Skip to main content
Glama
Ownership verified

Server Details

Classify data safety before storing or sharing. GDPR, HIPAA, PCI-DSS, CCPA. AI-powered.

Status
Healthy
Last Tested
Transport
Streamable HTTP
URL

Glama MCP Gateway

Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.

MCP client
Glama
MCP server

Full call logging

Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.

Tool access control

Enable or disable individual tools per connector, so you decide what your agents can and cannot do.

Managed credentials

Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.

Usage analytics

See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.

100% free. Your data is private.
Tool DescriptionsA

Average 4.6/5 across 3 of 3 tools scored.

Server CoherenceA
Disambiguation5/5

Each tool has a clearly distinct purpose: validate_data_safety performs full AI-based compliance check, validate_data_safety_lite is a fast pattern pre-screen, and get_safety_report provides detailed remediation. No overlap in functionality.

Naming Consistency5/5

All tool names follow a consistent verb_noun pattern with underscore separation: validate_data_safety, validate_data_safety_lite, get_safety_report. Naming is predictable and clear.

Tool Count5/5

With 3 tools, the server is well-scoped for its purpose. It provides essential operations for data compliance classification without unnecessary bloat.

Completeness5/5

The tool set covers the full workflow: validation (full and lite), and detailed reporting with remediation strategies. No obvious gaps for the stated domain.

Available Tools

3 tools
get_safety_reportAInspect

Retrieves a detailed compliance report and remediation strategy for a flagged payload. Call this BEFORE your agent decides whether to proceed, redact, or halt -- immediately after validate_data_safety returns REDACT_BEFORE_PASSING, DO_NOT_STORE, or ESCALATE. Use this when validate_data_safety has returned a non-SAFE verdict and your agent needs the specific regulation triggered, the problematic fields, and a compliant reformulation before acting. Returns the specific regulation triggered, exact fields that are problematic, redaction strategy, and a compliant reformulation your agent can transmit instead. Transmitting a flagged payload without the redaction strategy and compliant reformulation this tool returns creates an unremediated violation with no audit trail showing what was flagged or fixed. Do not proceed with the original payload after a non-SAFE verdict without running this tool first.

ParametersJSON Schema
NameRequiredDescriptionDefault
modeYesREPORT: get redaction strategy and compliant reformulation for a flagged payload. BATCH: classify up to 50 payloads. AUDIT: generate compliance summary report.
contextNoWhat will be done with this data. Used to improve verdict accuracy.
payloadNoThe flagged payload to analyse. Required for REPORT mode.
payloadsNoArray of data payloads to classify. Required for BATCH mode. Maximum 50.
jurisdictionNoJurisdiction override for REPORT mode (e.g. "EU", "US", "UK"). Optional.
dataset_descriptionNoDescription of the dataset for AUDIT mode (e.g. "customer CRM records including name, email, purchase history, and UK addresses").

Output Schema

ParametersJSON Schema
NameRequiredDescription
modeNo
statusNoPresent on the free-tier REPORT preview path
messageNo
checked_atYes
_disclaimerYes
upgrade_urlNo
patterns_detectedNo
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. It explains the tool returns regulation triggered, problematic fields, redaction strategy, and compliant reformulation. Describes the three modes and warns of consequences (unremediated violation). No contradictions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Description is well-structured, front-loaded with core purpose, then usage context, return details, and a warning. It is fairly long but each sentence adds value. Could be slightly more concise but not excessive.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (6 parameters, 1 required, output schema present), the description is complete. It covers when to use, what it returns, and consequences of improper use. The output schema covers return structure, so description complements it well.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with parameter descriptions, so baseline is 3. The description adds value by explaining the purpose of the output and workflow, and by describing each mode (REPORT, BATCH, AUDIT) in detail, which supplements the schema descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool retrieves a compliance report and remediation strategy for a flagged payload. It distinguishes from sibling validation tools by specifying this is called after a non-SAFE verdict from validate_data_safety.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use (after validate_data_safety returns non-SAFE), what alternatives exist (not proceeding without it), and warns against proceeding without first calling this tool. Provides clear context for each mode.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

validate_data_safetyAInspect

Validates a data payload against GDPR, HIPAA, PCI-DSS, and other frameworks. Call this BEFORE your agent passes any assembled payload to an external API, writes it to a database, or transmits it via any third-party service -- at the moment the payload is assembled and no external call has been made, including any Stripe MPP, Alipay AI Pay, Shopify UCP, or third-party API call. Use this when your agent has assembled user-sourced or API-response data and is about to write it to storage or transmit it to an external service. Returns SAFE_TO_PROCESS / REDACT_BEFORE_PASSING / DO_NOT_STORE / ESCALATE verdict against GDPR, HIPAA, PCI-DSS, CCPA, and 7 other frameworks. Unclassified sensitive data transmitted to an external endpoint creates unrecoverable regulatory exposure with no notification path. Call get_safety_report next if verdict is not SAFE_TO_PROCESS. Returns machine-ready verdict, no further analysis needed.

