lookup-disclose-io
Server Details
Find the right security-disclosure contact for any internet asset (domain, IP, package, repo, app).
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.4/5 across 2 of 2 tools scored.
The two tools have clearly distinct purposes: one classifies an asset type, the other looks up security contact information. No overlap in functionality.
Both tool names follow the verb_noun pattern using snake_case (classify_asset, lookup_security_contact), maintaining consistent style.
With only 2 tools, the server is on the low end of the borderline range. However, it serves a focused purpose (classification and lookup) and may be sufficient for its scope.
The tool set covers the essential workflow: classify an asset to determine its type, then look up security contact. No obvious gaps for the intended domain.
Available Tools
2 toolsclassify_assetAsset Type ClassifierARead-onlyInspect
Classify an input as a domain, IP, package, repository, etc. No network calls — instant response. Useful for understanding what an asset is before performing a full lookup.
| Name | Required | Description | Default |
|---|---|---|---|
| input | Yes | The input to classify |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true and openWorldHint=false. The description adds that it makes 'No network calls — instant response,' which provides additional behavioral insight beyond the annotations. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, front-loaded with purpose, and adds a valuable usage note. Every sentence earns its place without redundancy or fluff.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the simplicity (one string parameter, no output schema), the description fully explains the tool's purpose, expected categories, performance characteristics, and recommended usage context. No gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has one parameter 'input' with description 'The input to classify.' Schema description coverage is 100%, so the description does not need to add much. It does not provide examples or format details beyond the schema, so it meets the baseline expectation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb 'classify' and resource 'an input', lists example outputs (domain, IP, package, repository), and implicitly distinguishes from the sibling tool 'lookup_security_contact' by focusing on classification rather than lookup.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides clear context: 'Useful for understanding what an asset is before performing a full lookup.' It also notes the tool makes no network calls and provides instant response, guiding when to use. However, it does not explicitly state when not to use or name alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
lookup_security_contactSecurity Contact LookupARead-onlyInspect
Find security reporting channels for responsible vulnerability disclosure. Takes a domain, IP, URL, package name, repository, container image, mobile app, hardware device, browser extension, desktop app, or organization name. Returns bug bounty programs, security.txt contacts, VDP links, abuse contacts, and national CERT fallbacks sorted by confidence. This is informational only — not legal advice.
| Name | Required | Description | Default |
|---|---|---|---|
| asset | Yes | The asset to look up. Examples: "cloudflare.com", "8.8.8.8", "npm:express", "gh:facebook/react", "app:WhatsApp", "hw:Cisco ASA 5505" | |
| asset_type | No | Force a specific asset type. Auto-detected if omitted. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate readOnlyHint and openWorldHint; the description adds context about returning sorted contacts by confidence and being informational only, no contradictions. However, it could detail what 'sorted by confidence' means operationally.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Three concise sentences: purpose, input types, output, and caveat. No redundant words, each sentence adds necessary information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description fully explains what is returned (bug bounty programs, security.txt contacts, etc.) and provides a caveat. All critical aspects are covered for a simple lookup tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Both parameters are documented in the schema (100% coverage). The description adds real-world examples for 'asset' and explains auto-detection for 'asset_type', going beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description uses a specific verb 'Find' and clearly states the resource: 'security reporting channels for responsible vulnerability disclosure'. It distinguishes from the sibling tool 'classify_asset' by focusing on contact lookup rather than classification.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly states when to use (finding security contacts) and includes a caveat ('This is informational only — not legal advice'), but does not explicitly mention when not to use or provide alternatives beyond the sibling tool name.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!