Skip to main content
Glama
alberthild

ShieldAPI MCP

by alberthild
OverviewSchemaRelated ServersScoreDiscussions
JavaScript

shieldapi.full_scan

Read-onlyIdempotent

Run comprehensive security checks on URLs, domains, IP addresses, or emails to identify vulnerabilities and threats.

Instructions

Run all security checks on a target (URL, domain, IP, or email). Most comprehensive scan.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
targetYesTarget to scan — URL, domain, IP address, or email

Implementation Reference

  • src/index.ts:190-196 (handler)
    The registration and execution logic for the 'shieldapi.full_scan' tool, which calls `callShieldApi` with the 'full-scan' endpoint.
    server.tool(
  'shieldapi.full_scan',
  'Run all security checks on a target (URL, domain, IP, or email). Most comprehensive scan.',
  { target: z.string().describe('Target to scan — URL, domain, IP address, or email') },
  { title: 'Full Security Scan', readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true },
  async ({ target }) => formatResult(await callShieldApi('full-scan', detectTargetType(target)))
);
  • src/index.ts:101-116 (helper)
    The `callShieldApi` function responsible for making the underlying HTTP request to the ShieldAPI service.
    async function callShieldApi(endpoint: string, params: Record<string, string>): Promise<unknown> {
  const url = new URL(`${SHIELDAPI_URL}/api/${endpoint}`);
  for (const [key, value] of Object.entries(params)) {
    url.searchParams.set(key, value);
  }
  if (demoMode) {
    url.searchParams.set('demo', 'true');
  }

  const response = await paymentFetch(url.toString());
  if (!response.ok) {
    const body = await response.text();
    throw new Error(`ShieldAPI ${endpoint} failed (${response.status}): ${body.substring(0, 200)}`);
  }
  return response.json();
}

Tool Definition Quality

A3.6/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations fully cover the safety profile (readOnly, non-destructive, idempotent). The description adds the behavioral scope ('all security checks'), indicating comprehensiveness, but omits operational details like scan duration, external API calls, or rate limit implications that openWorldHint suggests.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two efficient sentences with zero waste. The first establishes the action and target types; the second differentiates from siblings. Information is front-loaded with the operative verb 'Run' followed immediately by scope.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the single parameter, comprehensive schema coverage, and rich annotations, the description successfully establishes the tool's role in the ecosystem as the broad-scan option versus targeted siblings. No critical gaps remain for invocation, though output expectations could be mentioned.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 100% schema description coverage, the structured data already documents the target parameter fully. The description mirrors this information without adding format examples, validation patterns, or semantic constraints beyond what the schema provides, meeting the baseline expectation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description uses the specific resource 'security checks' and distinguishes from siblings by stating 'all' and 'most comprehensive scan', implying this aggregates the specific check_* tools. However, it could be elevated to a 5 by explicitly naming sibling alternatives.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The phrase 'Most comprehensive scan' implies when to use this tool (when breadth is needed over specificity), but lacks explicit when-not guidance or named alternatives like 'use check_domain for domain-only verification'.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alberthild/shield-api-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server