action1-mcp-server

List of all vulnerable software within the organization

action1_list_org_vulnerabilities

Read-onlyIdempotent

List organization-wide CVEs with 13 server-side filters for severity, remediation status, and date ranges. Quickly find all vulnerable software and apply filters to narrow results.

Instructions

Org-wide CVE rollup with 13 server-side filters. For per-endpoint vulnerabilities use action1_list_vulnerabilities (curated). List of all vulnerable software within the organization… Perm: view_vulnerabilities.

Input Schema

TableJSON Schema

Name	Required	Description
`from`	No	Provide the number of the first record to be returned.
`limit`	No	Set the maximum number of items to be returned (the page size).
`score`	No	The severity of the Common Vulnerabilities and Exposures (CVE) entries.
`cursor`	No	Pagination cursor.
`cveids`	No	Add CVEIDs parameter to query specific vulnerabilities by their CVE IDs.
`filter`	No	Provide a case-insensitive substring to filter and narrow down returned results (i.e., if...
`org_id`	No	Org UUID.
`sortby`	No	Define the sorting order by a certain field.
`verbose`	No	Skip per-item compactor.
`endpoint_id`	No	The ID of the endpoint to query.
`reset_cache`	No	Reset current cache.
`auto_paginate`	No	Walk all pages.
`response_format`	No	Output format. Default markdown.
`published_date_end`	No	The maximum publishing date of the Common Vulnerabilities and Exposures (CVE) entries.
`remediation_status`	No	The remediation status.
`published_date_start`	No	The minimum publishing date of the Common Vulnerabilities and Exposures (CVE) entries.
`remediation_required_end_day`	No	The maximum value of the remediation deadline, in days. Example: 30
`remediation_required_start_day`	No	The minimum value of the remediation deadline, in days. Example: 7

Output Schema

TableJSON Schema

Name	Required	Description	Default
`note`	No
`count`	Yes
`items`	Yes
`total`	No
`has_more`	No
`next_cursor`	No

Tool Definition Quality

A4.3/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations (readOnlyHint, idempotentHint, destructiveHint) already indicate safe read operation. Description adds that it has 13 server-side filters and mentions required permission (view_vulnerabilities), adding useful behavioral context beyond annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences, front-loaded with key info. Some redundancy as 'List of all vulnerable software within the organization' repeats the title, but overall concise and efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With output schema present and full schema coverage, description covers purpose, usage guidelines, and permissions. Lacks details on return format or pagination, but output schema likely handles those.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so baseline is 3. Description does not add substantial meaning beyond the schema's parameter descriptions; it only mentions a count of filters.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Org-wide CVE rollup' with 13 server-side filters, distinguishing it from per-endpoint vulnerabilities. It uses specific verb (list) and resource (vulnerabilities) and differentiates from sibling tool action1_list_vulnerabilities.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly says 'For per-endpoint vulnerabilities use action1_list_vulnerabilities (curated)', providing direct guidance on when to use this tool vs an alternative.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
OpenAI
open source
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mguttmann/action1-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server