SimplyScan
Server Details
Security, SEO and AI-visibility scanner for web apps · free scans and focused checks via MCP.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 7 of 7 tools scored.
Each tool targets a distinct aspect of website analysis: AI visibility, email security, exposed files, security headers, SEO, SSL, and a general scan. No two tools overlap in purpose, making it easy for an agent to select the right one.
Six of seven tools follow the 'check_<subject>' pattern, which is clear and consistent. The outlier 'scan_website' breaks the pattern but is still understandable. Overall, naming is predictable with a minor deviation.
Seven tools is an appropriate number for a website scanning/analysis server. It covers key areas (security, SEO, AI visibility) without being overwhelming. Each tool earns its place by addressing a specific need.
The tool surface covers major website concerns: security (headers, SSL, exposed files, email), SEO, and AI visibility. The general 'scan_website' tool likely fills gaps like performance and secrets. Missing some niche checks (e.g., accessibility), but the core is well-covered.
Available Tools
7 toolscheck_ai_visibilityCheck AI visibility (AEO)ARead-onlyInspect
AEO check: whether AI answer engines (ChatGPT/GPTBot, Claude, Perplexity, Google-Extended, etc.) can crawl and cite the site, plus llms.txt and structured-data signals.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Full https URL to check |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations declare readOnlyHint and openWorldHint. The description adds specifics (crawlability, citation, llms.txt, structured data) beyond annotations, enhancing transparency without contradiction.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a concise single sentence, front-loaded with the core purpose. Minor abbreviations (AEO, llms.txt) could be clarified but do not detract significantly.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple tool with one parameter and no output schema, the description fully explains what the tool does and what to expect. Annotations cover behavioral aspects.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% and describes the URL parameter clearly. The description adds output context but does not improve parameter understanding beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool checks AI answer engine visibility, listing specific engines and signals. It distinguishes from sibling tools focused on other checks.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides context ('AEO check') and implicitly indicates using this for AI visibility, but lacks explicit guidance on when not to use it or alternatives to prefer.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_email_securityCheck email security (SPF/DKIM/DMARC)ARead-onlyInspect
Check a domain's email authentication: SPF, DKIM (common selectors), and DMARC policy. Flags spoofable domains.
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain, e.g. example.com |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint=true and openWorldHint=true. The description adds specificity about what is checked (SPF, DKIM, DMARC) and the 'flags spoofable domains' outcome. This provides useful context beyond annotations without contradicting them.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single clear sentence that immediately conveys the tool's purpose. Every word is informative, and it is front-loaded with the verb 'Check'. No wasted text.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the simple schema (1 param, no nested objects, no output schema) and annotations (readOnly, openWorld), the description is largely adequate. It covers what is checked and the outcome ('flags spoofable domains'). However, it does not describe the return format or any additional behavioral traits like typical response structure.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% (single parameter 'domain' described with example). The description does not add new parameter-level detail but reinforces that the domain is the input for email authentication checks. Baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool checks a domain's email authentication (SPF, DKIM, DMARC) and flags spoofable domains. It uses a specific verb 'Check' and explicitly lists the authentication mechanisms, distinguishing it from siblings like 'check_security_headers' or 'check_ssl'.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage for assessing email security but does not explicitly state when to use this tool over alternatives. No exclusion criteria or alternative tool mentions are provided, leaving the agent to infer context from sibling tool names.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_exposed_filesCheck for exposed filesARead-onlyInspect
Probe a site for accidentally exposed high-risk files (.env, .git/config, backups, etc.). Reports HTTP status only, never file contents.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Full https URL to check |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already mark the tool as read-only and open-world. The description adds that it never retrieves file contents, which is a key behavioral constraint beyond the annotations. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two concise sentences, front-loaded with purpose and immediately followed by a key restriction. No wasted words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the simplicity of the tool (one parameter, no output schema), the description fully covers purpose, behavior, and limitations. It is complete for an agent to understand and invoke the tool correctly.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% for the single 'url' parameter, so the parameter's meaning is fully defined. The description adds little beyond the schema's 'Full https URL' specification, meeting the baseline of 3.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: probing for accidentally exposed high-risk files like .env or .git/config. It uses a specific verb and resource, and the scope is distinct from sibling tools like check_security_headers or check_ssl.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies use for checking file exposure and reports only HTTP status, but does not explicitly state when to use this tool versus alternatives like check_security_headers. The 'never file contents' disclaimer clarifies a limitation.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_security_headersCheck security headersARead-onlyInspect
