Skip to main content
Glama
jphyqr

HashBuilds Secure Prompts

by jphyqr
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

register_secure_prompt

Register prompts for AI security scanning to detect injection attacks, hidden instructions, and data exfiltration, then generate embed codes for displaying verification badges on websites.

Instructions

Register a prompt with HashBuilds Secure Prompts for security verification and get embed options. This uses AI to scan the prompt for injection attacks, hidden instructions, data exfiltration, jailbreak attempts, and other security issues. Returns multiple display options (full badge, compact link, icon button) with implementation guidance. After registering, ASK THE USER which display option they prefer before implementing. The response includes an implementationGuide field with detailed instructions for styling and placement.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
promptTextYesThe full text of the prompt to register and scan
siteDomainYesREQUIRED: The domain where this prompt will be displayed (e.g., 'example.com'). This enables domain verification - the badge will warn users if displayed on unauthorized domains. Look for the domain in: package.json homepage, vercel.json, .env NEXT_PUBLIC_URL, or ask the user.
ownerEmailNoOptional email of the prompt owner for notifications

Implementation Reference

  • src/index.ts:515-535 (handler)
    MCP tool call handler for 'register_secure_prompt'. Validates input arguments and delegates to the registerPrompt helper function, returning the result as JSON text content.
    case "register_secure_prompt": {
  const typedArgs = args as {
    promptText: string;
    ownerEmail?: string;
    siteDomain?: string;
  };

  if (!typedArgs.promptText) {
    throw new McpError(ErrorCode.InvalidParams, "promptText is required");
  }

  const result = await registerPrompt(typedArgs);
  return {
    content: [
      {
        type: "text",
        text: JSON.stringify(result, null, 2),
      },
    ],
  };
}
  • src/index.ts:401-421 (schema)
    Input schema defining the parameters for the register_secure_prompt tool: promptText (required), siteDomain (required), ownerEmail (optional).
    inputSchema: {
  type: "object",
  properties: {
    promptText: {
      type: "string",
      description: "The full text of the prompt to register and scan",
    },
    siteDomain: {
      type: "string",
      description:
        "REQUIRED: The domain where this prompt will be displayed (e.g., 'example.com'). " +
        "This enables domain verification - the badge will warn users if displayed on unauthorized domains. " +
        "Look for the domain in: package.json homepage, vercel.json, .env NEXT_PUBLIC_URL, or ask the user.",
    },
    ownerEmail: {
      type: "string",
      description: "Optional email of the prompt owner for notifications",
    },
  },
  required: ["promptText", "siteDomain"],
},
  • src/index.ts:393-422 (registration)
    Registration of the register_secure_prompt tool in the ListTools response, including name, description, and input schema.
      name: "register_secure_prompt",
  description:
    "Register a prompt with HashBuilds Secure Prompts for security verification and get embed options. " +
    "This uses AI to scan the prompt for injection attacks, hidden instructions, data exfiltration, " +
    "jailbreak attempts, and other security issues. Returns multiple display options (full badge, " +
    "compact link, icon button) with implementation guidance. After registering, ASK THE USER which " +
    "display option they prefer before implementing. The response includes an implementationGuide " +
    "field with detailed instructions for styling and placement.",
  inputSchema: {
    type: "object",
    properties: {
      promptText: {
        type: "string",
        description: "The full text of the prompt to register and scan",
      },
      siteDomain: {
        type: "string",
        description:
          "REQUIRED: The domain where this prompt will be displayed (e.g., 'example.com'). " +
          "This enables domain verification - the badge will warn users if displayed on unauthorized domains. " +
          "Look for the domain in: package.json homepage, vercel.json, .env NEXT_PUBLIC_URL, or ask the user.",
      },
      ownerEmail: {
        type: "string",
        description: "Optional email of the prompt owner for notifications",
      },
    },
    required: ["promptText", "siteDomain"],
  },
},
  • src/index.ts:29-157 (helper)
    Core helper function that performs the HTTP POST to the HashBuilds API to register and scan the prompt, processes the response, generates multiple embed options (full badge, compact link, etc.), and provides an implementation guide for the user.
    async function registerPrompt(args: {
  promptText: string;
  ownerEmail?: string;
  siteDomain?: string;
}): Promise<{
  success: boolean;
  id?: string;
  promptHash?: string;
  riskLevel?: string;
  riskScore?: number;
  summary?: string;
  promptLabel?: string;
  promptType?: string;
  recommendations?: string[];
  embedOptions?: object;
  implementationGuide?: string;
  error?: string;
}> {
  try {
    const response = await fetch(`${API_BASE}/register`, {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify(args),
    });

    const result = await response.json();

    if (!response.ok) {
      return { success: false, error: result.error || "Registration failed" };
    }

    const promptId = result.id;
    const scriptUrl = "https://www.hashbuilds.com/sp.js";

