalation primitives, public security groups / RDS, and Kubernetes LoadBalancer/NodePort exposure + privileged pods + cluster-admin ServiceAccounts. Use it before applying IaC or in a PR to catch breach paths a per-resource linter misses. Heuristic static analysis of declared IaC.
| Name | Required | Description | Default |
|---|---|---|---|
| deep | No | When true, runs the PREMIUM deep audit: full attack chains with per-hop evidence (file:line), privilege-escalation reachability and remediation. Requires an API key (set CLOUD_PATHFINDER_KEY in your MCP env); without one you'll get unlock instructions. The free verdict + counts need no key. | |
| files | No | Map of filename → file content. Mix Terraform (.tf/.tf.json), CloudFormation (.yaml/.json) and Kubernetes (.yaml) freely; formats are auto-detected. Cross-file references are resolved. | |
| source | No | Optional: a single IaC blob to analyze when you don't have separate files. Format auto-detected. | |
| filename | No | Optional filename hint for `source` (helps format detection, e.g. main.tf). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries the full burden. It discloses the tool's behavior: parses files into a resource graph, resolves cross-resource relationships, and returns verdicts with attack chains. It mentions that 'deep' requires an API key and that it is heuristic static analysis. This is transparent and accurate.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is front-loaded with the core purpose and includes an illustrative example attack chain. Every sentence adds value, though it is somewhat long. It could be slightly trimmed without losing clarity, but it remains effective.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (multiple IaC formats, cross-resource analysis, privilege escalation primitives) and the absence of an output schema, the description thoroughly explains inputs, outputs (verdict and routes), and the analysis approach. All parameter behaviors are covered, making it complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so baseline is 3. The description adds meaningful context beyond the schema: it explains that 'files' is a map of filename→content with cross-file reference resolution, that formats are auto-detected, and that 'source' is for single blobs. This enhances understanding.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description uses a specific verb ('Find real ATTACK PATHS') and resource ('Infrastructure-as-Code'), and provides a clear scope (Terraform, CloudFormation, Kubernetes). It explicitly distinguishes from a linter and implies differentiation from sibling 'diff_attack_paths' by focusing on auditing vs. diffing.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly states when to use the tool ('before applying IaC or in a PR') and why ('catch breach paths a per-resource linter misses'). It also explains the deep vs. free modes. However, it does not directly compare to the sibling tool or specify when not to use it.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
diff_attack_pathsAInspect
DIFFERENTIAL attack-path analysis for a change to Infrastructure-as-Code — the CI/CD gate. Give it the IaC BEFORE and AFTER a change (e.g. a pull request's base and head trees, each a map of filename→content) and it builds the full resource graph + runs the internet→crown-jewel reachability search on BOTH states, then reports exactly what the change did to your attack surface: which breach chains it INTRODUCES (e.g. 'this PR opens a NEW Internet→admin route via a newly-public security group + an over-broad IAM grant'), which it ELIMINATES, and which it AGGRAVATES (makes more exploitable). Returns an INTRODUCES_BREACH / REDUCES_RISK / NEUTRAL / MIXED verdict — the single check to wire into PR review so a change that opens a path to your data/secrets/admin is caught before merge. This is something a per-file linter or a single-state scan cannot answer: it needs both graphs and a semantic cross-state path match. Heuristic static analysis of declared IaC.
| Name | Required | Description | Default |
|---|---|---|---|
| deep | No | When true, runs the PREMIUM deep diff: the full changed chains with per-hop file:line evidence, before→after exploitability scores, and which choke points newly matter. Requires CLOUD_PATHFINDER_KEY; without one you get unlock instructions. The free diff verdict + counts need no key. | |
| after | Yes | The IaC state AFTER the change (the PR head). Same shape as `before`. | |
| before | Yes | The IaC state BEFORE the change (the PR base). Provide { files: {filename: content} } or { source, filename }. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description fully discloses behavioral traits: it builds resource graphs, runs reachability searches on both states, and returns a verdict. It describes the free vs premium deep mode and the required key. It also mentions 'heuristic static analysis of declared IaC' to set expectations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single paragraph that front-loads the core purpose. It is informative but somewhat lengthy (around 200 words). While it could be more concise, it is well-structured and covers all necessary aspects without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (3 parameters, nested objects, no output schema), the description is remarkably complete. It explains what inputs are needed, what the tool does, the type of output (verdicts), and important context such as the requirement for a key in deep mode. It also distinguishes itself from simpler tools.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
All three parameters (before, after, deep) are described in the schema, but the description adds extra context: the deep parameter is explained in detail (premium deep diff with evidence), and the before/after shapes are clarified with examples. This adds meaning beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it performs differential attack-path analysis for Infrastructure-as-Code changes, specifically as a CI/CD gate. It distinguishes itself from the sibling tool 'audit_iac_attack_paths' by emphasizing its comparative before/after analysis rather than a single-state scan.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly guides when to use this tool: as a PR review gate for IaC changes. It explains what the tool can detect (introductions, eliminations, aggravation of attack paths) and highlights that it is something a per-file linter or single-state scan cannot answer. It also mentions prerequisites for the deep mode (CLOUD_PATHFINDER_KEY).
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!