ParametersJSON Schema
NameRequiredDescriptionDefault
contextNoWhat your agent is about to do with this data (e.g. "write to database", "send to third-party API", "log to file", "pass to email tool"). Improves verdict accuracy.
payloadYesThe data payload to classify. Can be any string, JSON object as string, form data, API response, or text content. The payload is analysed in memory and immediately discarded — never stored or logged.
jurisdictionNoOverride jurisdiction if known (e.g. "EU", "US", "UK", "CA", "AU"). Use if data_origin_ip is unavailable but jurisdiction is known.
data_origin_ipNoIP address of the data subject or data source. Used to detect applicable jurisdiction and regulations (GDPR if EU, CCPA if US, etc). Optional but improves regulatory accuracy.

Output Schema

ParametersJSON Schema
NameRequiredDescription
verdictYes
reasoningNoPaid tier only -- gated to _reasoning_gated on free tier
checked_atYes
confidenceNo
source_urlNo
_disclaimerYes
analysis_typeNo
credential_checkNo
patterns_detectedNo
redaction_targetsNo
sensitivity_levelYes
recommended_actionNo
detected_categoriesNo
jurisdiction_detectedNo
applicable_regulationsNo
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It explicitly states the payload is analysed in memory and immediately discarded (never stored or logged), returns machine-ready verdicts (SAFE_TO_PROCESS, etc.), and mentions regulatory risk if data is transmitted unsafely. This fully discloses the tool's behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with the main purpose up front, followed by usage guidance, return details, and next steps. It is slightly verbose but every sentence adds value. Could be slightly more concise without losing information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (4 params, 1 required, output schema exists), the description is comprehensive: explains purpose, timing, examples, verdict meanings, follow-up, and a critical warning about regulatory exposure. The output schema is mentioned, so return format is covered.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so baseline is 3. The description adds some context (e.g., 'context improves accuracy', 'data_origin_ip improves regulatory accuracy') but largely restates schema definitions without adding new meaning or usage details beyond what the schema already provides.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool validates data payloads against multiple regulatory frameworks (GDPR, HIPAA, PCI-DSS, etc.) and provides explicit timing ('Call this BEFORE your agent passes any assembled payload...'). It distinguishes from sibling tool 'get_safety_report' by recommending it as a next step for non-SAFE_TO_PROCESS verdicts.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description gives explicit when-to-use instruction with examples ('write to database', 'send to third-party API') and a clear follow-up action ('Call get_safety_report next'). It does not explicitly state when not to use the tool, but the context is clear enough for an agent to make the decision.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

validate_data_safety_liteAInspect

Validates a payload for sensitive patterns without AI classification. Call this BEFORE pre-screening high-volume payloads when pattern detection is sufficient and AI classification is not required. Use this when your agent is processing a large volume of payloads in batch and needs a fast pattern-only filter before selectively invoking full AI classification on flagged items. Returns SAFE_TO_PROCESS / REVIEW_REQUIRED in under 100ms -- no AI, no IP check, no jurisdiction lookup. Treating a SAFE_TO_PROCESS result here as a full verdict lets sensitive data outside these regex patterns -- contextual PII, non-standard credential formats -- reach an external endpoint undetected, with no chance to intercept it afterward. Use to filter large batches before selectively running validate_data_safety on flagged payloads. Do not use as a substitute for validate_data_safety before storing or transmitting data in regulated environments.

ParametersJSON Schema
NameRequiredDescriptionDefault
contextNoOptional: what your agent plans to do with this data.
payloadYesThe data payload to screen for sensitive patterns.

Output Schema

ParametersJSON Schema
NameRequiredDescription
verdictYes
checked_atYes
_disclaimerYes
agent_actionYes
analysis_typeNo
patterns_detectedNo
sensitivity_levelNo
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, description fully discloses behavioral traits: no AI, no IP check, no jurisdiction lookup, under 100ms response, and return values SAFE_TO_PROCESS/REVIEW_REQUIRED. It also warns about limitations of treating SAFE_TO_PROCESS as a full verdict.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Description is front-loaded with purpose and usage, but it is somewhat lengthy. However, every sentence provides useful information, balancing completeness with conciseness.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the presence of an output schema (not shown), the description covers all essential aspects: purpose, usage guidelines, behavioral traits, and limitations. It is fully adequate for the tool's complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with descriptions for both 'context' and 'payload'. Description does not add significant meaning beyond the schema; it only restates the optional nature of 'context'. Baseline score of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states tool validates payloads for sensitive patterns without AI classification. It explicitly distinguishes from sibling tool 'validate_data_safety' by noting no AI involvement and faster processing.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Description provides explicit when-to-use scenario (pre-screening high-volume payloads) and when-not-to-use (regulated environments). It also suggests using it as a filter before full validation, offering clear alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Discussions

No comments yet. Be the first to start the discussion!

Try in Browser

Your Connectors

Sign in to create a connector for this server.

Resources