    // Generate multiple embed options for the implementing agent
    const embedOptions = {
      // Option 1: Full badge with prompt preview
      fullBadge: {
        description: "Shows security badge + prompt preview + secure copy button. Best for dedicated prompt pages.",
        html: `<div data-secure-prompt-id="${promptId}"></div>\n<script src="${scriptUrl}" async></script>`,
        react: `<>\n  <div data-secure-prompt-id="${promptId}" />\n  <Script src="${scriptUrl}" strategy="lazyOnload" />\n</>`
      },
      // Option 2: Compact link
      compactLink: {
        description: "Simple 'Get Securely' link. Best for inline use or cards.",
        html: `<a href="https://www.hashbuilds.com/copy/${promptId}" target="_blank" rel="noopener" class="secure-prompt-link">Get ${result.promptLabel || 'Prompt'} Securely</a>`,
        react: `<a href="https://www.hashbuilds.com/copy/${promptId}" target="_blank" rel="noopener" className="secure-prompt-link">Get ${result.promptLabel || 'Prompt'} Securely</a>`
      },
      // Option 3: Icon button
      iconButton: {
        description: "Small shield icon button. Best for tight spaces.",
        html: `<a href="https://www.hashbuilds.com/copy/${promptId}" target="_blank" rel="noopener" title="Get Prompt Securely" class="secure-prompt-icon">🔒</a>`,
        react: `<a href="https://www.hashbuilds.com/copy/${promptId}" target="_blank" rel="noopener" title="Get Prompt Securely" className="secure-prompt-icon">🔒</a>`
      },
      // Option 4: Verify only link
      verifyLink: {
        description: "Link to verification page. Let users see full scan results.",
        html: `<a href="https://www.hashbuilds.com/verify/${promptId}" target="_blank" rel="noopener">View Verification</a>`,
        url: `https://www.hashbuilds.com/verify/${promptId}`
      }
    };

    // Implementation guidance for the AI agent
    const implementationGuide = `
## Implementation Guide for Prompt ID: ${promptId}

**Prompt Type:** ${result.promptLabel || 'AI Prompt'} (${result.promptType || 'other'})
**Risk Level:** ${result.riskLevel} (Score: ${result.riskScore || 0}/100)
**Summary:** ${result.summary || 'Prompt registered successfully'}

### Ask the user which display option they prefer:

1. **Full Badge** - Shows security scan results, prompt preview, and "Get Prompt Securely" button
   - Best for: Dedicated prompt pages, documentation
   - Use when: User wants to show transparency about the prompt

2. **Compact Link** - Simple "Get [Prompt] Securely" text link
   - Best for: Cards, lists, inline mentions
   - Use when: Space is limited or badge feels heavy

3. **Icon Button** - Just a lock icon that opens secure copy page
   - Best for: Tight layouts, mobile, minimal UI
   - Use when: User wants subtle indicator

4. **Verify Link** - Links to full verification page on HashBuilds
   - Best for: Adding credibility without embedding
   - Use when: User wants users to see full scan details

### Styling Tips:
- Match button/link colors to the site's design system
- Consider adding the badge near wherever the prompt is displayed
- For cards: compact link works well in the footer
- For documentation: full badge shows transparency

### Quick Integration (React/Next.js):
\`\`\`jsx
import Script from "next/script";

// Full badge (button says "Get Prompt Securely")
<div data-secure-prompt-id="${promptId}" />
<Script src="${scriptUrl}" strategy="lazyOnload" />

// Or just a link
<a href="https://www.hashbuilds.com/copy/${promptId}" target="_blank">
  Get Prompt Securely
</a>
\`\`\`
`;

    return {
      success: true,
      id: promptId,
      promptHash: result.promptHash,
      riskLevel: result.riskLevel,
      riskScore: result.riskScore,
      summary: result.summary,
      promptLabel: result.promptLabel,
      promptType: result.promptType,
      recommendations: result.recommendations,
      embedOptions,
      implementationGuide
    };
  } catch (error) {
    return {
      success: false,
      error: error instanceof Error ? error.message : "Network error",
    };
  }
}

Tool Definition Quality

A4/5.0
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It effectively describes key behaviors: AI scanning for specific security threats (injection attacks, hidden instructions, etc.), domain verification functionality, and the return of multiple display options with implementation guidance. It also mentions the need for user interaction after registration. The only gap is lack of information about rate limits, authentication requirements, or error handling.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded with the core purpose in the first sentence. Each subsequent sentence adds valuable information about scanning capabilities, return values, and user interaction requirements. There's minimal redundancy, though the final sentence about implementationGuide could be slightly more concise.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (security scanning with multiple outputs and user interaction requirements) and the absence of both annotations and an output schema, the description does a decent job but has gaps. It explains what the tool does and what it returns at a high level, but doesn't detail the structure of the response beyond mentioning 'implementationGuide field' or potential error cases. For a tool with no output schema, more detail about return values would be helpful.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all three parameters thoroughly. The description doesn't add any additional meaning about the parameters beyond what's in the schema descriptions. It mentions domain verification context but doesn't elaborate on parameter usage beyond the schema's existing documentation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('register a prompt'), the resource ('HashBuilds Secure Prompts'), and the purpose ('for security verification and get embed options'). It distinguishes from siblings by focusing on registration and scanning rather than auditing existing prompts, retrieving embed code, or verification alone.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context for when to use this tool (to register and scan a prompt for security issues and get embed options). It mentions a specific follow-up action ('ASK THE USER which display option they prefer before implementing'), which implies usage guidance. However, it doesn't explicitly state when NOT to use it or name alternatives among sibling tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jphyqr/secure-prompts-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server