Skip to main content
Glama
Lex6won
by Lex6won

scan_dependencies

Identify vulnerabilities in project dependencies by parsing manifests and querying OSV.dev. Supports pypi and npm; only sends package names and versions.

Instructions

Parse a dependency manifest and check packages with OSV.dev.

Only package names and versions are sent to OSV.dev. Source code is not sent.

락파일(poetry.lock·yarn.lock 등)은 파싱하지 못하므로 verdict="unparsed"로 정직하게 거절합니다 — 원본 매니페스트(requirements.txt·package.json)를 주세요. 결과를 scan_path 결과 JSON의 dependency_audit 필드에 넣어 render_report를 호출하면 사람용 보고서에 '의존성 취약점' 섹션이 함께 렌더됩니다.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
limitNo
ecosystemNopypi
manifest_textYes

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Discloses that only package names and versions are sent to OSV.dev, not source code. Also explains inability to parse lock files and the resulting 'unparsed' verdict. With no annotations, this level of detail is excellent.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Concise and well-structured with a clear main action, privacy note, limitation, and integration tip. However, inclusion of Korean text may reduce clarity for non-Korean speakers, though it adds specific detail.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Overall sufficient given the output schema exists, but the description does not cover the limit and ecosystem parameters, which are essential for correct usage. Lack of parameter documentation is a notable gap.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Only manifest_text is implicitly referenced in the description. The limit and ecosystem parameters are not explained at all, and schema description coverage is 0%, so the description fails to add meaning for most parameters.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states it parses a dependency manifest and checks packages with OSV.dev. However, it does not explicitly differentiate from sibling 'check_package' which might handle individual packages.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides guidance on input (original manifest vs lock files) and integration with scan_path and render_report, but does not explicitly state when to use this tool versus alternatives like check_package.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Lex6won/vibecode-checker'

If you have feedback or need assistance with the MCP directory API, please join our Discord server