AWS MCP Server

list_open_security_groups

Identify AWS security groups with open ports to the public internet. Check for ingress from 0.0.0.0/0 on specified ports to assess security exposure.

Instructions

Lists security groups that allow ingress from 0.0.0.0/0 on specified ports (default: 22, 3389).

Input Schema

TableJSON Schema

Name	Required	Description	Default
`ports`	No	List of ports to check (default: [22, 3389]).

Implementation Reference

src/index.ts:1620-1658 (handler)

Handler function that lists EC2 security groups allowing ingress from 0.0.0.0/0 on specified ports (default checks for any, or specific ports like 22/3389). Filters using DescribeSecurityGroupsCommand with CIDR filter, then checks IpPermissions for open ranges.

if (name === "list_open_security_groups") {
    const checkPorts = (args as any)?.ports; // If undefined, we check for ANY open port

    // If user specifically requests some ports, use them. If checksPorts is undefined/empty, means "any port".
    // But if user passes [], it might mean "any" or "none". Let's assume undefined means "any".
    const checkSpecificPorts = checkPorts && checkPorts.length > 0;

    const command = new DescribeSecurityGroupsCommand({
        Filters: [{ Name: "ip-permission.cidr", Values: ["0.0.0.0/0"] }]
    });
    const response = await ec2Client.send(command);

    const openSGs = response.SecurityGroups?.filter(sg => {
        return sg.IpPermissions?.some(perm => {
            const isGlobal = perm.IpRanges?.some(r => r.CidrIp === "0.0.0.0/0");
            if (!isGlobal) return false;

            if (!checkSpecificPorts) return true; // If we aren't filtering by specific ports, then ANY 0.0.0.0/0 is a match.

            // Check if it overlaps with checked ports or is all traffic
            if (perm.IpProtocol === "-1") return true; // All traffic
            const fromPort = perm.FromPort || 0;
            const toPort = perm.ToPort || 65535;
            return checkPorts.some((p: number) => p >= fromPort && p <= toPort);
        });
    }).map(sg => ({
        GroupId: sg.GroupId,
        GroupName: sg.GroupName,
        Description: sg.Description,
        OpenPorts: sg.IpPermissions?.filter(perm =>
            perm.IpRanges?.some(r => r.CidrIp === "0.0.0.0/0") &&
            (!checkSpecificPorts || perm.IpProtocol === "-1" || checkPorts.some((p: number) => p >= (perm.FromPort || 0) && p <= (perm.ToPort || 65535)))
        ).map(p => p.IpProtocol === "-1" ? "All" : `${p.FromPort}-${p.ToPort}`)
    })) || [];

    return {
        content: [{ type: "text", text: JSON.stringify(openSGs, null, 2) }]
    };
}

src/index.ts:417-430 (registration)

Tool registration in the ListToolsRequestSchema handler, including name, description, and input schema definition.

{
    name: "list_open_security_groups",
    description: "Lists security groups that allow ingress from 0.0.0.0/0 on specified ports (default: 22, 3389).",
    inputSchema: {
        type: "object",
        properties: {
            ports: {
                type: "array",
                items: { type: "number" },
                description: "List of ports to check (default: [22, 3389])."
            }
        }
    }
},

src/index.ts:420-430 (schema)

Input schema for the list_open_security_groups tool, defining optional ports array.

    inputSchema: {
        type: "object",
        properties: {
            ports: {
                type: "array",
                items: { type: "number" },
                description: "List of ports to check (default: [22, 3389])."
            }
        }
    }
},

Tool Definition Quality

A3.7/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden but only states the filtering behavior. It doesn't disclose whether this is a read-only operation, what permissions are required, whether it's resource-intensive, what format the output takes, or any rate limits. For a security auditing tool with zero annotation coverage, this leaves significant behavioral gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core purpose and includes essential details (filtering criteria and defaults) without any wasted words. Every element serves a clear purpose, making it easy to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a single-parameter tool with 100% schema coverage but no annotations or output schema, the description adequately covers purpose and parameter context. However, as a security tool with potential operational implications, it should ideally mention permission requirements or output format to be fully complete. It's minimally viable but has room for improvement.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents the 'ports' parameter completely. The description adds value by explaining the default values (22, 3389) and the security context (checking for overly permissive ingress), providing semantic meaning beyond the schema's technical specification. With only one parameter, this is sufficient.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Lists security groups') with precise filtering criteria ('that allow ingress from 0.0.0.0/0 on specified ports'), distinguishing it from the generic 'list_security_groups' sibling tool by specifying a security-focused subset. It uses a specific verb+resource+scope pattern that leaves no ambiguity about what the tool does.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context through the filtering criteria (security groups with overly permissive rules), suggesting it's for security auditing. However, it doesn't explicitly state when to use this vs. the generic 'list_security_groups' tool or other security tools, nor does it provide exclusion criteria or prerequisites. The guidance is contextual but not explicit.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bhaveshopss/MCP-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server