Skip to main content
Glama

Server Details

PQC scanner for GitHub repos and smart contracts. Detects quantum-vulnerable ECDSA/RSA.

Status
Healthy
Last Tested
Transport
Streamable HTTP
URL

Glama MCP Gateway

Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.

MCP client
Glama
MCP server

Full call logging

Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.

Tool access control

Enable or disable individual tools per connector, so you decide what your agents can and cannot do.

Managed credentials

Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.

Usage analytics

See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.

100% free. Your data is private.
Tool DescriptionsA

Average 4.4/5 across 4 of 4 tools scored.

Server CoherenceA
Disambiguation5/5

Each tool has a clearly distinct purpose: instant algorithm check, repository scanning, smart contract scanning, and result retrieval. No overlap in functionality.

Naming Consistency5/5

All tool names follow a consistent verb_noun pattern with underscores (check_pqc_risk, get_scan_result, scan_contract, scan_repository), making them predictable and easy to understand.

Tool Count5/5

With 4 tools, the set is concise yet covers key workflows: quick assessment, repository scan, contract scan, and result polling. No unnecessary tools.

Completeness4/5

The tools cover the main PQC scanning lifecycle: instant check, scan submission for repos and contracts, and result retrieval. Minor gap: no tool to list or manage scans, but core needs are met.

Available Tools

4 tools
check_pqc_riskAInspect

Instant check (no DB, no scan) — returns whether a list of algorithm names are quantum-vulnerable. Useful for quick risk assessment before calling scan_repository. Rate-limited: 100 calls/day per IP (free), 500/day per API key (paid).

ParametersJSON Schema
NameRequiredDescriptionDefault
algorithmsYesAlgorithm names, e.g. ["ECDSA", "RSA-2048", "ML-KEM-768"]
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Discloses no DB scan, instant, rate limits. No annotations exist, so description carries burden. Lacks mention of error handling or output format.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences, front-loaded with key action and purpose, efficient with no filler.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Simple tool with one param, no output schema; description covers behavior, usage, and constraints completely.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema covers 100% of parameter description. Description adds rate limits but no extra semantics beyond schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it performs an instant check for quantum vulnerability of algorithm names, distinguishing it from sibling tools like scan_repository.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly says use before calling scan_repository, and provides rate limit details, guiding when and how to use.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

get_scan_resultAInspect

Get the result of a previously submitted scan. Returns status (submitted | working | completed | failed) and, when completed, a full CBOM (Cryptographic Bill of Materials) compliant with EIP-7789 and CycloneDX CBOM 1.6, plus a quantum risk score (0 = fully safe, 100 = fully vulnerable). Rate-limited: 60 calls/min per IP or API key.

ParametersJSON Schema
NameRequiredDescriptionDefault
scan_idYesUUID returned by scan_repository
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description must disclose behavior. It states the tool is rate-limited (60 calls/min), returns status progression (submitted, working, completed, failed), and eventually returns a CBOM and risk score. This provides good insight into its read-only, possibly asynchronous nature.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two concise, front-loaded sentences. The first sentence states the core purpose, and the second provides critical details (statuses, output format, rate limit). No redundant text.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool has a single parameter and no output schema, the description adequately explains the return values (status, CBOM, risk score) and includes rate limiting. Missing details on error handling (e.g., invalid scan_id) and clearer differentiation from sibling check_pqc_risk, but overall sufficient for a simple retrieval tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% for the single parameter scan_id, described as a UUID. The description adds context by noting it is returned by scan_repository, but does not add format or behavioral constraints beyond the schema. Baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool retrieves the result of a previously submitted scan, listing possible statuses and the returned data (CBOM and quantum risk score). This distinguishes it from siblings like scan_repository (submits scans) and check_pqc_risk (possibly checks risk without scanning).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage after submitting a scan (e.g., via scan_repository) and mentions rate limits, but does not explicitly guide when to use this vs alternatives or when not to use it. No mention of preconditions or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

scan_contractAInspect

Scan a verified on-chain smart contract for quantum-vulnerable cryptography AND today's fraud patterns (rug pulls, honeypots, uncapped mints, reentrancy). Use this BEFORE signing a transaction, interacting with a DeFi protocol, or integrating a contract into an agent workflow. Synchronous — result is immediate (no polling needed). Requires the contract to be verified on Sourcify (https://sourcify.dev). Returns risk score 0-100, agent risk score, finding breakdown, and concrete PQC migration steps. Rate-limited: same as scan_repository (10/day per IP free, credit-based paid).

ParametersJSON Schema
NameRequiredDescriptionDefault
networkNoChain ID. Default: 1 (Ethereum Mainnet). Supported: 1, 137 (Polygon), 42161 (Arbitrum One), 10 (Optimism), 8453 (Base), 56 (BNB Chain), 43114 (Avalanche C-Chain).
contract_addressYesEthereum-format contract address (0x + 40 hex chars). Example: 0xdAC17F958D2ee523a2206206994597C13D831ec7
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Despite no annotations, description covers synchronicity (immediate), prerequisites, return fields (risk score, findings, migration steps), and rate limits (10/day). Does not mention authentication or side effects, but scanning is read-only.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Four substantive sentences, each adding unique value. Purpose first, then usage, then behavioral traits. No unnecessary words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Covers essential aspects: purpose, prerequisites, return values, rate limit, synchronicity. Could mention output schema details, but description lists key return fields. Differentiates from siblings implicitly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema has 100% coverage; description adds context: default network (Ethereum Mainnet), supported chains list, and example address. Reinforces format for contract address.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool scans verified smart contracts for quantum-vulnerable cryptography and fraud patterns, distinguishing it from siblings like scan_repository (repos) and check_pqc_risk (likely subset).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use: before signing, interacting with DeFi, or integrating contracts. Implies when not to use (unverified contracts). Mentions prerequisites (Sourcify verification).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

scan_repositoryAInspect

Submit a GitHub, GitLab, or Bitbucket repository for post-quantum cryptography (PQC) vulnerability scanning. Returns a scan_id. Call get_scan_result to poll for the result. Free tier: 10 scans/day per IP. Paid tier: credit-based (register at /api/agent/register).

ParametersJSON Schema
NameRequiredDescriptionDefault
repo_urlYesFull repository URL. Example: https://github.com/uniswap/v3-core
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. Discloses asynchronous nature (returns scan_id, poll for result) and rate limits (free tier: 10 scans/day per IP, paid tier with registration). Does not mention error handling for invalid repos.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Three sentences, front-loaded with action, covers purpose, usage, and limitations without unnecessary detail.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given one parameter, no output schema, and low complexity, description adequately explains the workflow, return value, and next steps. No missing critical information.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100% for the single parameter repo_url, which already includes an example. Description adds minimal extra value beyond context of submitting the URL.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states the tool submits a repository for PQC vulnerability scanning and returns a scan_id. It distinguishes from siblings like scan_contract which is for contracts, and get_scan_result for polling.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Describes when to use (to scan a repository) and next step (call get_scan_result). Mentions free/paid tiers and registration, but does not explicitly state when not to use.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Discussions

No comments yet. Be the first to start the discussion!

Try in Browser

Your Connectors

Sign in to create a connector for this server.

Resources