de en es ja ko ru zh

IP Geolocation MCP Server

by IPGeolocation

Overview Schema Related Servers Score Discussions

TypeScript

Remote

Bulk Security Check

bulk_security_check

Read-only

Check up to 1,000 IP addresses for security threats, VPNs, proxies, and malicious activity in a single batch request.

Instructions

Decision policy: this is a single-domain bulk tool. Use it only when the user asks for security/threat data only. If each IP request also needs other domains (ownership, location, network, timezone, currency, or abuse), call bulk_lookup_ip once with include and targeted fields/excludes.

Bulk IP security lookup via POST /v3/security-bulk for up to 1,000 IPs per MCP request. Paid only. Cost: 2 credits per valid IP.

Use bulk_lookup_ip with include=security when the same batch also needs geolocation or other IP domains. Tool selection rule: call this tool once per IP batch and post-process locally. Do not re-call bulk_security_check for the same batch only to change fields/excludes or output shape.

Input Schema

TableJSON Schema

Name	Required	Description
`ips`	Yes	Array of IPv4 and/or IPv6 addresses to check. Minimum 1, maximum 1,000 in this MCP server.
`fields`	No	Comma-separated dot-path fields to return per IP (e.g. security.threat_score,security.is_vpn). Reduces response size.
`excludes`	No	Comma-separated dot-path fields to exclude per IP (e.g. security.is_tor,security.is_cloud_provider).
`force_refresh`	No	Default false. Leave unset unless the user asks to refresh or rerun.

Implementation Reference

src/tools/security.ts:150-168 (handler)

The handler function for the bulk_security_check tool which fetches data via getSecurityBulk and handles caching/formatting.

async (params) => {
  try {
    const cacheKey = buildSecurityBulkCacheKey(params);
    const cached = params.force_refresh ? undefined : getCachedValue(cacheKey);

    const result = cached ?? (await getSecurityBulk(params));
    if (cached === undefined) {
      setCachedValue(cacheKey, result);
    }

    return {
      content: [
        { type: "text" as const, text: formatToolResult(result) },
      ],
    };
  } catch (error) {
    return errorToolResponse(error);
  }
}

src/tools/security.ts:112-169 (registration)

The registration of the bulk_security_check tool in the McpServer, including its schema definition.

  server.registerTool(
    "bulk_security_check",
    {
      title: "Bulk Security Check",
      annotations: {
        readOnlyHint: true,
      },
      description: `Decision policy: this is a single-domain bulk tool. Use it only when the user asks for security/threat data only. If each IP request also needs other domains (ownership, location, network, timezone, currency, or abuse), call bulk_lookup_ip once with include and targeted fields/excludes.

Bulk IP security lookup via POST /v3/security-bulk for up to ${MAX_BULK_ITEMS.toLocaleString()} IPs per MCP request. Paid only. Cost: 2 credits per valid IP.

Use bulk_lookup_ip with include=security when the same batch also needs geolocation or other IP domains. Tool selection rule: call this tool once per IP batch and post-process locally. Do not re-call bulk_security_check for the same batch only to change fields/excludes or output shape.`,
      inputSchema: {
        ips: z
          .array(z.string())
          .min(1)
          .max(MAX_BULK_ITEMS)
          .describe(
            `Array of IPv4 and/or IPv6 addresses to check. Minimum 1, maximum ${MAX_BULK_ITEMS.toLocaleString()} in this MCP server.`
          ),
        fields: z
          .string()
          .optional()
          .describe(
            "Comma-separated dot-path fields to return per IP (e.g. security.threat_score,security.is_vpn). Reduces response size."
          ),
        excludes: z
          .string()
          .optional()
          .describe(
            "Comma-separated dot-path fields to exclude per IP (e.g. security.is_tor,security.is_cloud_provider)."
          ),
        force_refresh: z
          .boolean()
          .optional()
          .describe("Default false. Leave unset unless the user asks to refresh or rerun."),
      },
    },
    async (params) => {
      try {
        const cacheKey = buildSecurityBulkCacheKey(params);
        const cached = params.force_refresh ? undefined : getCachedValue(cacheKey);

        const result = cached ?? (await getSecurityBulk(params));
        if (cached === undefined) {
          setCachedValue(cacheKey, result);
        }

        return {
          content: [
            { type: "text" as const, text: formatToolResult(result) },
          ],
        };
      } catch (error) {
        return errorToolResponse(error);
      }
    }
  );

Tool Definition Quality

A4.3/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description adds valuable behavioral context beyond the readOnlyHint annotation. It discloses the cost ('2 credits per valid IP'), rate limits ('up to 1,000 IPs per MCP request'), that it's 'Paid only', and implementation details about batch processing and not re-calling for the same batch. No contradiction with the readOnlyHint annotation exists.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is efficiently structured with clear sections: decision policy, technical details, cost, and usage rules. While slightly longer than minimal, every sentence adds value. It could be slightly more front-loaded by moving the core purpose earlier, but overall it's well-organized.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a paid bulk operation with sibling alternatives, the description provides comprehensive context about when to use it, cost implications, and batch processing rules. While there's no output schema, the description mentions response size reduction through fields/excludes. The main gap is lack of explicit error handling or response format details.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 100% schema description coverage, the input schema already documents all parameters thoroughly. The description doesn't add significant parameter semantics beyond what's in the schema, though it mentions 'post-process locally' which relates to output handling. The baseline score of 3 is appropriate when the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Bulk IP security lookup via POST /v3/security-bulk') and resource ('for up to 1,000 IPs'), distinguishing it from siblings by emphasizing it's a 'single-domain bulk tool' focused on 'security/threat data only'. It explicitly contrasts with bulk_lookup_ip which handles multiple domains.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance on when to use this tool ('when the user asks for security/threat data only') and when not to use it (if other domains like ownership or location are needed). It names the alternative tool (bulk_lookup_ip) and specifies the include parameter to use with it. It also includes cost and batch processing rules.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/IPGeolocation/ipgeolocation-io-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server