Frogeye Security Scanner
Server Details
Zero-config MCP security scanner for AI-generated apps. 25K+ vulnerability patterns.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
- Repository
- frogeye-ai/mcp
- GitHub Stars
- 0
- Server Listing
- frogeye-mcp
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4/5 across 7 of 7 tools scored. Lowest: 3.2/5.
Each tool serves a clearly distinct purpose: scanning a snippet vs. batch scanning, correlating results, searching the knowledge graph, learning team-specific rules, posting new patterns, and registering a username. No two tools overlap in functionality, and descriptions clearly delineate their roles.
All tools follow a consistent 'frogeye_verb' pattern (e.g., frogeye_scan, frogeye_search, frogeye_learn). The only compound is 'batch_scan', which is a natural extension and maintains the verb form. No mixing of naming conventions.
With 7 tools, the server is well-scoped for its domain. It covers scanning (single and batch), correlation, search, learning, pattern contribution, and user registration. The count feels neither sparse nor overwhelming.
The tool surface covers core scanning and knowledge graph interaction but lacks update/delete operations for learned rules and posted patterns. There is no way to list or retrieve past scans, rules, or patterns, leaving some lifecycle gaps that may require workarounds.
Available Tools
7 toolsfrogeye_batch_scanAInspect
Batch scan up to 10 code snippets in a single MCP call. More efficient than 10 individual frogeye_scan calls for scanning multiple files or repos. Returns findings array with confidence scores and badge suggestions per item.
| Name | Required | Description | Default |
|---|---|---|---|
| items | Yes | Array of code snippets to scan (max 10) |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations exist, so the description carries the burden. It discloses the return type (findings array with confidence scores and badge suggestions). However, it does not mention side effects or permissions, though the tool is likely read-only.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Three succinct sentences, each providing value: batching capability, efficiency claim, and return format. No redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The description explains the core functionality and output, but lacks details on error handling or edge cases. For a tool with one parameter and no output schema, it is sufficiently complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, and the description adds context about the return structure per item, which goes beyond schema details.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: batch scanning up to 10 code snippets. It distinguishes itself from the sibling 'frogeye_scan' by highlighting efficiency for multiple files/repos.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly states when to use (scanning multiple files/repos) and hints at when not to use (prefer frogeye_scan for single scans) by comparing efficiency.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
frogeye_correlateAInspect
Correlate multiple vulnerability class names found in a scan to detect compound security risks. Identifies dangerous combinations where individual findings combine into a higher-severity attack chain. No API key required.
| Name | Required | Description | Default |
|---|---|---|---|
| patterns | Yes | Array of vuln_class names found in a scan (e.g. ["cors-misconfiguration", "missing-authentication"]). Use the vuln_class values returned by frogeye_search or frogeye_scan. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries full burden. It mentions that no API key is needed and outlines the correlating behavior. However, it does not detail the output format, side effects, or any constraints beyond input sourcing.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is three concise sentences, front-loaded with the core purpose and key usage context. No unnecessary information, each sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given one required parameter and no output schema, the description explains input provenance and the compound risk detection goal. It lacks explicit output details but is sufficient for a simple correlator tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The single parameter 'patterns' is described in the schema, but the tool description adds context by specifying it should contain vuln_class names from scans and gives an example. This enhances understanding beyond the schema alone.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: correlating multiple vulnerability class names to detect compound security risks and identify dangerous combinations forming higher-severity attack chains. It uses a specific verb ('correlate') and resource ('vulnerability class names'), and distinguishes from siblings like frogeye_scan or frogeye_search.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description advises using vuln_class values from frogeye_search or frogeye_scan, implying when to invoke the tool. It also notes that no API key is required. However, it lacks explicit guidance on when not to use or alternative tool comparisons.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
frogeye_learnAInspect
Teach Frogeye a team-specific security rule. Writes a private, team-scoped pattern to your KB — visible only when searching with your API key. Requires authentication.
| Name | Required | Description | Default |
|---|---|---|---|
| fix | No | How to fix or avoid the vulnerability. Optional but recommended. | |
| example | Yes | Code example of the bad pattern. | |
| finding | Yes | Description of the vulnerability or security rule. | |
| severity | Yes | Severity classification. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries full burden. It discloses that the tool writes a private, team-scoped pattern visible only with the API key and requires authentication. However, it does not mention side effects (e.g., overwriting existing rules, idempotency) or rate limits, leaving some behavioral traits unclear.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences: first defines the action and second adds important scoping and authentication detail. Every word earns its place; no redundancy or unnecessary information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
With 4 parameters (3 required) and no output schema, the description covers purpose and privacy but omits what the tool returns after success (e.g., confirmation or ID). For a creation tool, this gap makes it somewhat incomplete, though the core functionality is clear.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so baseline is 3. The description adds no information about parameters beyond what the schema already provides (e.g., finding, example, severity, fix descriptions are in schema).
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: to teach Frogeye a team-specific security rule by writing a private pattern to its knowledge base. It uses a specific verb ('teach') and identifies the resource ('security rule' in KB), and the team-scoped visibility distinguishes it from sibling tools like frogeye_scan or frogeye_search.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage context (when you want to add a custom security rule) and notes authentication requirement, but does not explicitly state when to avoid this tool or provide alternatives like using frogeye_search for querying existing rules.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
frogeye_postAInspect
Submit a new vulnerability pattern to the Frogeye knowledge graph. The pattern will be anonymized and queued for human review before being published.
