lexvibe
Server Details
One-step legal compliance for vibe-coded apps: privacy, terms, cookie banner and EU AI Act check.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.5/5 across 7 of 7 tools scored.
Each tool has a clearly distinct purpose: check_ai_act classifies AI risk, check_store and check_website audit different platform listings, claim_app creates an app, generate_policies drafts legal docs, get_claim_status tracks claim confirmation, and get_install_snippet provides installation code. No two tools overlap in function.
All tool names follow a consistent verb_noun pattern with snake_case (e.g., check_ai_act, claim_app, generate_policies). The naming is predictable and easy to understand.
Seven tools is a well-scoped set for the server's purpose: three for compliance checks, one for app creation, one for policy generation, one for status tracking, and one for installation snippets. Each tool earns its place without being excessive.
The tool surface covers the primary workflows: checking compliance, creating an app, generating policies, and installation. A minor gap is the lack of update/delete tools for apps, but the core lifecycle is covered. Agents can successfully complete the intended tasks.
Available Tools
7 toolscheck_ai_actClassify EU AI Act riskARead-onlyInspect
Classify a product's risk level under the EU AI Act (minimal / limited / high / prohibited) and return the applicable obligations with their deadlines (limited-risk transparency duties apply from Aug 2, 2026). Answer the boolean questions about what the system does; read-only and instant.
| Name | Required | Description | Default |
|---|---|---|---|
| usesAI | No | Does the product use AI at all? | |
| annexIII | No | Annex III high-risk domains that apply (e.g. employment, education, credit, health). | |
| socialScoring | No | Does it score or rank people based on behavior or characteristics? | |
| generatesContent | No | Does it generate text, images, audio or video shown to users? | |
| automatedDecisions | No | Does it make automated decisions with legal or significant effects? | |
| interactsWithPeople | No | Do people interact directly with the AI (chatbot, assistant…)? | |
| realtimeBiometricPublic | No | Does it do real-time biometric identification in public spaces? |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint=true and destructiveHint=false, so the description's mention of 'read-only and instant' adds value by specifying speed and interactivity ('Answer the boolean questions'). It also discloses that the tool returns obligations with a specific deadline, providing behavioral context beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is three sentences long, front-loaded with the main purpose, and includes key details (risk categories, deadline, read-only, instant). Every sentence contributes valuable information without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a tool with 7 well-documented parameters and no output schema, the description provides sufficient context: it returns risk level and obligations with deadlines, including a specific date for limited-risk transparency duties. It could be slightly more explicit about the full return structure, but overall it is complete enough for effective use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, meaning the input schema already documents all 7 parameters. The description summarizes that these are boolean questions about what the system does, but does not add significant meaning beyond the schema. Baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: classify a product's risk level under the EU AI Act into specific categories (minimal, limited, high, prohibited) and return applicable obligations with deadlines. It also distinguishes itself from sibling tools by focusing specifically on EU AI Act classification.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides clear context for when to use the tool (for EU AI Act risk classification) and mentions it is 'read-only and instant', indicating safe, quick usage. While it does not explicitly state when not to use or list alternatives, the specificity of the purpose implies appropriate usage scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_storeCheck app-store listing complianceARead-onlyInspect
Free legal-compliance check of a mobile app from its PUBLIC App Store (apps.apple.com) or Google Play (play.google.com) listing URL — no repo or developer-account access needed. Follows the privacy-policy link the developer declared on the listing, analyzes that page, and returns detected data processing, compliance recommendations, whether the EU AI Act applies, and suggestedAnswers for generate_policies. Read-only.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | App Store or Google Play listing URL, e.g. https://apps.apple.com/app/id123456789 or https://play.google.com/store/apps/details?id=com.example.app. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations declare readOnlyHint=true and destructiveHint=false; the description reinforces this with 'read-only' and adds behavioral details: follows the privacy-policy link, analyzes that page, and returns specific outputs like data processing and compliance recommendations. No contradiction with annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise at four sentences, front-loading the main purpose and then explaining the mechanism and outputs. Every sentence provides essential information without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool has a single parameter and no output schema, the description adequately covers the input requirements, process (following privacy-policy link, analyzing page), and outputs (data processing, recommendations, etc.). It also notes prerequisites like public URL and no developer account needed.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% for the single parameter url, so baseline is 3. The description adds valuable context by specifying the types of URLs (App Store or Google Play) and gives examples, which improves parameter understanding beyond the schema description.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description uses specific verbs and resources: 'Free legal-compliance check of a mobile app from its PUBLIC App Store or Google Play listing URL'. It clearly distinguishes from sibling tools like check_website and check_ai_act by specifying the source (app store listing) and the scope (compliance check).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description states when to use (when you have an app store listing URL) and implies what it covers (no repo or developer account needed). It does not explicitly list when not to use, but the sibling tools provide natural alternatives for other contexts.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_websiteCheck website complianceARead-onlyInspect
