Exploit Intel Platform MCP Server

Overview Schema Related Servers Score Discussions

list_cwes

Read-onlyIdempotent

Retrieve the most common vulnerability types ranked by CVE count, including CWE IDs, names, exploit likelihood, and weakness labels.

Instructions

List CWE (Common Weakness Enumeration) categories ranked by vulnerability count. Returns CWE IDs, names, short labels, exploit likelihood, and how many CVEs have that weakness. Use this when asked 'what are the most common vulnerability types?'

Input Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

eip_mcp/server.py:1399-1401 (handler)
The handler function _tool_list_cwes() that executes the tool logic for 'list_cwes'. It calls api_client.list_cwes() and formats the result via formatters.format_cwe_list().
```
def _tool_list_cwes() -> str:
    data = api_client.list_cwes()
    return formatters.format_cwe_list(data)
```

eip_mcp/server.py:605-613 (schema)

The tool registration in the TOOLS list with the name 'list_cwes', its description ('List CWE Categories'), and input schema (empty object - no parameters).

types.Tool(
    name="list_cwes",
    annotations=_ro_annotations("List CWE Categories"),
    description=(
        "List CWE (Common Weakness Enumeration) categories ranked by vulnerability count. "
        "Returns CWE IDs, names, short labels, exploit likelihood, and how many CVEs "
        "have that weakness. Use this when asked 'what are the most common vulnerability types?'"
    ),
    inputSchema={"type": "object", "properties": {}},

eip_mcp/server.py:1534-1538 (registration)

The dispatch table entry mapping 'list_cwes' to the _tool_list_cwes handler in the _TOOLS_NO_ARGS dict.

_TOOLS_NO_ARGS: dict[str, Callable[[], str]] = {
    "get_platform_stats": _tool_stats,
    "check_health": _tool_health,
    "list_cwes": _tool_list_cwes,
    "list_vendors": _tool_list_vendors,

eip_mcp/api_client.py:202-204 (helper)
The API client method list_cwes() that makes the HTTP GET request to /api/v1/cwe endpoint to fetch CWE data.
```
def list_cwes() -> dict[str, Any]:
    """List CWE categories with vuln counts."""
    return _request_json("/api/v1/cwe")
```

eip_mcp/formatters.py:1261-1280 (helper)

The format_cwe_list() function that formats the CWE API response into human-readable text for the AI assistant.

def format_cwe_list(data: dict[str, Any]) -> str:
    """Format CWE index."""
    items = data.get("items", [])
    if not items:
        return "No CWE data available."

    lines = [
        _UNTRUSTED_NOTICE,
        "",
        f"CWE Categories ({data.get('total', len(items))} with vulnerabilities):\n",
    ]
    for c in items[:30]:
        name = _sanitize_untrusted_text(c.get("short_label") or c.get("name", "?"), max_len=120)
        label = name if len(name) <= 50 else name[:47] + "..."
        lines.append(f"  {c['cwe_id']:>8}  {c['vuln_count']:>6} vulns  {label}")

    if len(items) > 30:
        lines.append(f"  ... and {len(items) - 30} more")

    return "\n".join(lines)

Tool Definition Quality

A4.5/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnly, non-destructive, idempotent, and open-world behaviors. Description adds what fields are returned (CWE IDs, names, etc.), which is useful context beyond annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences, no fluff; first sentence describes purpose, second gives usage guidance. Front-loaded and efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With no parameters, rich annotations, and no output schema, the description is complete enough. It explains return values and usage context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 0 parameters, so no parameter documentation is needed. Per guidelines, baseline is 4 for zero params.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states that the tool lists CWE categories ranked by vulnerability count, with specific fields returned. It distinguishes from sibling 'get_cwe' by being a listing tool.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides explicit when-to-use guidance with a sample query, but does not mention when not to use or alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/OyaAIProd/eip-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server