intruder-mcp

Official

Overview Schema Related Servers Score Discussions

list_issues

Retrieve and filter security issues from Intruder accounts by target addresses, tags, snoozed status, or severity levels.

Instructions

    List issues in the Intruder account with optional filters.

    Args:
        target_addresses: Filter by a list of target addresses
        tag_names: Filter by a list of tag names
        snoozed: Filter by snoozed status (true or false)
        severity: Filter by severity level (one of 'critical', 'high', 'medium', 'low')

Input Schema

TableJSON Schema

Name	Required	Description	Default
`target_addresses`	No
`tag_names`	No
`snoozed`	No
`severity`	No

Implementation Reference

intruder_mcp/server.py:39-60 (handler)

MCP tool handler and registration for 'list_issues'. Decorated with @mcp.tool(), executes logic to fetch and format issues using api.list_issues_all.

@mcp.tool()
async def list_issues(target_addresses: Optional[List[str]] = None,
                     tag_names: Optional[List[str]] = None,
                     snoozed: Optional[bool] = None,
                     severity: Optional[str] = None) -> str:
    """
    List issues in the Intruder account with optional filters.

    Args:
        target_addresses: Filter by a list of target addresses
        tag_names: Filter by a list of tag names
        snoozed: Filter by snoozed status (true or false)
        severity: Filter by severity level (one of 'critical', 'high', 'medium', 'low')
    """
    issues = api.list_issues_all(
        target_addresses=target_addresses,
        tag_names=tag_names,
        snoozed=snoozed,
        severity=severity
    )
    formatted = [f"{issue.id} - {issue.title} ({issue.severity})" for issue in issues]
    return "\n".join(formatted)

intruder_mcp/api_client.py:47-60 (helper)

Helper method list_issues_all in IntruderAPI class, which fetches all issues by paginating the API calls. Called by the tool handler.

def list_issues_all(self, severity: Optional[str] = None, snoozed: Optional[bool] = None,
                   issue_ids: Optional[List[int]] = None, tag_names: Optional[List[str]] = None,
                   target_addresses: Optional[List[str]] = None) -> Generator[Issue, None, None]:
    offset = 0
    while True:
        response = self.list_issues(severity=severity, snoozed=snoozed, issue_ids=issue_ids,
                                  tag_names=tag_names, target_addresses=target_addresses,
                                  limit=100, offset=offset)
        for issue in response.results:
            yield issue
        if not response.next:
            break
        offset += len(response.results)

intruder_mcp/enums.py:151-162 (schema)

Pydantic model defining the structure of an Issue, used in API responses for list_issues.

class Issue(BaseModel):
    id: int
    severity: str
    title: str
    description: str
    remediation: str
    snoozed: bool
    snooze_reason: Optional[str] = None
    snooze_until: Optional[date] = None
    occurrences: Optional[HttpUrl] = None
    exploit_likelihood: Union[ExploitLikelihoodEnum, None]
    cvss_score: Optional[float] = None

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It states this is a list operation but doesn't describe pagination behavior, rate limits, authentication requirements, or what happens when filters return no results. For a read operation with zero annotation coverage, this leaves significant behavioral questions unanswered.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized with a clear purpose statement followed by a structured parameter section. Every sentence earns its place, though the formatting with extra whitespace could be cleaner. The information is front-loaded with the main purpose first.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a read-only list tool with 4 parameters and no output schema, the description covers the basic purpose and parameters adequately. However, without annotations or output schema, it should ideally mention expected return format (list of issues with what fields) and any system constraints. The parameter documentation is good, but behavioral context is lacking.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description provides clear parameter documentation in the Args section, listing all 4 parameters with their purposes and constraints (like severity enum values). With 0% schema description coverage, this description fully compensates by explaining what each parameter does, though it doesn't provide format examples for target_addresses or tag_names.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'List issues in the Intruder account' which is a specific verb+resource combination. It distinguishes this tool from siblings like list_scans, list_targets, and list_occurrences by focusing on issues. However, it doesn't explicitly contrast with snooze_issue which also deals with issues but performs a different action.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention sibling tools like list_occurrences (which might show similar data) or snooze_issue (which modifies issues). There's no context about prerequisites, typical use cases, or when not to use this tool.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/intruder-io/intruder-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server