Free legal-compliance check of a public website (no signup). Fetches the URL server-side and detects data processing relevant to compliance — analytics, marketing pixels, payments, generative AI, email collection, third-party sharing — then returns the legal documents and cookie-consent setup the site needs, whether the EU AI Act applies, and suggestedAnswers you can pass straight to generate_policies. Read-only.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Website URL or bare domain, e.g. https://myapp.com or myapp.com. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Discloses read-only behavior and server-side fetching, matching annotations. Adds detailed information about what data processing is detected and returns legal documents and cookie-consent setup. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with core purpose. Second sentence packs details efficiently. No redundancy or filler.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given one input and no output schema, the description fully explains what the tool does and returns (legal docs, cookie consent, EU AI Act applicability, suggestedAnswers). Annotations reinforce read-only and open-world nature. Complete for agent decision-making.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Single 'url' parameter with schema coverage 100%. Description adds meaning by explaining the URL is fetched server-side and used for compliance analysis. Example format provided.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states it performs a free legal-compliance check on public websites. Lists specific detections (analytics, marketing pixels, etc.) and explicitly links to generate_policies. Distinguishes itself from siblings like check_ai_act and check_store by its broad scope.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Provides clear context: free, no signup, public websites, read-only. Implicitly differentiates from siblings by listing detection scope. Could be improved by explicitly stating when to use alternatives, but overall sufficient.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
claim_appClaim a real LexVibe appAInspect
Create a REAL LexVibe app in the user's account (replaces any YOUR_APP_ID placeholder). Returns a claim link: show it to the user so they can sign in and confirm — the link expires in 30 minutes. On confirmation LexVibe creates the app, scans the URL (if given), generates and hosts the legal documents. After the user confirms, call get_claim_status with the returned code to retrieve the real app id and install snippet. Provide at least url or appName.
| Name | Required | Description | Default |
|---|---|---|---|
| url | No | Public URL of the app (website or App Store / Google Play listing). LexVibe scans it on confirmation. | |
| answers | No | Compliance flags you already know (pass check_website's suggestedAnswers): usesAnalytics, processesPayments, usesGenerativeAI, collectsEmails, sharesWithThirdParties, platformType, companyEntity, contactEmail… | |
| appName | No | App / business name (required if no url is provided). | |
| markets | No | Regions where the app has users. Defaults to [eu]. | |
| platform | No | Target platform when there is no url to infer it from. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description discloses that the tool creates an app, replaces the placeholder, returns an expiring claim link (30 minutes), and that on confirmation it scans the URL and generates legal documents. This adds significant context beyond the annotations, which already indicate it is not read-only or open-world.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a concise, front-loaded paragraph with no filler. Every sentence adds value—action, flow, constraints, and post-call steps.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity (5 parameters, nested objects, no output schema), the description covers the full workflow: creation, expiration, confirmation, and follow-up call. It lacks only explicit return value details, but the absence of output schema makes this acceptable.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, but the description adds critical guidance: requiring at least url or appName, explaining answers as compliance flags from check_website, and listing example keys. This meaningfully clarifies usage beyond the schema alone.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Title and description clearly state the tool creates a real LexVibe app, replacing a placeholder, and returns a claim link. It explicitly distinguishes from siblings like check_website and get_claim_status by outlining the unique creation and claiming flow.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides clear context on when to use this tool (create a real app after a placeholder) and what to do after (call get_claim_status). It requires at least url or appName, but does not explicitly state when not to use it or compare to alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
generate_policiesGenerate legal documentsARead-onlyInspect
Generate the legal documents (privacy policy, terms of service and, if applicable, an AI disclosure) localized and tailored to the target markets (GDPR, UK GDPR, CCPA…). Returns Markdown drafts. Pass check_website's or check_store's suggestedAnswers as answers so the documents disclose the right processing. Anonymous remote generation is template-based and capped at 3 locales; AI-tailored, hosted and auto-updated documents require a LexVibe account (https://golexvibe.com).
