Skip to main content
Glama

graphql_introspect

Run a GraphQL introspection query against any endpoint to retrieve and summarize its schema for security auditing. Includes SSRF protection with optional private address override.

Instructions

Run a GraphQL introspection query against url and summarize the schema.

Single HTTP POST. Read-only. Will not mutate state on the server.

By default, requests resolving to private / loopback / link-local / cloud-metadata addresses are blocked (SSRF protection). Set allow_private=True to override — useful when explicitly auditing internal infrastructure.

Redirects are disabled (an HTTP 3xx from the target raises HTTP-error: redirects disabled). This prevents a public endpoint from redirecting the request to a private address after the pre-flight check.

Residual risk: DNS rebinding. The pre-flight resolution and the actual HTTP request happen in separate syscalls and the OS may resolve the hostname twice. A hostile DNS that returns a public IP for the check and a private IP for the request can defeat the guard. For high-stakes environments, run this tool inside a network namespace / egress proxy that enforces address restrictions independently.

Args: url: Full GraphQL endpoint URL (e.g. https://api.example.com/graphql). timeout: Network timeout in seconds (clamped to [1, 60]). insecure: Skip TLS verification (for self-signed certs in test envs). allow_private: Permit requests to private / internal addresses. Default False.

Returns: IntrospectReport summarizing the schema and security observations. If the URL resolves to a private address and allow_private is False, returns {"error": "blocked-private-address", ...}.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
urlYes
timeoutNo
insecureNo
allow_privateNo
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description fully carries the burden. It discloses that it is a single HTTP POST, read-only, has SSRF protection with override, redirects disabled, and residual DNS rebinding risk. This is comprehensive and leaves no ambiguity about behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured with paragraphs and bullet points. Every sentence adds value without redundancy. The length is appropriate for the complexity, and key information is front-loaded.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

No output schema exists, but the Returns section summarizes the return type and error case. All aspects (purpose, behavior, parameters, security, errors) are covered, making the description complete for the tool's complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, but the Args section describes each parameter in detail: url, timeout (clamped), insecure (for self-signed certs), allow_private (default False). This adds significant meaning beyond the bare schema properties.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states it runs a GraphQL introspection query against a URL and summarizes the schema. The verb 'run' and resource 'GraphQL introspection query' are specific, and the tool is clearly distinguished from sibling tools which cover different security audit tasks.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides clear context for when to use (introspect GraphQL APIs) and includes guidance on SSRF protection and the allow_private flag for internal audits. Does not explicitly list exclusions or alternatives, but sibling tools cover different areas making the use case obvious.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/actions-marketplace-validations/x0base_mcp-security-toolkit'

If you have feedback or need assistance with the MCP directory API, please join our Discord server