Skip to main content
Glama
roadwy

cve-search_mcp

by roadwy
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

vul_vendor_product_cve

Retrieve a JSON listing all vulnerabilities for a specific vendor and product using the CVE-Search API, enabling targeted security analysis and risk assessment.

Instructions

To get a JSON with all the vulnerabilities per vendor and a specific product

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
productYes
vendorYes

Implementation Reference

  • main.py:45-51 (handler)
    The main handler function for the 'vul_vendor_product_cve' tool. It constructs a URI for the CVE search API based on vendor and product, and uses the get_requests helper to fetch the JSON response containing vulnerabilities.
    @mcp.tool()
def vul_vendor_product_cve(vendor: str, product: str) -> Dict[str, Any]:
    """
    To get a JSON with all the vulnerabilities per vendor and a specific product
    """
    uri = f"search/{vendor}/{product}"
    return get_requests(uri)
  • main.py:15-26 (helper)
    Supporting helper function used by the tool to perform HTTP requests to the CVE API, handling errors and returning JSON data.
    def get_requests(uri: str) -> Dict[str, Any]:
    """To get a JSON with all the requests"""
    session = requests.Session()
    url = f"{BASE_URL}{uri}"
    try:
        response = session.get(url, timeout=15)
        response.raise_for_status()
        return response.json()
    except requests.exceptions.RequestException as e:
        logger.error(f"api request failed: {url} - {str(e)}")
        return {"error": str(e)}
  • main.py:45-45 (registration)
    The @mcp.tool() decorator registers the vul_vendor_product_cve function as an MCP tool.
    @mcp.tool()

Tool Definition Quality

C2.4/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It discloses that the tool returns JSON and filters by vendor and product, but lacks critical behavioral details such as whether it's a read-only operation, potential rate limits, authentication needs, error handling, or what the JSON structure includes. For a tool with no annotations, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single sentence that is front-loaded and efficient, with no wasted words. It directly states the tool's function. However, it could be slightly more structured by explicitly naming the tool or separating key points, but it earns high marks for brevity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (a tool with 2 parameters, no annotations, and no output schema), the description is incomplete. It doesn't explain the return values beyond 'JSON', lacks details on error cases or usage limits, and doesn't differentiate from siblings. For a vulnerability lookup tool, more context on data freshness, scope, or format is needed to be fully helpful.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate. It mentions 'vendor and a specific product', which aligns with the two parameters, but adds minimal meaning beyond their names. It doesn't explain what constitutes a valid vendor or product, provide examples, or detail how they interact (e.g., product must belong to vendor). This is insufficient given the low schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the purpose ('get a JSON with all the vulnerabilities per vendor and a specific product'), which is clear but vague. It specifies the action ('get') and resource ('vulnerabilities'), but doesn't distinguish it from siblings like 'vul_cve_search' or 'vul_vendor_products', and the phrase 'per vendor and a specific product' could be interpreted as filtering by both vendor and product, which is accurate but not explicitly differentiated from other tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention siblings like 'vul_vendor_products' (which might list products for a vendor) or 'vul_cve_search' (which might search CVE details), nor does it specify prerequisites or exclusions. Usage is implied by the parameters but not explicitly stated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/roadwy/cve-search_mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server