Conan MCP Server

Official

Overview Schema Related Servers Score Discussions

scan_conan_dependencies

Scans Conan projects or specific packages for security vulnerabilities using the audit.conan.io service, analyzing transitive dependencies when a path is provided or a single reference for targeted audits.

Instructions

⚠️ WARNING: This tool makes an API call to audit.conan.io service. Only use when explicitly requested by the user.

Requires provider authentication. If you dont have any yet you can get a token by signing up for a free at https://audit.conan.io/register

Audit a Conan project or a specific package for security vulnerabilities using the audit.conan.io service.
When using path: Scans the conanfile and all its transitive dependencies for vulnerabilities.
When using reference: Scans only the vulnerabilities of that specific package reference, but NOT its dependencies.

There is a limit of 100 API calls per day. If the limit is reached, the tool will return an error.
Use path to scan the complete graph of dependencies. Use reference to audit a specific package.
Do not use both path and reference at the same time.

Args:
    work_dir: Working directory where the command should be executed. Always required.
    path: This path is ALWAYS relative to work_dir. For example, if work_dir is "/home/user/project" and path is "conanfile.txt", it will resolve to "/home/user/project/conanfile.txt". When using path, all transitive dependencies will be scanned for vulnerabilities.

    reference: Conan reference to audit. For example, "fmt/12.0.0". Use it in case the user provides a specific reference to audit. Use it instead of path. When using reference, only the vulnerabilities of that specific package reference will be scanned, but NOT its dependencies.
Returns:
    Dictionary containing the result of the audit scan.

Input Schema

TableJSON Schema

Name	Required	Description
`work_dir`	Yes	Working directory where the command should be executed. Always required.
`path`	No	Path to the folder relative to working directory containing the recipe of the project or to a recipe file conanfile.txt/.py
`reference`	No	Conan reference to audit. For example, 'fmt/12.0.0'.

Tool Definition Quality

A4.6/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Describes external API call to audit.conan.io, requires authentication, and has a 100-call-per-day limit. Missing explicit statement that the tool is read-only (non-destructive), but the scanning action implies it. Good disclosure for a tool with no annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured with a prominent warning, then authentication info, then usage guidance and parameter details. Slightly verbose but every part adds context. Front-loading the warning is effective. Could trim some redundancy (e.g., parameter descriptions partly duplicate schema) but overall efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Covers purpose, usage, parameters, external dependencies, rate limits, and return type (dictionary). Lacks specifics about the dictionary contents and error handling. For a tool with no output schema, this is fairly complete but not exhaustive.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Although schema already describes parameters (100% coverage), the description adds significant value: explains mutual exclusivity of path and reference, how path resolves relative to work_dir, and gives example for reference. This goes well beyond the schema's basic descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the tool audits Conan projects or packages for vulnerabilities using audit.conan.io. Distinguishes two modes (path vs reference) and explains what each does. Siblings are unrelated (create, install, list, etc.), so the tool stands out as the scanning tool.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly tells when to use path vs reference, and warns not to use both simultaneously. Also includes authentication requirement and API rate limit, guiding the agent on constraints. This is exemplary usage guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/conan-io/conan-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server