Security Mcp
Server Details
MCP server for Security
- Status
- Unhealthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 3.5/5 across 4 of 4 tools scored. Lowest: 2.5/5.
Each tool has a clearly distinct purpose: check_package checks a specific version for vulnerabilities, get_vulnerability retrieves full details for a known vulnerability ID, health_check provides a health check, and search_vulnerabilities searches for vulnerabilities by package and ecosystem. No overlap or ambiguity.
All tool names follow a consistent verb_noun pattern in snake_case (check_package, get_vulnerability, health_check, search_vulnerabilities), making it easy to understand their actions.
With 4 tools, the server is well-scoped for its purpose of vulnerability checking. Each tool serves a necessary function without excess or deficiency.
The tool set covers the core workflow: searching for vulnerabilities, checking specific package versions, and retrieving full details on individual vulnerabilities. There are no obvious gaps for the stated purpose.
Available Tools
4 toolscheck_packageAInspect
Check if a specific package version is affected by known vulnerabilities. Returns {vulnerable: bool, vulns: [...]}
| Name | Required | Description | Default |
|---|---|---|---|
| package | Yes | ||
| version | Yes | ||
| ecosystem | No | PyPI |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries the burden. It discloses the return format ({vulnerable: bool, vulns: [...]}) which is helpful, but lacks details on auth, rate limits, error behavior, or side effects. For a read-only check, it is adequate but not thorough.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two short sentences that immediately state the purpose and return value. No unnecessary words, well front-loaded.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description provides the return shape. However, it lacks guidance on possible ecosystem values, error cases, or behavior when package/version is unknown. For a 3-parameter tool, it is moderately complete but could be more thorough.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 0%, so parameters are not described. While names like 'package' and 'version' are self-explanatory, the description does not specify expected formats (e.g., semver, package name conventions) or explain the 'ecosystem' default value. More detail would aid correct usage.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states that the tool checks if a specific package version is affected by known vulnerabilities, with a specific verb and resource. It distinguishes from siblings like 'search_vulnerabilities' (general search) and 'get_vulnerability' (specific vulnerability details).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage for a specific package and version, but it does not explicitly state when not to use it or provide alternatives. Siblings are named but not compared.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_vulnerabilityAInspect
Get full details for one vulnerability by ID (e.g. GHSA-... or CVE-...). Returns affected ranges, references, fixed versions.
| Name | Required | Description | Default |
|---|---|---|---|
| vuln_id | Yes |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. It discloses return details (affected ranges, references, fixed versions) without mentioning side effects or authorization, which is acceptable for a read tool. Does not contradict any annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, no wasted words. Information is front-loaded: first word 'Get' indicates action, immediately followed by resource and ID specification.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple single-ID retrieval with no output schema, the description adequately covers what is returned (affected ranges, references, fixed versions). No missing critical information given the tool's complexity.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 0% schema description coverage, description adds value by giving example ID formats (GHSA-..., CVE-...) for the single parameter vuln_id. This helps the agent construct valid inputs beyond just the type constraint.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clear verb 'Get' specifies resource 'vulnerability' by ID, with example ID formats (GHSA-..., CVE-...). Identifies what is returned (affected ranges, references, fixed versions). Distinguishes from sibling tools: search_vulnerabilities likely returns multiple, check_package and health_check are different domains.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Description implicitly guides usage by stating to use a specific ID, but does not explicitly contrast with siblings or provide when-not scenarios. Context is clear enough for an agent to infer when to use this tool vs. search_vulnerabilities.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
health_checkCInspect
Health check. FREE.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations exist, so the description bears full responsibility for behavioral disclosure. It only states 'Health check. FREE.' which implies a read-only operation but does not confirm side effects, rate limits, or required permissions. The lack of detail leaves behavioral traits ambiguous.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
At four words, the description is extremely concise. However, brevity sacrifices informativeness. It could be slightly more descriptive (e.g., 'Check system health status') without being verbose. The structure is minimal, which is adequate for a zero-parameter tool but not ideal.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (no params, no output schema), the description should at least define what 'health' encompasses (e.g., uptime, latency, error rates). It provides no such context, leaving the agent uncertain about the tool's output or purpose.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The tool has no parameters, and schema coverage is complete trivially. The description adds 'FREE' but does not explain what the tool checks or what the health status means. While no parameter details are needed, the description misses an opportunity to clarify the tool's meaning beyond the name.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description 'Health check. FREE.' indicates the tool checks health status, but does not clarify what system or scope (e.g., server, API, overall status). It is not a tautology, but lacks specificity to distinguish from sibling tools like check_package.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No guidance is provided on when to use this tool versus alternatives (check_package, get_vulnerability, search_vulnerabilities). The description does not mention any prerequisites or exclusions, leaving the agent without context for appropriate invocation.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
search_vulnerabilitiesBInspect
Search known vulnerabilities for a package (OSV.dev). FREE discovery. ecosystem: PyPI|npm|Go|Maven|crates.io|RubyGems|NuGet|... Returns {vulns: [{id, summary, severity, aliases}]}
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | ||
| package | Yes | ||
| ecosystem | No | PyPI |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description must disclose behavioral traits. It states the tool is free and shows return format, but does not mention any side effects, rate limits, idempotency, or that it queries an external API. The description is minimal for a search tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise (one line for purpose, one for ecosystem list, one for return format) and avoids fluff. However, it could be better front-loaded by placing the return format immediately after the purpose. Overall, it efficiently conveys core information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a tool with no output schema, the description provides a reasonable return format. However, it lacks details about pagination, how to handle errors, or the scope of vulnerability search (e.g., exact match vs fuzzy). With 3 parameters and sibling tools, more context would be beneficial.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 0% description coverage, and the tool description adds minimal parameter semantics. It lists example ecosystems but does not explain the meaning of 'package' (e.g., package name format) or 'limit' (max number of results). The default values are mentioned only in the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb 'Search' and resource 'known vulnerabilities for a package', distinguishing it from sibling tools like check_package (likely checks package existence) and get_vulnerability (retrieves a specific vulnerability). It also specifies the data source (OSV.dev) and supported ecosystems.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description mentions 'FREE discovery' implying cost, and lists ecosystems, but does not explicitly instruct when to use this tool over alternatives. For example, it does not clarify that check_package should be used for basic info or get_vulnerability for detailed single vulnerability data.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!