ComplianceCow MCP Server

execute_action

Execute compliance actions on assessments, controls, or evidence. After fetching available actions, trigger the selected action with user confirmation to modify system state.

Instructions

Use this tool when the user asks about actions such as create, update or other action-related queries.

IMPORTANT: This tool MUST ONLY be executed after explicit user confirmation. Always prompt for REQUIRED-FROM-USER field from user and get inputs from user. Always confirm the inputs below execute action. Always describe the intended action and its effects to the user, then wait for their explicit approval before proceeding. Do not execute this tool without clear user consent, as it performs actual operations that modify system state.

Execute or trigger a specific action on an assessment run. use assessment id, assessment run id and action binding id. Execute or trigger a specific action on an control run. use assessment id, assessment run id, action binding id and assessment run control id . Execute or trigger a specific action on an evidence level. use assessment id, assessment run id, action binding id, assessment run control evidence id and evidence record ids. Use fetch assessment available actions to get action binding id. Only once action can be triggered at a time, assessment level or control level or evidence level based on user preference. Use this to trigger action for assessment level or control level or evidence level. Please also provide the intended effect when executing actions. For inputs use default value as sample, based on that generate the inputs for the action. Format key - inputName value - inputValue. If inputs are provided, Always ensure to show all inputs to the user before executing the action, and also user to make changes to the inputs and also confirm modified inputs before executing the action.

WORKFLOW:

First fetch the available actions based on user preference assessment level or control level or evidence level
Present the available actions to the user
Ask user to confirm which specific action they want to execute
Explain what the action will do and its expected effects
Wait for explicit user confirmation before calling this tool
Only then execute the action with this tool

Args: - assessmentId - assessmentRunId - actionBindingId - assessmentRunControlId - needed for control level action - assessmentRunControlEvidenceId - needed for evidence level action - evidenceRecordIds - needed for evidence level action - inputs (Optional[dict[str, Any]]): Additional inputs for the action, if required by the action's rules.

Returns: - id (str): id of triggered action.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`assessmentId`	Yes
`assessmentRunId`	Yes
`actionBindingId`	Yes
`assessmentRunControlId`	No
`assessmentRunControlEvidenceId`	No
`evidenceRecordIds`	No
`inputs`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`id`	No
`error`	No

Tool Definition Quality

A4.6/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description fully discloses that this tool modifies system state, requires explicit user confirmation, and can only trigger one action at a time. It explains the return value (triggered action id) and references the need to fetch action binding IDs, providing clear behavioral expectations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is verbose and contains repetition (e.g., user confirmation is mentioned multiple times). It includes a lengthy workflow and multiple warnings that could be condensed. The essential information is present but not optimally concise.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (7 parameters, no schema descriptions, no annotations, output schema exists), the description covers the workflow, safety, level-specific parameters, and return value. It does not address error handling or non-standard scenarios, but it is largely sufficient for an agent to use the tool correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, so the description must compensate. It explains which parameters are needed for each level (control, evidence) and notes that inputs are optional and action-specific. It also describes how to obtain actionBindingId. However, it lacks detailed semantics for each parameter (e.g., how to derive assessmentId, assessmentRunId) beyond level differentiation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool executes actions on assessment runs at different levels (assessment, control, evidence). It specifies the resource ('action on assessment run') and verb ('execute or trigger'), and distinguishes itself from sibling tools like fetch_assessment_available_actions by referencing them in the workflow.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides an explicit step-by-step workflow, including prerequisites (fetch available actions), user confirmation requirements, and parameter necessity by level. It includes strong warnings not to execute without user consent and instructs to prompt for required fields and input modifications.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ComplianceCow/cow-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server