AgentSec MCP
Server Details
Security intelligence via x402 on Base. CVE lookup, IP reputation, secret scanning.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.3/5 across 3 of 3 tools scored.
Each tool addresses a distinct security function: vulnerability lookup, IP/domain reputation, and secret scanning. No overlap in purpose or output, making selection unambiguous.
All tool names use a clear verb_noun pattern (cve_lookup, reputation_check, secret_scan) with consistent lowercase and underscore separation. Easy to predict and remember.
Three tools is an appropriate and focused scope for a security analysis server. Each tool provides essential functionality without unnecessary bloat, and the count is well-suited for the domain.
The server covers key security operations: vulnerability lookup, IP/domain reputation, and secret scanning. Missing features like file hash lookup or malware analysis are minor gaps, but the core use cases are well-covered.
Available Tools
3 toolscve_lookupAInspect
Look up known CVE vulnerabilities for an npm package+version or a specific CVE ID. Returns CVSS scores, descriptions, and fix versions from NVD and OSV. Results are cached for 10 minutes. Costs $0.01 USDC per call.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. It discloses caching (10 minutes), cost ($0.01), and data sources (NVD and OSV). However, does not mention rate limits or authentication needs.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Four sentences, each adding distinct value: purpose, input options, return contents, caching, cost. Efficient but could be slightly more concise.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no parameters and no output schema, the description adequately explains inputs (package+version or CVE ID), outputs (CVSS, descriptions, fix versions), and operational details (caching, cost). Somewhat complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema has 0 parameters and 100% coverage, so baseline is 3. Description does not need to add parameter details.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description uses specific verbs ('Look up') and resources ('CVE vulnerabilities for an npm package+version or a specific CVE ID'), clearly distinguishing from siblings like reputation_check and secret_scan.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
It states when to use (to look up CVEs for npm packages or CVE IDs) and mentions cost ($0.01 per call), but does not explicitly say when not to use or suggest alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
reputation_checkAInspect
Check the reputation of an IP address or domain using AbuseIPDB and VirusTotal. Returns a security verdict (malicious/suspicious/unknown/clean) with confidence signals. Verdict is conservative: incomplete data returns 'unknown' never 'clean'. Results are cached for 10 minutes. Costs $0.01 USDC per call.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. Discloses conservative verdict ('unknown' never 'clean'), caching (10 min), and cost ($0.01 USDC per call). This is good behavioral transparency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Three sentences, each adding distinct value: what it does, verdict details, behavioral traits. No wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description covers return value (verdict) well. Missing input format details (how to provide IP/domain), but schema has no parameters, so tool may use a different mechanism (e.g., user prompt).
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Input schema has no parameters, so the description doesn't add param info. However, schema coverage is 100% (no params), so baseline is 4, but a 3 is reasonable because the tool expects input (IP/domain) not captured in schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states it checks reputation of IP/domain using two services (AbuseIPDB and VirusTotal) and returns a security verdict. Distinguishes from siblings (cve_lookup, secret_scan) which are for different purposes.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Describes verdict types and caching behavior. Does not explicitly say when to use versus alternatives, but the context (siblings are different) implies it's the go-to for reputation checks.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
secret_scanAInspect
Scan text content for hardcoded secrets, API keys, and credentials using 20 pre-compiled patterns.
Privacy guarantee: Input text is NEVER logged, cached, stored, or forwarded. Only findings_count and finding offsets (not matched values) are returned.
Detected pattern types include: AWS keys, GitHub/GitLab PATs, OpenAI/Anthropic keys, Stripe secrets, Slack tokens, PEM private keys, JWT tokens, and 13 more.
Per-call rate limit: 100/min. Payment: $0.05 USDC per scan.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Discloses critical behavioral traits: no logging/caching/storage of input, returns only counts and offsets (not matched values), rate limit, and pricing. No annotations provided, so description carries full burden and does so excellently.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Extremely concise: 5 sentences covering purpose, privacy, patterns, rate limit, and cost. No filler. Front-loaded with main action.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema and no annotations, description provides complete context: what it scans, privacy protections, pattern list, rate limit, and cost. No gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Input schema has no parameters (empty object), so description doesn't need to add param details. Baseline for 0 params is 4. Description focuses on behavior instead, which is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states the tool scans text for secrets/keys/credentials using 20 patterns. Differentiates from siblings (CVE lookup, reputation check) by specifying unique function.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly mentions privacy guarantee and rate limit (100/min), and payment cost. Does not explicitly state when NOT to use, but context from siblings and clear purpose implies usage scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!