Retrieve threat intelligence for a CVE using AlienVault OTX, including related pulses and indicators.
Look up threat intelligence for a CVE via AlienVault OTX. Returns related pulses and indicators.
| Name | Required | Description | Default |
|---|---|---|---|
| cve | Yes | CVE ID (e.g. CVE-2024-1234) |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden. It states it is a lookup operation returning data, implying no side effects, but does not explicitly confirm read-only nature or mention any authentication or rate limits. Adequate for a simple read tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with the primary action, no redundant information. Every part contributes to understanding.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The description explains both input (CVE) and output (pulses and indicators), which is sufficient given the simplicity of the tool and lack of output schema. Could be more precise about the format of returns, but overall complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with the 'cve' parameter fully described. The description only rephrases the schema (e.g., 'CVE ID') and adds an example format, adding no significant new meaning beyond what the schema provides.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb 'Look up', the resource 'threat intelligence for a CVE via AlienVault OTX', and explicitly mentions the return types 'related pulses and indicators'. It uniquely identifies this tool for CVE lookups among siblings like otx_domain, otx_hash, etc.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The tool name and description make it obvious it should be used for CVE lookups. Sibling tools cover different indicator types (domain, hash, IP, search pulses), providing clear context. However, there is no explicit 'when-not' or alternative suggestion.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/darknet-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server