Agentic Security Shield
Server Details
12-layer security configs for AI coding agents. Autonomous purchase via x402 (USDC on Base).
- Status
- Unhealthy
- Last Tested
- Transport
- Streamable HTTP
- URL
- Repository
- ormuzdo/agentic-security-shield
- GitHub Stars
- 0
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.3/5 across 4 of 4 tools scored.
Each tool has a distinct and well-defined purpose: preview, pricing, sample, and purchase. There is no overlap or ambiguity between them.
All tool names follow a consistent verb_noun pattern (get_preview, get_pricing, get_sample, purchase) using snake_case, making them predictable and easy to understand.
With only 4 tools, the server is tightly scoped to its core functions: providing information and facilitating purchase. This is appropriate for a security product acquisition flow.
The tool set covers the complete user journey: learning about the product (preview, pricing, sample) and completing the purchase (purchase). There are no obvious gaps for the intended domain.
Available Tools
4 toolsget_previewAInspect
Get a free preview of Agentic Security Shield — what it does, which AI tools and backends it supports, and what security layers are included. No payment required.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of transparency. It clearly indicates the tool is a read-only preview that does not require payment, implying no side effects. This is sufficient for a simple informational tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, immediately stating the tool's purpose and noting the lack of payment. Every word adds value, and it is concise without being terse.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The description explains what the preview covers, but does not mention the return format (e.g., text, markdown) or what the agent can expect as output. For a no-parameter tool, this is a minor gap that prevents full completeness.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has zero parameters, so the baseline is 4. The description adds no parameter information but does not need to, as there are no parameters to document.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states that the tool provides a free preview of Agentic Security Shield, explaining what it covers (capabilities, supported tools/backends, security layers). It is distinct from sibling tools like get_pricing, get_sample, and purchase, making its purpose unambiguous.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage for obtaining an overview before purchasing or exploring specifics, and explicitly states 'No payment required,' which suggests it is for initial information gathering. However, it does not explicitly mention when not to use it or point to alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_pricingAInspect
Get pricing information and payment instructions for Agentic Security Shield. Returns price, accepted payment method (x402/USDC on Base), and step-by-step purchase flow.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description must carry the full burden. It accurately describes the return values and implies a read-only operation. It does not mention side effects, authorization, or rate limits, but for a simple info-gathering tool this is acceptable.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences front-loaded with the tool's purpose. Every word adds value, and the structure is efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema and no annotations, the description provides a reasonable picture. It covers price, payment method, and purchase steps. Could be enhanced by noting if the price is static or dynamic, but overall it is sufficient for a simple informational tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has no parameters (0 params, 100% coverage). Baseline is 4. The description adds no parameter info but instead focuses on what the tool returns, which is helpful but not required for this dimension.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool obtains pricing and payment instructions for Agentic Security Shield, specifying exact return items (price, payment method, purchase flow). This differentiates it from siblings like get_preview and purchase.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No explicit guidance on when to use this vs alternatives. While the purpose is implied (use when needing pricing info), the presence of siblings (get_preview, get_sample, purchase) suggests additional clarification would help agents choose correctly.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_sampleAInspect
Get a free sample security rule from Agentic Security Shield. Returns Layer 3 (Secrets Guard) with real code examples showing vulnerable vs. secure patterns. Demonstrates the quality and depth of all 12 layers.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. It describes the return value but does not disclose any behavioral traits such as idempotency, rate limits, or side effects. However, as a read operation, the impact is low.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, no redundancy, every word adds value. Clearly explains purpose and what to expect.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no parameters and no output schema, the description sufficiently covers what the tool does and what it returns. Could mention that it is free and intended for evaluation, but overall adequate.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters exist, and schema coverage is 100%. The description does not need to add parameter information, meeting the baseline of 4 for zero-parameter tools.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states it gets a free sample security rule, specifying the layer (Secrets Guard) and that it includes code examples. Distinguishes itself from siblings by being a free sample.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Implies usage for demonstration or evaluation, but does not explicitly state when to use or when not to use it, nor does it mention alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
purchaseAInspect
Purchase Agentic Security Shield and receive all security configuration files.
TWO-PHASE FLOW (you MUST do BOTH steps): STEP 1 — on-chain payment + token exchange: a) Send 19 USDC on Base network to the recipient address in /pricing or /.well-known/mcp/server-card.json (payTo field). b) POST /purchase (HTTP REST, not this MCP tool!) Header: x-payment-token: <on-chain transaction hash, 0x + 64 hex> Response: { "download_token": "dl_", "files": {...} }
STEP 2 — call this MCP tool with the dl_ token: purchase({ payment_token: "dl_" })
The on-chain tx hash is single-use and only valid in STEP 1. After STEP 1 you have a 24-hour-valid dl_ download token usable in this MCP tool. Most agents will get the files inline from STEP 1's response and never need to call this MCP tool — it exists for clients that prefer MCP-native delivery.
| Name | Required | Description | Default |
|---|---|---|---|
| ai_tool | No | Optional: the AI tool you use (e.g., 'claude-code', 'cursor', 'copilot'). If provided, the primary config file for this tool will be highlighted in the response. | |
| payment_token | Yes | Download token from STEP 1 (format: 'dl_<uuid>' returned by POST /purchase). NOT the raw on-chain tx hash — that goes to POST /purchase's x-payment-token header in STEP 1. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description must disclose behavior. It explains the token format, single-use nature, 24-hour validity, and that it delivers config files. However, it does not explicitly state whether the tool modifies state or is read-only, which would be a minor gap.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is well-structured with clear step-by-step instructions and a front-loaded purpose. While verbose, every part earns its place. A slightly more concise phrasing could improve it, but it is not overly long.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity (two-phase flow) and lack of output schema, the description adequately explains the process and prerequisites. It details what happens in each step and the token lifecycle. However, it could more clearly state the tool's response format (e.g., whether it returns files directly or a secondary token).
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, giving a baseline of 3. The description adds value by clarifying that 'payment_token' is a download token (not the raw on-chain hash) and that 'ai_tool' is optional for highlighting. This extra context improves parameter understanding.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Purchase Agentic Security Shield and receive all security configuration files.' It uses specific verb+resource and distinguishes itself from siblings (get_preview, get_pricing, get_sample) which are for preview, pricing, and samples.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit two-phase flow instructions, including when to use this tool (STEP 2) and when not to ('most agents will get the files inline from STEP 1's response and never need to call this MCP tool'). It also mentions alternatives and the 24-hour token validity.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!