Grade a URL's HTTP security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP, COEP) A-F.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Full https URL to check |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true and openWorldHint=true. The description adds 'Grade' which implies read-only behavior, but does not disclose additional traits like rate limits or failure handling. It does not contradict annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single concise sentence that is front-loaded with the verb and resource. Every word serves a purpose with no unnecessary text.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The tool has only one parameter and annotations cover safety (readOnly, openWorld). However, there is no output schema, and the description does not explain the return format (e.g., a single grade or per-header grades). This lack of output details limits completeness for an agent.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% and the parameter description in the schema ('Full https URL to check') matches the description in the tool description. No additional semantic information is provided beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description explicitly states the verb 'Grade' and the resource 'URL's HTTP security headers', listing specific headers (CSP, HSTS, etc.) and the grading scale (A-F). This clearly distinguishes it from sibling tools like check_ssl or check_seo.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The tool's purpose is clear, but there is no explicit guidance on when to use it versus alternatives like check_ssl or check_email_security. Usage is implied through the description but not formally stated.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_seoCheck on-page SEOARead-onlyInspect
On-page SEO audit of a URL: title, meta description, H1, canonical, indexability, Open Graph, structured data, image alt coverage, sitemap. Returns an A-F grade.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Full https URL to check |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true and openWorldHint=true, indicating a safe, read-only operation. The description adds value by specifying exactly what elements are checked (title, meta description, etc.) and that it returns a grade, providing behavioral context beyond the annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences long, front-loaded with the purpose, and contains no unnecessary words. Every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (one parameter, no output schema), the description is fully adequate. It explains what the tool does, what it checks, and the output format (A-F grade). No further details are needed.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
There is only one parameter (url) with schema coverage at 100%. The description does not add extra meaning beyond the schema's 'Full https URL to check'. Baseline score of 3 is appropriate as the schema already handles the parameter documentation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it performs an 'on-page SEO audit' of a URL and lists specific checks (title, meta description, H1, etc.). It also mentions the output format (A-F grade). This distinguishes it from sibling tools like check_ssl or check_security_headers.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description does not explicitly state when to use this tool versus alternatives. While the context of sibling tools implies it's for on-page SEO, there is no guidance on when not to use it or which tool is better for other SEO aspects.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_sslCheck SSL/TLS certificateARead-onlyInspect
Inspect a domain's SSL/TLS certificate: issuer, expiry, protocol, and flags for expiring/self-signed/mismatched certs.
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain, e.g. example.com |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint and openWorldHint. The description adds behavioral context by stating the tool inspects certificate details and flags specific issues (expiring, self-signed, mismatched), enhancing transparency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single sentence that is clear and front-loaded with the action and resource, efficiently conveying all necessary information without excess.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
With one parameter, no output schema, and clear annotations, the description covers the tool's purpose and key outputs (flags) adequately. Minor gap: no mention of return format, but overall complete enough.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with parameter description 'Domain, e.g. example.com'. The description does not add new semantic info beyond what the schema provides, so baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description specifies the action 'inspect' and resource 'domain's SSL/TLS certificate', listing key details like issuer, expiry, protocol, and flags. This clearly distinguishes it from sibling tools like check_security_headers or check_email_security.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage for inspecting SSL certificates but lacks explicit guidance on when to use this tool versus alternatives, such as when to prefer check_security_headers for header issues.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
scan_websiteScan websiteARead-onlyInspect
Run a free SimplyScan security & speed scan of a deployed web app URL. Returns a 0-100 score and findings (exposed secrets, missing Supabase RLS, frontend leaks, speed issues). Best for apps built with Lovable, Bolt, v0, Cursor, Replit, etc.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Full https URL to check |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true and openWorldHint=true. Description adds that it's a 'free' scan and lists what it finds (exposed secrets, RLS, leaks, speed issues), complementing annotations without contradiction.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences. First sentence states the action and output, second sentence provides typical use case. No unnecessary words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given one parameter and no output schema, the description mentions the return format (0-100 score and findings) and lists example findings, which is sufficient for an agent to understand what to expect.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema has 100% coverage for the single parameter 'url' with description 'Full https URL to check'. Description adds context that it must be a deployed web app URL, going slightly beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states it runs a security and speed scan on a deployed web app URL, returning a 0-100 score and specific findings. Distinguishes from sibling tools that perform individual checks (SSL, SEO, etc.).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly says it's 'Best for apps built with Lovable, Bolt, v0, Cursor, Replit, etc.', providing context for when to use it. Could mention when not to use, but the guidance is clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!