:
Search CVEs for a specific vendor/product, cross-referenced with CISA KEV.
| Name | Required | Description | Default |
|---|---|---|---|
| vendor | Yes | Vendor name (e.g., 'microsoft', 'apache') | |
| product | No | Product name (e.g., 'windows', 'log4j') | |
| limit | No |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, so description carries full burden. It discloses the KEV cross-reference behavior (valuable domain context) but omits read-only nature, response format, pagination behavior, and rate limit considerations that annotations would typically cover.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Single sentence efficiently conveys core function. Information-dense with no filler. Front-loaded with action verb. Appropriate length for the tool's complexity (3 simple parameters).
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Adequate for tool selection given the simple flat schema and 3 parameters. However, no output schema exists and description doesn't hint at return values (CVE list format, included fields), leaving invocation behavior partially opaque.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 67% (vendor and product described; limit lacks description). Description implies filtering by vendor/product but adds no syntax guidance, format constraints, or explanation of the limit parameter beyond the schema defaults.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clear verb ('Search') and resource ('CVEs') with specific scope ('vendor/product'). The 'cross-referenced with CISA KEV' clause distinguishes it from generic vuln_search and specific vuln_lookup_cve siblings by indicating KEV-aware filtering. However, it doesn't explicitly state the distinction from sibling tools.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No explicit guidance on when to use this tool versus alternatives like vuln_search (likely generic) or vuln_lookup_cve (specific CVE lookup). The CISA KEV mention hints at use case but doesn't provide explicit selection criteria.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/martc03/gov-mcp-servers'
If you have feedback or need assistance with the MCP directory API, please join our Discord server