Skip to main content
Glama
firetix

MCP Vulnerability Checker Server

by firetix
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

package_vulnerability_check

Identify known vulnerabilities in Python packages using the OSV database. Input package name and optional version to assess security risks efficiently.

Instructions

Check for known vulnerabilities in Python packages using OSV database

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
package_nameYesName of the Python package to check for vulnerabilities (e.g., 'requests', 'django', 'flask')
versionNoSpecific version to check (optional). If not provided, checks all known versions.

Implementation Reference

  • mcp_simple_tool/tools/package_vulnerability.py:175-244 (handler)
    Main tool handler that normalizes package name, fetches PyPI info, queries OSV.dev API for vulnerabilities, formats a detailed Markdown report, and returns it as TextContent. Handles errors gracefully.
    async def check_package_vulnerabilities( package_name: str, version: Optional[str] = None ) -> List[types.TextContent | types.ImageContent | types.EmbeddedResource]: """ Check for known vulnerabilities in a Python package. Args: package_name: Name of the Python package to check version: Specific version to check (optional, checks all versions if not provided) Returns: List of content containing vulnerability report or error messages """ # Clean up package name package_name = package_name.lower().strip().replace("_", "-") if not package_name: return [ types.TextContent(type="text", text="Error: Package name cannot be empty.") ] try: # Get package info from PyPI package_info = await get_package_info(package_name) if not package_info: return [ types.TextContent( type="text", text=f"Error: Package '{package_name}' not found on PyPI. Please check the package name.", ) ] # Query OSV for vulnerabilities vulns = await query_osv_vulnerabilities(package_name, version) # Format the report report = format_vulnerability_report(vulns, package_name, package_info) return [types.TextContent(type="text", text=report)] except httpx.TimeoutException: return [ types.TextContent( type="text", text="Error: Request timed out while checking package vulnerabilities.", ) ] except httpx.HTTPStatusError as e: return [ types.TextContent( type="text", text=f"Error: HTTP {e.response.status_code} error while fetching vulnerability data.", ) ] except json.JSONDecodeError: return [ types.TextContent( type="text", text="Error: Invalid JSON response from vulnerability database.", ) ] except Exception as e: return [ types.TextContent( type="text", text=f"Error: Failed to check package vulnerabilities: {str(e)}", ) ]
  • mcp_simple_tool/server.py:177-194 (registration)
    Tool registration in the list_tools() method, defining the tool name, description, and input schema with required 'package_name' and optional 'version'.
    types.Tool( name="package_vulnerability_check", description="Check for known vulnerabilities in Python packages using OSV database", inputSchema={ "type": "object", "required": ["package_name"], "properties": { "package_name": { "type": "string", "description": "Name of the Python package to check for vulnerabilities (e.g., 'requests', 'django', 'flask')", }, "version": { "type": "string", "description": "Specific version to check (optional). If not provided, checks all known versions.", }, }, }, ),
  • mcp_simple_tool/server.py:98-109 (handler)
    Dispatch handler in call_tool() that validates input arguments and delegates to the check_package_vulnerabilities implementation.
    elif name == "package_vulnerability_check": if "package_name" not in arguments: return [ types.TextContent( type="text", text="Error: Missing required argument 'package_name'", ) ] version = arguments.get("version") # Optional parameter return await check_package_vulnerabilities( arguments["package_name"], version )
  • mcp_simple_tool/tools/package_vulnerability.py:35-70 (helper)
    Helper function to query the OSV.dev API for vulnerabilities specific to the PyPI ecosystem package, optionally filtering by version.
    async def query_osv_vulnerabilities( package_name: str, version: Optional[str] = None ) -> List[Dict[str, Any]]: """ Query OSV database for vulnerabilities in a Python package. Args: package_name: Name of the Python package version: Specific version to check (optional) Returns: List of vulnerability records """ osv_query = {"package": {"name": package_name, "ecosystem": "PyPI"}} if version: osv_query["version"] = version headers = { "User-Agent": "MCP Package Vulnerability Checker v1.0", "Content-Type": "application/json", } try: timeout = httpx.Timeout(15.0, connect=10.0) async with httpx.AsyncClient(headers=headers, timeout=timeout) as client: response = await client.post("https://api.osv.dev/v1/query", json=osv_query) response.raise_for_status() data = response.json() return data.get("vulns", []) except Exception: # Return empty list but don't print error - let caller handle it return []
  • mcp_simple_tool/tools/package_vulnerability.py:15-33 (helper)
    Helper to fetch package metadata from PyPI JSON API for latest version and summary.
    async def get_package_info(package_name: str) -> Optional[Dict[str, Any]]: """ Get package information from PyPI to find the latest version. Args: package_name: Name of the Python package Returns: Dictionary containing package info or None if not found """ try: timeout = httpx.Timeout(10.0, connect=5.0) async with httpx.AsyncClient(timeout=timeout) as client: response = await client.get(f"https://pypi.org/pypi/{package_name}/json") response.raise_for_status() return response.json() except Exception: return None

This server cannot be installed

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/firetix/vulnerability-intelligence-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server