| Name | Required | Description | Default |
|---|---|---|---|
| context | No | Optional context about the vulnerability (how it was found, impact, etc.). | |
| pattern | Yes | The vulnerable code pattern or description. Minimum 10 characters. | |
| language | Yes | Programming language or framework where this vulnerability was found. | |
| severity | Yes | Severity classification of the vulnerability. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of behavioral disclosure. It reveals that patterns are anonymized and queued for human review, indicating a delay in publication. However, it does not discuss authentication, rate limits, side effects, or return values (no output schema), leaving some behavioral gaps.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single sentence that is front-loaded with the key action and resource. It conveys essential information without any fluff, earning its place efficiently.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity (4 parameters, no output schema, no annotations), the description provides reasonable context about the submission process (anonymization, review queue). It does not explain the response format or error conditions, but for a submission tool, this is largely sufficient.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Input schema coverage is 100%, so parameters are well-documented. The description adds high-level context about anonymization and review but does not provide additional meaning beyond the schema for individual parameters. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action 'Submit a new vulnerability pattern' and the target 'Frogeye knowledge graph'. It is specific and distinct from sibling tools (frogeye_correlate, frogeye_learn, etc.), which focus on other operations like correlation, learning, or scanning.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage when one has a vulnerability pattern to submit, but it does not explicitly state when not to use it or provide alternatives. The context of human review and anonymization gives additional situational awareness, but explicit guidance on alternatives is absent.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
frogeye_registerAInspect
Claim a username for this agent. Idempotent — safe to call multiple times.
| Name | Required | Description | Default |
|---|---|---|---|
| username | Yes | Your agent username (3-32 chars, lowercase alphanumeric and hyphens only). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description carries full burden for behavioral disclosure. It adds the key trait of idempotency, but does not specify error behavior (e.g., duplicate username) or required permissions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences deliver purpose and a critical behavioral note with zero waste. Every word earns its place.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple one-parameter, idempotent registration tool, the description covers the essential operation. It lacks details on return values or success/failure signals, but the tool's simplicity mitigates this.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% with detailed parameter docs (3-32 chars, lowercase alphanumeric and hyphens). The description adds no further parameter meaning, so baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('Claim a username for this agent') and identifies the resource, distinguishing it from sibling tools like frogeye_correlate or frogeye_scan that perform different operations.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly notes idempotency ('safe to call multiple times'), providing clear guidance on reusability. However, it does not mention when to avoid use or compare to alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
frogeye_scanAInspect
Scan a code snippet for security vulnerabilities against 24,000+ patterns. Pass your code snippet directly via the content parameter. The hosted Frogeye server cannot access your local filesystem — Claude Code should read the file content and pass it here.
| Name | Required | Description | Default |
|---|---|---|---|
| repo | No | GitHub repo name (optional) — used to record scan in the Frogeye verify database | |
| owner | No | GitHub repo owner (optional) — used to record scan in the Frogeye verify database | |
| content | No | Direct code content to scan. This is the recommended parameter for the hosted Frogeye server. | |
| language | No | Programming language hint. Auto-detected from file extension. | |
| file_path | No | Absolute path to the file to scan. Use content instead when running against the hosted server. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description discloses that the server cannot access the local filesystem and that it uses 24,000+ patterns. However, with no annotations, it lacks details on output format, performance, or side effects. It adequately covers basic behavioral constraints.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two concise sentences, with the purpose front-loaded and the guidance in the second. Every sentence is purposeful and adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no annotations or output schema, the description covers the main action, usage instructions, and a key constraint. It could mention the output type, but it is sufficiently complete for a scanning tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
All 5 parameters have descriptions in the schema. The description adds value by recommending content over file_path and explaining that repo/owner are optional for recording scans. This goes beyond the schema's basic descriptions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool scans code snippets for security vulnerabilities against 24,000+ patterns, using a specific verb and resource. It distinguishes itself from sibling tools like frogeye_correlate or frogeye_learn.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description advises using the content parameter instead of file_path because the hosted server cannot access the local filesystem. It provides clear context but does not explicitly mention when to use or avoid the tool compared to alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
frogeye_searchBInspect
Search the Frogeye vulnerability knowledge graph for patterns similar to the given code snippet. Returns the top 10 matching vulnerability patterns with severity, class, and fix suggestions.
| Name | Required | Description | Default |
|---|---|---|---|
| query | No | The code pattern, snippet, or vulnerability description to search for. Canonical field name (also accepted: pattern). | |
| context | No | Optional additional context about where this pattern appears (e.g. "auth middleware", "payment handler"). | |
| pattern | No | Alias for query — accepted for backwards compatibility. | |
| filename | No | Optional filename or path of the file being scanned (e.g. ".env.example", "config/secrets.template"). Used to detect placeholder files that should not be flagged. | |
| language | Yes | Programming language or framework (e.g. "javascript", "python", "solidity", "react"). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries full burden for behavioral disclosure. It states the tool returns top 10 matches with certain fields, but fails to disclose important traits like authentication requirements, rate limits, error handling, or behavior when no matches are found.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single sentence that front-loads the purpose and key return details. It is concise and free of unnecessary words, though slightly more structure (e.g., listing return attributes) could improve readability.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given 5 parameters and no output schema, the description covers core purpose and return structure but lacks details on return types, error cases, or usage examples. It is minimally adequate but not fully complete for an agent to use confidently.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 100% description coverage, so baseline is 3. The description adds minimal extra meaning beyond schema definitions, mentioning return format but not parameter-specific details. It meets the baseline but does not significantly enhance parameter understanding.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool searches a vulnerability knowledge graph for patterns similar to a code snippet, and specifies return details (top 10 matches with severity, class, fix suggestions). However, it does not explicitly differentiate from sibling tools like frogeye_correlate, though the name 'search' implies its role.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage when one has a code snippet to find similar vulnerability patterns, but provides no explicit guidance on when to use this tool versus alternatives like frogeye_correlate or frogeye_scan. No exclusions or context for when not to use are mentioned.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!
Your Connectors
Sign in to create a connector for this server.