intruder-mcp

Official

Overview Schema Related Servers Score Discussions

list_occurrences

Retrieve and filter occurrences for a specific issue by target addresses, tags, or snoozed status to analyze security findings.

Instructions

    List all occurrences for a specific issue with optional filters.

    Args:
        issue_id: The ID of the issue to list occurrences for
        target_addresses: Filter by a list of target addresses
        tag_names: Filter by a list of tag names
        snoozed: Filter by snoozed status (true or false)

Input Schema

TableJSON Schema

Name	Required	Description	Default
`issue_id`	Yes
`target_addresses`	No
`tag_names`	No
`snoozed`	No

Implementation Reference

intruder_mcp/server.py:100-121 (handler)

The main tool handler function for 'list_occurrences', decorated with @mcp.tool() for registration. It retrieves all occurrences for a given issue using the API client and formats them as a string.

@mcp.tool()
async def list_occurrences(issue_id: int,
                         target_addresses: Optional[List[str]] = None,
                         tag_names: Optional[List[str]] = None,
                         snoozed: Optional[bool] = None) -> str:
    """
    List all occurrences for a specific issue with optional filters.

    Args:
        issue_id: The ID of the issue to list occurrences for
        target_addresses: Filter by a list of target addresses
        tag_names: Filter by a list of tag names
        snoozed: Filter by snoozed status (true or false)
    """
    occurrences = api.get_issue_occurrences_all(
        issue_id=issue_id,
        target_addresses=target_addresses,
        tag_names=tag_names,
        snoozed=snoozed
    )
    formatted = [f"{occ.id} - {occ.target}:{occ.port}/{occ.protocol}" for occ in occurrences]
    return "\n".join(formatted)

intruder_mcp/api_client.py:78-90 (helper)

The API client method that implements pagination to fetch all occurrences for an issue, called by the tool handler.

def get_issue_occurrences_all(self, issue_id: int, snoozed: Optional[bool] = None,
                             tag_names: Optional[List[str]] = None,
                             target_addresses: Optional[List[str]] = None) -> Generator[Occurrence, None, None]:
    offset = 0
    while True:
        response = self.get_issue_occurrences(issue_id, snoozed=snoozed, tag_names=tag_names,
                                            target_addresses=target_addresses, limit=100, offset=offset)
        for occurrence in response.results:
            yield occurrence
        if not response.next:
            break
        offset += len(response.results)

intruder_mcp/enums.py:164-176 (schema)

Pydantic model defining the structure of an Occurrence object, which is used in the data fetched and formatted by the tool.

class Occurrence(BaseModel):
    id: int
    target: str
    port: Optional[Union[str, int]] = None
    protocol: str
    extra_info: Optional[Dict[str, str]] = None
    age: str
    snoozed: bool
    snooze_reason: Optional[str] = None
    snooze_until: Optional[date] = None
    exploit_likelihood: Union[ExploitLikelihoodEnum, None]
    cvss_score: Optional[float] = None

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It mentions 'list all occurrences' but doesn't specify whether this is a read-only operation, what permissions are needed, if there are rate limits, pagination behavior, or what format the results come in. For a tool with 4 parameters and no annotation coverage, this leaves significant behavioral gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is efficiently structured with a clear purpose statement followed by parameter explanations. Every sentence serves a purpose with no wasted words. It could be slightly more front-loaded by moving the Args section after a more complete behavioral description, but overall it's well-organized and concise.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool has 4 parameters, no annotations, and no output schema, the description provides adequate parameter semantics but lacks behavioral context. It explains what parameters do but not how the tool behaves, what it returns, or usage constraints. For a read operation with filtering capabilities, this is minimally viable but leaves important gaps for an agent to use it effectively.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description provides a helpful Args section that explains each parameter's purpose beyond what the schema shows (which has 0% description coverage). It clarifies that 'issue_id' identifies the specific issue, 'target_addresses' and 'tag_names' are filter arrays, and 'snoozed' filters by status. This adds substantial value over the bare schema, though it doesn't explain parameter formats or constraints.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'list' and resource 'occurrences for a specific issue', making the purpose understandable. It distinguishes from siblings like 'list_issues' or 'list_targets' by specifying it's about occurrences related to issues. However, it doesn't explicitly differentiate from 'snooze_occurrence' which is a related but different operation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites, when not to use it, or compare it to sibling tools like 'list_issues' or 'snooze_occurrence'. The agent must infer usage from the name and description alone without explicit context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/intruder-io/intruder-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server