Security Intel MCP
Server Details
Threat intel for AI agents: CVE lookups, package vulns (OSV), URL threats, IP reputation.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 4 of 4 tools scored.
Each tool targets a distinct security domain: CVEs, IP reputation, package vulnerabilities, and URL phishing. There is no functional overlap; an agent can easily select the right tool for a given security query.
All names use lowercase with underscores, but two are noun_verb (cve_lookup, url_check) and two are noun_noun (ip_reputation, package_vulnerabilities). This minor inconsistency is still clear and not confusing.
With 4 tools, the server is tightly scoped to common security intelligence lookups. Each tool serves a clear purpose without redundancy, and the count is ideal for focused integration.
The set covers the most frequent security intel needs: vulnerability (CVE, package), network threat (IP, URL). Missing common vectors like file hash or domain reputation, but the core set is functional and avoids dead ends.
Available Tools
4 toolscve_lookupAInspect
Look up a CVE by ID. Returns a compact summary: description, CVSS score/severity, CISA KEV (known-exploited) status, affected products, dates, and top references. Use before approving dependencies, evaluating alerts, or assessing exposure.
| Name | Required | Description | Default |
|---|---|---|---|
| cve_id | Yes | CVE identifier, e.g. CVE-2021-44228 |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description carries the full burden. It lists the returned fields (description, CVSS, CISA KEV, affected products, dates, references), which effectively communicates the tool's behavior. Minor gap: no mention of error handling for invalid CVE IDs.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences with no fluff. The first sentence gives purpose and output, the second gives usage scenarios. Information is front-loaded and efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple lookup tool with one parameter and no output schema, the description adequately covers what the tool does and when to use it. It lacks details on edge cases (e.g., missing CVE) but is otherwise complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with a detailed description and pattern for cve_id. The tool description adds no extra meaning beyond what the schema already provides, so baseline score of 3 applies.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb 'look up' and the resource 'CVE by ID', and distinguishes from sibling tools (ip_reputation, package_vulnerabilities, url_check) which serve different purposes.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicit guidance is given: 'Use before approving dependencies, evaluating alerts, or assessing exposure.' It provides clear context for when to use, though it does not mention when not to use or explicitly compare with alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
ip_reputationAInspect
Get abuse reputation for an IPv4/IPv6 address via AbuseIPDB: abuse confidence score (0-100), report count, ISP, usage type, country. Use to vet inbound connections, log entries, or suspicious hosts.
| Name | Required | Description | Default |
|---|---|---|---|
| ip | Yes | IPv4 or IPv6 address |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. Mentions external source (AbuseIPDB) and outputs, but does not disclose rate limits, authentication needs, or that it's a read-only lookup. Adequate but could be more transparent.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences, front-loaded with purpose and details. No unnecessary words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
No output schema, but description adequately lists return fields (score, report count, ISP, etc.) and use context. Missing error handling or interpretation guidance, but sufficient for a simple lookup.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Only one parameter (ip) with schema description covering 100%. Description does not add meaning beyond what schema provides; it explains the tool's purpose but not parameter-specific details. Baseline score is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states the tool retrieves abuse reputation for an IPv4/IPv6 address, listing specific data fields. Distinguishes from siblings like cve_lookup and url_check by focusing on IP reputation.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly suggests use cases: vetting inbound connections, log entries, or suspicious hosts. Does not mention when not to use or alternatives, but the context is clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
package_vulnerabilitiesAInspect
List known vulnerabilities for a software package (optionally a specific version) using OSV.dev. Covers npm, PyPI, Go, Maven, crates.io, RubyGems, Packagist, NuGet and more. Returns vuln IDs, severity, summary, and fixed versions.
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | Package name, e.g. lodash or org.apache.logging.log4j:log4j-core | |
| version | No | Exact version to check (optional; omit to list all known vulns) | |
| ecosystem | Yes | Package ecosystem: npm, PyPI, Go, Maven, crates.io, RubyGems, Packagist, NuGet, Hex, Pub, Debian, Alpine |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Without annotations, the description carries the full burden. It clearly states it uses OSV.dev, covers multiple ecosystems, and returns specific fields (vuln IDs, severity, summary, fixed versions). This provides good transparency about input and output. However, it does not mention potential edge cases like network failures or empty results.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences: first clearly states the purpose, second adds supporting details about ecosystems and return values. Every word is necessary, and there is no redundancy or fluff.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple query tool with no output schema, the description covers input, source, output fields, and ecosystems. It is adequate but could mention how results behave (e.g., pagination, sorting) or handling of unknown packages. Lacks edge-case disclosure but is sufficient for typical use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so the schema already describes all three parameters. The description adds context by mentioning the optional version and listing ecosystems beyond those in the schema (e.g., Hex, Pub, Debian, Alpine). This supplements but does not significantly surpass the schema descriptions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description states the tool lists known vulnerabilities for a software package, optionally a specific version, using OSV.dev. It covers multiple ecosystems and specifies the return fields (vuln IDs, severity, summary, fixed versions). This clearly distinguishes it from sibling tools like cve_lookup, which deals with specific CVEs, and ip_reputation or url_check, which handle IPs and URLs.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No explicit guidance on when to use this tool versus alternatives. The purpose implies it is for package vulnerabilities, but there is no mention of when not to use it or which sibling tools to use for overlapping needs (e.g., looking up a specific CVE). Implicit differentiation from sibling names is present but not stated.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
url_checkAInspect
Check whether a URL is a known malware/phishing distribution site via abuse.ch URLhaus. Returns threat status, malware family tags, and takedown state. Use before fetching or recommending unfamiliar URLs.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Full URL to check, including scheme |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description carries the full burden of behavioral disclosure. It accurately describes the tool as a read-only check returning threat data, with no mention of side effects. While it does not detail rate limits or authentication, the description is sufficient for a simple lookup tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is only two sentences and contains no redundant information. It is efficiently front-loaded with the core purpose and ends with a usage recommendation.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple tool with one parameter and no output schema, the description covers all necessary aspects: what it does, what it returns, and when to use it. No additional context is needed.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, and the description of the single parameter 'url' ('Full URL to check, including scheme') matches the schema. The description adds no additional meaning beyond what is already in the input schema, so a baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('check'), the resource ('URL'), the source ('abuse.ch URLhaus'), and the return values ('threat status, malware family tags, and takedown state'). It distinguishes from sibling tools (cve_lookup, ip_reputation, package_vulnerabilities) which deal with different security data.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides a clear usage context: 'Use before fetching or recommending unfamiliar URLs.' This implies when to use but does not explicitly mention when not to use or alternatives, though sibling tool names provide implicit differentiation.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!