data-breach-detector
Server Details
Read-only breach intelligence from public feeds: reports THAT a domain leaked, never the data.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 4 of 4 tools scored.
Each tool targets a clearly distinct function: text analysis, news retrieval, entity lookup, and source listing. There is no overlap in purpose, making selection unambiguous.
All names use snake_case and are readable, but they mix verb_noun patterns (assess_threat, check_exposure) with noun_noun patterns (breach_news, feed_sources). This minor inconsistency prevents a perfect score.
With 4 tools, the server is well-scoped for a data breach detector covering analysis, news, lookup, and sources. Each tool earns its place without redundancy or missing essentials.
The tools cover core breach-related tasks (analysis, news, entity check, source info). A minor gap is the lack of batch or monitoring capabilities, but the primary use cases are addressed.
Available Tools
4 toolsassess_threatAInspect
Triage a piece of security text (advisory, forum post, alert): classify threat level, categories and recommended action. Pure analysis of text you supply — collects nothing, reaches no network.
| Name | Required | Description | Default |
|---|---|---|---|
| text | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden. It discloses that the tool collects no data and makes no network calls, which is critical for safety. However, it does not mention any other behaviors such as rate limits, performance characteristics, or potential errors.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, front-loads the purpose, and contains no fluff. Every clause adds value, from the action (triage) to the safety guarantees.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the single parameter and no output schema, the description covers the core functionality well. However, it could describe the expected output structure (e.g., categories and recommended action format) to be fully complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The only parameter, 'text', has no schema description. The description adds value by specifying acceptable types of text ('advisory, forum post, alert') and hints at the content (security-related). This provides more guidance than the schema alone, but still lacks format or length constraints.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's function: triage security text and classify threat level, categories, and recommended action. It specifies the resource (security text) and the action (triage/classify). It distinguishes from sibling tools like breach_news and check_exposure by focusing on text analysis.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly states that this tool performs 'pure analysis of text you supply — collects nothing, reaches no network,' which guides when to use it (for safe, offline analysis). It lacks explicit comparisons to siblings but the context is clear enough for an AI agent.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
breach_newsAInspect
Recent breach and ransomware DISCLOSURES from public threat-intel feeds (HaveIBeenPwned, ransomwatch). Metadata only — entity, date, scale, exposed data TYPES, threat level — never the leaked data. Optional sector/keyword filter (e.g. "bank", "health", "crypto").
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | ||
| sector | No | ||
| since_days | No |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description effectively discloses the tool's behavior: it returns metadata only, not leaked data. It also specifies the sources (HaveIBeenPwned, ransomwatch). This is sufficient for understanding the safety and purpose, though it could mention authentication or rate limits.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise, only two sentences. The first sentence front-loads the core purpose, and the second adds essential details about data type and filters. No unnecessary words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple list tool with no output schema, the description covers the input parameters' intent reasonably well. It explains the output type (metadata) and mentions the optional filter. However, it lacks details on ordering, pagination, or default behavior, leaving minor gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 3 parameters with 0% description coverage. The tool description only explains the sector parameter with examples ('bank', 'health', 'crypto') but does not clarify limit or since_days. Since the schema provides no descriptions, the description should compensate more.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly identifies the tool as providing recent breach and ransomware disclosures from public threat-intel feeds, specifying the type of metadata included. It distinguishes itself from siblings like assess_threat and check_exposure by focusing on listing disclosures rather than assessing or checking specific exposures.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description states what data is provided (metadata) and what is not provided (never leaked data), setting clear expectations. It mentions optional filters but does not explicitly state when to use this tool over alternatives or when not to use it, though the context is clear enough.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_exposureAInspect
Does a domain, company or brand appear in public breach or ransomware DISCLOSURES? The HaveIBeenPwned model: yes/no plus metadata (when, scale, which data types were exposed, severity, source) — never the exposed records. Triage only; confirm through authorized channels.
| Name | Required | Description | Default |
|---|---|---|---|
| query | Yes | ||
| since_days | No |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. It transparently discloses that exposed records are never returned, and lists metadata fields (when, scale, data types, severity, source). Does not mention any authorization or rate limits, but the triage note implies non-authoritative status.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences plus a short usage note, no redundant words. Information is front-loaded and every sentence serves a purpose: statement of function, output description, limitation, and guidance.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description adequately explains return format (yes/no plus metadata). The triage limitation is stated. However, the missing parameter documentation for since_days detracts from completeness for a 2-parameter tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 0%, so description must compensate. The query parameter is implied by context ('domain, company or brand'), but since_days (integer with default) is completely unexplained – its purpose, meaning, and allowed range are missing. The description adds no value beyond the schema for this parameter.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool checks if a domain, company, or brand appears in public breach or ransomware disclosures. It specifies the output (yes/no plus metadata) and what is not returned (exposed records). This distinguishes it from sibling tools like assess_threat and breach_news.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Includes explicit guidance: 'Triage only; confirm through authorized channels.' This clearly indicates when to use (initial triage) and that results require verification. Does not explicitly compare to siblings but provides strong usage context.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
feed_sourcesAInspect
List the public feeds this detector aggregates and how fresh the cache is.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description must fully convey behavior. It states the output (feeds and cache freshness) but does not mention permission requirements, read-only nature, or potential latency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
One sentence, 12 words, no redundant information. The verb 'List' is front-loaded, making the purpose immediate.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
No output schema exists, so the description should explain return format. It mentions feeds and cache freshness but not whether it's a list of names, objects, or timestamps. Adequate for a simple tool but incomplete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters exist, so schema coverage is 100%. The description adds context: 'public feeds this detector aggregates' and 'cache freshness', which goes beyond the empty schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('List') and the resource ('public feeds this detector aggregates' and 'how fresh the cache is'). It distinguishes from siblings like 'assess_threat' by focusing on feeds enumeration.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No explicit when-to-use or alternatives are provided. Usage is implied as a simple listing tool, but the description does not guide when to use this over sibling tools.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!