| Name | Required | Description | Default |
|---|---|---|---|
| entity | No | Data controller / legal entity responsible for the app. | |
| answers | No | Compliance flags; pass check_website's suggestedAnswers. Recognized keys: usesAnalytics, processesPayments, usesGenerativeAI, collectsEmails, sharesWithThirdParties, platformType. | |
| appName | Yes | Public / commercial name of the product. | |
| locales | No | Document languages (max 3 for anonymous callers). Defaults to the languages suggested by the chosen markets. | |
| markets | Yes | Regions where the app has users; determines the legal frameworks covered. | |
| contactEmail | No | Contact email for privacy requests and data-subject rights. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations declare readOnlyHint=true, which aligns with generating drafts (no side effects). The description adds context: generation is template-based or AI-tailored, with account requirements and locale caps. No contradiction.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, concise and front-loaded. First sentence defines purpose and output; second expands on usage and limitations. No wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a tool with 6 parameters and no output schema, the description covers the return format (Markdown drafts), key usage context (answers from sibling tools), and limitations (locale cap, account requirement). Sufficient for agent decision.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with detailed descriptions. The description adds extra guidance: passing suggestedAnswers from sibling tools, and the locale cap of 3 for anonymous callers, supplementing the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it generates legal documents (privacy policy, terms of service, AI disclosure) localized to target markets, returning Markdown drafts. This is distinct from sibling tools which check or claim, not generate.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly guides to pass check_website's or check_store's suggestedAnswers as 'answers' for proper disclosure. Also notes limitations: anonymous generation is template-based, capped at 3 locales, while AI-tailored requires a LexVibe account.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_claim_statusGet claim statusARead-onlyInspect
Check whether the user has confirmed a claim created with claim_app. While the user hasn't confirmed yet it returns {status: 'pending'} — wait a few seconds and call again (the link expires in 30 minutes). Once claimed it returns the REAL app id, the install snippet and the hosted privacy-policy URL: replace any placeholder (YOUR_APP_ID) snippet with the real one.
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | The claim code returned by claim_app. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate readOnlyHint=true and destructiveHint=false, which the description does not contradict. Description adds detailed behavior: pending status, retry logic, expiration, and return of real app ID, install snippet, and privacy-policy URL.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with purpose, second sentence detailing behavior. No redundant words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description fully explains return format for both pending and confirmed states, including what to do with placeholders. Covers retry and expiration.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema covers 100% of parameter details with description 'The claim code returned by claim_app.' Description adds context about retry and output behavior, providing extra value beyond schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states 'check whether the user has confirmed a claim created with claim_app', specifying the verb, resource, and prerequisite. Differentiates from siblings like claim_app and get_install_snippet.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly guides when to use (after claim_app) and what to do while pending: 'wait a few seconds and call again'. Also mentions expiration (30 minutes). Lacks explicit when-not-to-use or alternative tools.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_install_snippetGet install snippetARead-onlyInspect
Return what to install for a LexVibe app id. For web: the one-line snippet (cookie banner with real script blocking + hosted policy links) to paste before , plus a JSX variant for React/Next.js layouts. For iOS/Android: the hosted privacy-policy URL and the exact App Store Connect / Google Play Console fields to paste it into. No app id yet? Call claim_app to create one in the user's account.
| Name | Required | Description | Default |
|---|---|---|---|
| appId | Yes | LexVibe app id from the dashboard. | |
| accent | No | Optional brand color for the banner, as a hex value like #4f46e5. | |
| platform | No | Target platform. Defaults to web. | web |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate read-only and non-destructive behavior. The description adds concrete details: for web it returns a script snippet with cookie blocking and policy links, plus a JSX variant; for mobile it returns a URL and specific fields. This goes beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is four sentences, well-organized with a general statement, platform-specific details, and a conditional note. Every sentence adds value, no wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description adequately explains the return values per platform. It covers platform behavior and the key condition for missing app ids. Lacks explicit return format but sufficient for agent understanding.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The schema already has 100% coverage with descriptions for all parameters. The description adds context about platform-specific outputs but does not significantly enhance parameter meaning beyond what the schema provides. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it returns install instructions for a LexVibe app id, distinguishing between web and mobile platforms. It also mentions an alternative tool (claim_app) for missing app ids, making the purpose specific and differentiated from siblings.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly says to use this tool when you have an app id and provides clear guidance for different platforms. It also tells the user to call claim_app if no app id exists, offering a when-not-to-use condition. However, it does not list other exclusions.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!