Threat.Zone MCP Server

Overview Schema Related Servers Score Discussions

get_submission_status_summary

Retrieve detailed analysis results for malware submissions, including interpreted status and threat level assessment, to monitor security threats.

Instructions

Get submission details with interpreted status and threat level.

Args: uuid: Submission UUID

Returns: Submission details with human-readable status and threat level

Input Schema

TableJSON Schema

Name	Required	Description	Default
`uuid`	Yes

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

src/threatzone_mcp/server.py:178-198 (handler)

The handler function for the 'get_submission_status_summary' tool. It retrieves submission details from the ThreatZone API and enriches the response with human-readable interpretations of the status and threat level using helper functions interpret_status and interpret_threat_level.

@app.tool
async def get_submission_status_summary(uuid: str) -> Dict[str, Any]:
    """
    Get submission details with interpreted status and threat level.
    
    Args:
        uuid: Submission UUID
        
    Returns:
        Submission details with human-readable status and threat level
    """
    submission = await get_client().get(f"/public-api/get/submission/{uuid}")
    
    # Add interpreted values if available
    if 'status' in submission:
        submission['status_description'] = await interpret_status(submission['status'])
    
    if 'level' in submission:
        submission['threat_level_description'] = await interpret_threat_level(submission['level'])
    
    return submission

src/threatzone_mcp/server.py:138-155 (helper)

Helper tool that converts numeric status codes to human-readable descriptions. Called by get_submission_status_summary to enrich the API response.

async def interpret_status(status_value: int) -> str:
    """
    Interpret a numeric status value from submission results.
    
    Args:
        status_value: Numeric status value (1-5)
        
    Returns:
        Human-readable status description
    """
    status_map = {
        1: "File received",
        2: "Submission is failed", 
        3: "Submission is running",
        4: "Submission VM is ready",
        5: "Submission is finished"
    }
    return status_map.get(status_value, f"Unknown status: {status_value}")

src/threatzone_mcp/server.py:158-175 (helper)

Helper tool that converts numeric threat levels to human-readable descriptions. Called by get_submission_status_summary to enrich the API response.

@app.tool
async def interpret_threat_level(level_value: int) -> str:
    """
    Interpret a numeric threat level value from analysis results.
    
    Args:
        level_value: Numeric threat level (0-3)
        
    Returns:
        Human-readable threat level description
    """
    level_map = {
        0: "Unknown",
        1: "Informative", 
        2: "Suspicious",
        3: "Malicious"
    }
    return level_map.get(level_value, f"Unknown level: {level_value}")

src/threatzone_mcp/server.py:178-178 (registration)
The @app.tool decorator registers the get_submission_status_summary function as an MCP tool in the FastMCP server.
```
@app.tool
```

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It mentions that the tool returns 'human-readable status and threat level', which adds some context about output formatting. However, it lacks critical details such as whether this is a read-only operation, what permissions are required, error handling, or rate limits. For a tool with no annotation coverage, this is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded: the first sentence clearly states the tool's purpose, followed by brief sections for 'Args' and 'Returns'. There's no wasted text, though the structure could be slightly more polished (e.g., using consistent formatting). Every sentence earns its place, making it efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (single parameter, no annotations, but with an output schema), the description is minimally adequate. The output schema likely covers return values, so the description doesn't need to detail them. However, it lacks context on behavioral aspects (e.g., safety, errors) and usage guidelines relative to siblings, leaving gaps for an AI agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds meaningful context for the single parameter: it specifies that 'uuid' is a 'Submission UUID', clarifying the parameter's purpose beyond the schema's minimal title ('Uuid'). With 0% schema description coverage, this compensation is valuable. However, it doesn't detail format constraints (e.g., UUID version) or provide examples, preventing a perfect score.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Get submission details with interpreted status and threat level.' It specifies the verb ('Get'), resource ('submission details'), and key outputs ('interpreted status and threat level'). However, it doesn't explicitly differentiate from sibling tools like 'get_submission' or 'interpret_status'/'interpret_threat_level', which prevents a perfect score.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With many sibling tools (e.g., 'get_submission', 'interpret_status', 'get_submission_indicators'), there's no indication of what makes this tool distinct or when it's preferred over others. The minimal context ('with interpreted status and threat level') is insufficient for clear decision-making.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/threat-zone/threatzonemcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server