Retrieve CVEs with EPSS exploitation probability above a threshold. Sort by highest score to prioritize vulnerabilities.
Get CVEs with highest EPSS exploitation probability scores.
| Name | Required | Description | Default |
|---|---|---|---|
| threshold | No | Minimum EPSS score (0-1) | |
| limit | No |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description must fully disclose behavior. It only states the tool retrieves top-scoring CVEs but does not explain the role of threshold and limit parameters, or describe the output format. Important behavioral aspects like pagination or sorting order are omitted.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, efficient sentence. However, its brevity sacrifices necessary detail, making it feel incomplete rather than concise.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (2 parameters, no output schema), the description is insufficient. It does not explain the return value structure, how the threshold and limit interact, or typical usage. A more complete description would include the output format and the relationship between parameters.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema already describes both 'threshold' and 'limit' parameters, but the context indicates only 50% schema description coverage. The description does not add any additional meaning or context for the parameters beyond what is in the schema, failing to compensate for the coverage gap.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description 'Get CVEs with highest EPSS exploitation probability scores' clearly indicates the tool returns top CVEs ranked by EPSS score. It is a specific verb-resource combination that distinguishes it from sibling tools like vuln_search or vuln_lookup_cve. However, it could be more explicit about the descending order and the inclusion of parameters.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No guidance is provided on when to use this tool versus alternatives, such as vuln_search or vuln_by_vendor. There is no mention of prerequisites, limitations, or scenarios where this tool is not appropriate.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/martc03/gov-mcp-servers'
If you have feedback or need assistance with the MCP directory API, please join our Discord server