Tech Risk Enrichment
Server Details
Security enrichment: tech-stack -> CVE/EPSS/CISA-KEV findings, $0.05 USDC per query
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 3.4/5 across 2 of 2 tools scored.
Both tools share tech-stack fingerprint enrichment, but enrich_domain focuses on firmographics and DNS, while enrich_tech_risk targets security vulnerabilities. The overlap is minimal and descriptions clearly differentiate their purposes.
Both tools follow a consistent 'enrich_' prefix plus a descriptive noun (domain, tech_risk), forming a clear verb_noun pattern.
With only 2 tools, the server is too thin for the broad domain of domain enrichment. Additional tools for DNS, certificates, or bulk operations would be expected.
Core enrichment tasks (firmographic, tech-stack, security) are covered, but missing straightforward tools for specific data like certificate details or CVE lookup without full enrichment.
Available Tools
2 toolsenrich_domainAInspect
Firmographic + tech-stack enrichment: RDAP registrant/registrar, DNS records, certificate-transparency history, tech-stack fingerprint for a domain. Cost: $0.05 USDC per call via the shared MCP payment gate (the direct HTTP endpoint GET /enrich/domain is $0.01 — MCP tools/call is gated at a flat $0.05 per request today).
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description bears full responsibility. It mentions cost but does not disclose behavioral traits such as whether the tool is read-only, destructive, requires authentication, or has rate limits. The focus is on pricing rather than behavioral transparency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is extremely concise: two sentences that front-load the purpose and then cover cost and alternatives. Every sentence adds value, and there is no wasted text.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The tool performs complex enrichment, yet there is no output schema and the description does not explain the return format or structure of the enrichment data. It lists categories but not how they are presented, which is a significant gap for an agent expecting to use the output.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 0% schema description coverage and only one parameter (domain), the description merely implies that the parameter is the domain name, adding little beyond the parameter name. No format, validation rules, or examples are provided, making it insufficiently informative.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool enriches a domain with firmographic and tech-stack data, listing specific data categories (RDAP, DNS, CT history, tech-stack fingerprint). This provides a specific verb+resource and likely distinguishes from the sibling enrich_tech_risk.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description includes cost information ($0.05 USDC per call) and compares with a cheaper direct HTTP endpoint ($0.01), giving the agent a clear cost-based usage guideline. However, it does not explicitly state when to use this tool versus siblings or exclude scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
enrich_tech_riskBInspect
Security enrichment: tech-stack fingerprint + CVE mapping + EPSS + CISA KEV for a domain. Cost: $0.05 USDC per call (x402 micropayment).
| Name | Required | Description | Default |
|---|---|---|---|
| domain | No | ||
| techstack | No |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries the full burden. It discloses the cost as a behavioral trait but does not mention rate limits, authentication requirements, or whether the operation is read-only. The term 'enrichment' implies a non-destructive operation, but it is not explicit.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise with two sentences. The first sentence succinctly states the tool's functionality, and the second adds important cost information. No unnecessary words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity of the tool (multiple enrichment types) and the lack of an output schema, the description should provide more context about what the output looks like, how results are structured, or any limitations. It only covers purpose and cost, missing completeness for effective decision-making.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 0%, meaning no parameter descriptions are provided in the schema. The description does not explain the purpose or expected format of the 'domain' or 'techstack' parameters. It vaguely mentions 'tech-stack fingerprint' but does not clarify how the parameters relate to the enrichment or whether they are optional/required.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states it performs security enrichment including tech-stack fingerprint, CVE mapping, EPSS, and CISA KEV for a domain. The verb 'enrich' and resource 'tech risk for domain' are specific and unambiguous.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly mentions cost ($0.05 per call), which is a key usage consideration. However, it lacks guidance on when to use this tool versus alternatives or when not to use it. No sibling tools are provided for differentiation.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!