Skip to main content
Glama

Server Details

Threat intel for AI agents: CVE lookups, package vulns (OSV), URL threats, IP reputation.

Status
Healthy
Last Tested
Transport
Streamable HTTP
URL

Glama MCP Gateway

Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.

MCP client
Glama
MCP server

Full call logging

Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.

Tool access control

Enable or disable individual tools per connector, so you decide what your agents can and cannot do.

Managed credentials

Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.

Usage analytics

See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.

100% free. Your data is private.
Tool DescriptionsA

Average 4.1/5 across 4 of 4 tools scored.

Server CoherenceA
Disambiguation5/5

Each tool targets a distinct security domain: CVEs, IP reputation, package vulnerabilities, and URL phishing. There is no functional overlap; an agent can easily select the right tool for a given security query.

Naming Consistency4/5

All names use lowercase with underscores, but two are noun_verb (cve_lookup, url_check) and two are noun_noun (ip_reputation, package_vulnerabilities). This minor inconsistency is still clear and not confusing.

Tool Count5/5

With 4 tools, the server is tightly scoped to common security intelligence lookups. Each tool serves a clear purpose without redundancy, and the count is ideal for focused integration.

Completeness4/5

The set covers the most frequent security intel needs: vulnerability (CVE, package), network threat (IP, URL). Missing common vectors like file hash or domain reputation, but the core set is functional and avoids dead ends.

Available Tools

4 tools
cve_lookupAInspect

Look up a CVE by ID. Returns a compact summary: description, CVSS score/severity, CISA KEV (known-exploited) status, affected products, dates, and top references. Use before approving dependencies, evaluating alerts, or assessing exposure.

ParametersJSON Schema
NameRequiredDescriptionDefault
cve_idYesCVE identifier, e.g. CVE-2021-44228
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries the full burden. It lists the returned fields (description, CVSS, CISA KEV, affected products, dates, references), which effectively communicates the tool's behavior. Minor gap: no mention of error handling for invalid CVE IDs.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences with no fluff. The first sentence gives purpose and output, the second gives usage scenarios. Information is front-loaded and efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple lookup tool with one parameter and no output schema, the description adequately covers what the tool does and when to use it. It lacks details on edge cases (e.g., missing CVE) but is otherwise complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with a detailed description and pattern for cve_id. The tool description adds no extra meaning beyond what the schema already provides, so baseline score of 3 applies.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'look up' and the resource 'CVE by ID', and distinguishes from sibling tools (ip_reputation, package_vulnerabilities, url_check) which serve different purposes.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicit guidance is given: 'Use before approving dependencies, evaluating alerts, or assessing exposure.' It provides clear context for when to use, though it does not mention when not to use or explicitly compare with alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

ip_reputationAInspect

Get abuse reputation for an IPv4/IPv6 address via AbuseIPDB: abuse confidence score (0-100), report count, ISP, usage type, country. Use to vet inbound connections, log entries, or suspicious hosts.

ParametersJSON Schema
NameRequiredDescriptionDefault
ipYesIPv4 or IPv6 address
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. Mentions external source (AbuseIPDB) and outputs, but does not disclose rate limits, authentication needs, or that it's a read-only lookup. Adequate but could be more transparent.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two concise sentences, front-loaded with purpose and details. No unnecessary words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

No output schema, but description adequately lists return fields (score, report count, ISP, etc.) and use context. Missing error handling or interpretation guidance, but sufficient for a simple lookup.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Only one parameter (ip) with schema description covering 100%. Description does not add meaning beyond what schema provides; it explains the tool's purpose but not parameter-specific details. Baseline score is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the tool retrieves abuse reputation for an IPv4/IPv6 address, listing specific data fields. Distinguishes from siblings like cve_lookup and url_check by focusing on IP reputation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly suggests use cases: vetting inbound connections, log entries, or suspicious hosts. Does not mention when not to use or alternatives, but the context is clear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

package_vulnerabilitiesAInspect

List known vulnerabilities for a software package (optionally a specific version) using OSV.dev. Covers npm, PyPI, Go, Maven, crates.io, RubyGems, Packagist, NuGet and more. Returns vuln IDs, severity, summary, and fixed versions.

ParametersJSON Schema
NameRequiredDescriptionDefault
nameYesPackage name, e.g. lodash or org.apache.logging.log4j:log4j-core
versionNoExact version to check (optional; omit to list all known vulns)
ecosystemYesPackage ecosystem: npm, PyPI, Go, Maven, crates.io, RubyGems, Packagist, NuGet, Hex, Pub, Debian, Alpine
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Without annotations, the description carries the full burden. It clearly states it uses OSV.dev, covers multiple ecosystems, and returns specific fields (vuln IDs, severity, summary, fixed versions). This provides good transparency about input and output. However, it does not mention potential edge cases like network failures or empty results.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences: first clearly states the purpose, second adds supporting details about ecosystems and return values. Every word is necessary, and there is no redundancy or fluff.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple query tool with no output schema, the description covers input, source, output fields, and ecosystems. It is adequate but could mention how results behave (e.g., pagination, sorting) or handling of unknown packages. Lacks edge-case disclosure but is sufficient for typical use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so the schema already describes all three parameters. The description adds context by mentioning the optional version and listing ecosystems beyond those in the schema (e.g., Hex, Pub, Debian, Alpine). This supplements but does not significantly surpass the schema descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the tool lists known vulnerabilities for a software package, optionally a specific version, using OSV.dev. It covers multiple ecosystems and specifies the return fields (vuln IDs, severity, summary, fixed versions). This clearly distinguishes it from sibling tools like cve_lookup, which deals with specific CVEs, and ip_reputation or url_check, which handle IPs and URLs.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No explicit guidance on when to use this tool versus alternatives. The purpose implies it is for package vulnerabilities, but there is no mention of when not to use it or which sibling tools to use for overlapping needs (e.g., looking up a specific CVE). Implicit differentiation from sibling names is present but not stated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

url_checkAInspect

Check whether a URL is a known malware/phishing distribution site via abuse.ch URLhaus. Returns threat status, malware family tags, and takedown state. Use before fetching or recommending unfamiliar URLs.

ParametersJSON Schema
NameRequiredDescriptionDefault
urlYesFull URL to check, including scheme
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries the full burden of behavioral disclosure. It accurately describes the tool as a read-only check returning threat data, with no mention of side effects. While it does not detail rate limits or authentication, the description is sufficient for a simple lookup tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is only two sentences and contains no redundant information. It is efficiently front-loaded with the core purpose and ends with a usage recommendation.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple tool with one parameter and no output schema, the description covers all necessary aspects: what it does, what it returns, and when to use it. No additional context is needed.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, and the description of the single parameter 'url' ('Full URL to check, including scheme') matches the schema. The description adds no additional meaning beyond what is already in the input schema, so a baseline score of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('check'), the resource ('URL'), the source ('abuse.ch URLhaus'), and the return values ('threat status, malware family tags, and takedown state'). It distinguishes from sibling tools (cve_lookup, ip_reputation, package_vulnerabilities) which deal with different security data.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides a clear usage context: 'Use before fetching or recommending unfamiliar URLs.' This implies when to use but does not explicitly mention when not to use or alternatives, though sibling tool names provide implicit differentiation.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Discussions

No comments yet. Be the first to start the discussion!

Try in Browser

Your Connectors

Sign in to create a connector for this server.

Resources