QuantumScan PQC Scanner
Server Details
Post-quantum cryptography (PQC) vulnerability scanner. Detects ECDSA, RSA, AES-128 and other quantum-vulnerable algorithms in GitHub/GitLab/Bitbucket repos and Ethereum smart contracts. Returns risk score 0-100, CBOM (CycloneDX 1.6), and migration paths to NIST FIPS 203/204/205. Free tier: 10 scans/day, no key required.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.2/5 across 4 of 4 tools scored.
Tools have distinct purposes: check_pqc_risk is an instant algorithm check, scan_repository is async repo scanning, scan_contract is synchronous contract scanning with fraud detection, and get_scan_result polls repo scans. Descriptions clarify usage, though check_pqc_risk and scan_repository both address quantum vulnerability but at different levels, causing slight ambiguity.
All tool names follow a consistent verb_noun pattern using snake_case: check_pqc_risk, get_scan_result, scan_contract, scan_repository. The naming is clear and predictable.
With 4 tools, the set is well-scoped for a specialized PQC scanner. Each tool serves a distinct need: instant check, async repo scan, synchronous contract scan, and result retrieval. No unnecessary tools, and the count feels appropriate.
Core workflows are covered: quick risk assessment, full repository scanning, contract scanning, and result fetching. Minor gaps exist, such as no tool to list or cancel scans, but the surface is largely complete for the stated purpose.
Available Tools
4 toolscheck_pqc_riskAInspect
Instant check (no DB, no scan) — returns whether a list of algorithm names are quantum-vulnerable. Useful for quick risk assessment before calling scan_repository. Rate-limited: 100 calls/day per IP (free), 500/day per API key (paid).
| Name | Required | Description | Default |
|---|---|---|---|
| algorithms | Yes | Algorithm names, e.g. ["ECDSA", "RSA-2048", "ML-KEM-768"] |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. It discloses instant nature, rate limits, and that it returns vulnerability status. However, it lacks specification of return value format (e.g., boolean per algorithm or overall).
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with key info (instant check, no DB/scan), and no unnecessary words. Every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the simple tool (1 param, no output schema), the description covers use case, differentiation, and rate limits. It is sufficiently complete for an agent to use correctly, though return value format could be added.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with parameter description including examples. The tool description adds no extra semantic meaning beyond what the schema already provides, so baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it checks quantum vulnerability of algorithm names, with verb 'check' and resource 'quantum vulnerability'. It distinguishes from siblings by mentioning 'no DB, no scan' and quick risk assessment before scan_repository.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly suggests using before scan_repository for quick risk assessment, and mentions rate limits (100/day free, 500/day paid). Does not provide explicit 'when not to use' but context implies deeper scanning requires sibling tools.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_scan_resultAInspect
Get the result of a previously submitted scan. Returns status (submitted | working | completed | failed) and, when completed, a full CBOM (Cryptographic Bill of Materials) compliant with EIP-7789 and CycloneDX CBOM 1.6, plus a quantum risk score (0 = fully safe, 100 = fully vulnerable). Rate-limited: 60 calls/min per IP or API key.
| Name | Required | Description | Default |
|---|---|---|---|
| scan_id | Yes | UUID returned by scan_repository |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description fully discloses behavior: return status values, full CBOM output when completed, quantum risk score, and rate limiting. This is comprehensive for a retrieval tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences: first states purpose, second lists outputs and rate limit. No unnecessary words; front-loaded with key information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Despite no output schema, the description details all return information (status, CBOM, risk score) and rate limits. The tool is simple with one parameter, fully documented.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% (scan_id described as 'UUID returned by scan_repository'). The description does not add further meaning to the parameter beyond what's in the schema. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'Get the result of a previously submitted scan,' using a specific verb and resource. It distinguishes this tool from siblings like scan_repository (which submits scans) and check_pqc_risk (likely a different check).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage after submitting a scan via scan_repository. It mentions rate limits (60 calls/min) but does not explicitly state when not to use or provide exclusion criteria. Still, context is clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
scan_contractAInspect
Scan a verified on-chain smart contract for quantum-vulnerable cryptography AND today's fraud patterns (rug pulls, honeypots, uncapped mints, reentrancy). Use this BEFORE signing a transaction, interacting with a DeFi protocol, or integrating a contract into an agent workflow. Synchronous — result is immediate (no polling needed). Requires the contract to be verified on Sourcify (https://sourcify.dev). Returns risk score 0-100, agent risk score, finding breakdown, and concrete PQC migration steps. Rate-limited: same as scan_repository (10/day per IP free, credit-based paid).
| Name | Required | Description | Default |
|---|---|---|---|
| network | No | Chain ID. Default: 1 (Ethereum Mainnet). Supported: 1, 137 (Polygon), 42161 (Arbitrum One), 10 (Optimism), 8453 (Base), 56 (BNB Chain), 43114 (Avalanche C-Chain). | |
| contract_address | Yes | Ethereum-format contract address (0x + 40 hex chars). Example: 0xdAC17F958D2ee523a2206206994597C13D831ec7 |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Discloses synchronous nature (immediate result), rate limits (10/day), and return elements (risk scores, findings, migration steps). No annotations exist, so description carries full burden; it adequately covers key behavioral traits without contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Description is a single focused paragraph, front-loading the purpose and use cases. Every sentence adds value; minor density could be streamlined but overall efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a scanning tool with no output schema, the description mentions all key return fields and constraints (rate limits, requirement for verification). Lacks error handling info but sufficient for an agent to invoke correctly.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with well-described parameters. The description adds context (default network, supported chains, address format example) but does not significantly enhance what the schema already provides. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly identifies the tool's purpose: scanning a verified smart contract for quantum-vulnerable cryptography and fraud patterns. It uses specific verbs (scan, verified) and a defined resource (smart contract), and distinguishes from siblings like check_pqc_risk (likely PQC-only) and scan_repository (for code repositories).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicit guidance on when to use ('BEFORE signing a transaction, interacting with a DeFi protocol, or integrating a contract into an agent workflow') and required precondition (contract verified on Sourcify). Lacks explicit when-not-to-use or alternatives but sufficient for typical agent decision-making.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
scan_repositoryAInspect
Submit a GitHub, GitLab, or Bitbucket repository for post-quantum cryptography (PQC) vulnerability scanning. Returns a scan_id. Call get_scan_result to poll for the result. Free tier: 10 scans/day per IP. Paid tier: credit-based (register at /api/agent/register).
| Name | Required | Description | Default |
|---|---|---|---|
| repo_url | Yes | Full repository URL. Example: https://github.com/uniswap/v3-core |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description discloses return value (scan_id), the need to poll for results, rate limits (10 scans/day per IP), and paid tier registration. It adequately covers behavioral traits for a scanning tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise at two sentences, covering purpose, follow-up action, and usage limits. It is well-structured and front-loaded with the primary action.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the simple one-parameter tool and no output schema, the description covers the return value, polling mechanism, and tier limitations, making it sufficiently complete for an agent to use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with a clear parameter description. The tool description adds no new meaning beyond the schema (e.g., supported repo types), so baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool submits a repository for PQC vulnerability scanning, specifying supported platforms (GitHub, GitLab, Bitbucket). It distinguishes from siblings like scan_contract and check_pqc_risk by focusing on repositories.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explains when to use (to scan a repo) and how to get results (poll with get_scan_result). It also provides tier limits and registration info, offering good context, though it does not explicitly state when not to use.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!