Schema | security-framework-mcp

security-framework-mcp

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
`NVD_API_KEY`	No	Optional NVD API key for higher rate limits
`SECURITY_MCP_DATA_DIR`	No	Database directory	~/.security-framework-mcp
`SECURITY_MCP_UPDATE_INTERVAL`	No	Refresh interval in seconds (7 days default)	604800

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": true }
`logging`	{}
`prompts`	{ "listChanged": false }
`resources`	{ "subscribe": false, "listChanged": false }
`extensions`	{ "io.modelcontextprotocol/ui": {} }
`experimental`	{}

Tools

Functions exposed to the LLM to take actions

Name	Description
update_databaseB	Rebuild the local OWASP database from upstream sources.
database_statusA	Show local database availability, freshness, and path.
list_projectsA	List OWASP projects. Includes Flagship, Production, Lab, and Incubator levels.
search_projectsA	Full-text search across all OWASP projects (name, title, pitch).
get_projectA	Get detailed info for a specific OWASP project.
search_owaspA	Search across ALL OWASP data sources: projects, ASVS, WSTG, Top 10, and Cheat Sheets.
get_top10A	Get OWASP Top 10 2021 items with CWE mappings.
get_asvsA	Get OWASP ASVS 5.0 verification requirements. Filter by chapter, level, or search.
get_wstgB	Get OWASP Web Security Testing Guide (WSTG) test cases.
get_cheatsheetA	Get an OWASP Cheat Sheet by name, or list all available cheat sheets.
cross_referenceA	Cross-reference CWE IDs with OWASP Top 10, ASVS, and WSTG entries.
get_api_top10A	Get OWASP API Security Top 10 2023 items with CWE mappings.
get_llm_top10A	Get OWASP Top 10 for LLM Applications 2025 items with CWE mappings.
get_proactive_controlsA	Get OWASP Proactive Controls 2024 — defensive measures developers should implement.
get_masvsC	Get OWASP MASVS (Mobile Application Security Verification Standard) controls.
assess_stackA	Given a technology stack, recommend relevant OWASP security guidelines, cheat sheets, and test cases.
generate_checklistA	Generate a security testing checklist based on project type and depth level.
read_publicationA	Download and read a NIST publication PDF. Returns table of contents or specific pages as Markdown.
get_nist_mappingA	Look up CSF 2.0 ↔ SP 800-53 framework mappings.
search_kevA	Search CISA Known Exploited Vulnerabilities (KEV) catalog with vendor, product, date, and ransomware filters.
search_nistA	Search NIST data: SP 800-53 controls, CSF 2.0, PF 1.0, RMF, publications, glossary, CMVP, and NICE roles.
get_nist_controlA	Get NIST SP 800-53 Rev. 5 controls. Filter by ID, baseline (LOW/MODERATE/HIGH), or family.
get_nist_csfA	Get NIST Cybersecurity Framework (CSF) 2.0 functions, categories, and subcategories.
get_nist_glossaryA	Look up NIST cybersecurity terms and definitions.
get_nist_publicationA	Search or browse NIST cybersecurity publications (SP 800, FIPS, IR, CSWP series).
get_nist_cmvpA	Search NIST CMVP (Cryptographic Module Validation Program) validated modules.
get_nice_rolesA	Browse NICE Cybersecurity Workforce Framework work roles (SP 800-181).
get_nist_pfB	Get NIST Privacy Framework (PF) 1.0 functions, categories, and subcategories.
get_nist_rmfA	Get NIST SP 800-37 Risk Management Framework (RMF) steps, tasks, and key documents.
search_cveA	Search the live NVD database for CVE vulnerabilities. Requires internet access.
get_cve_detailA	Fetch detailed information for a specific CVE from the live NVD database.
get_mcp_top10A	Get OWASP Top 10 for MCP Servers 2025 — security risks specific to MCP deployments.
assess_mcp_securityA	Assess an MCP server deployment against the OWASP MCP Top 10 security risks.
threat_modelA	Generate a STRIDE-based threat model for a system using OWASP data for mitigations.
get_cweA	Look up a CWE (Common Weakness Enumeration) by ID with description and OWASP cross-references.
compliance_mapA	Map OWASP ASVS requirements to compliance frameworks (PCI-DSS, ISO 27001, NIST 800-53).
nist_compliance_mapA	Map NIST SP 800-53 Rev. 5 control families to PCI-DSS 4.0 and ISO 27001:2022.
lookup_complianceA	Reverse compliance lookup — find NIST SP 800-53 families, ASVS chapters, and related controls from a PCI-DSS or ISO 27001 requirement.
triage_cveA	Triage CVEs with EPSS scores, CVSS severity, and KEV status. Note: makes individual NVD API calls per CVE; expect ~6s/CVE without API key.
map_findingA	Map a security finding (CWE, CVE, or description) to a complete remediation package: CWE details, OWASP Top 10 / API Top 10 / LLM Top 10 mappings, ASVS requirements, WSTG test cases, cheat sheets, and compliance impact (PCI-DSS 4.0, ISO 27001:2022, NIST 800-53).
get_attack_patternA	Look up MITRE CAPEC attack patterns by ID, related CWE, or free-text search.

Prompts

Interactive templates invoked by user choice

Name	Description
`security_review`	Guided security review workflow — analyzes a system against OWASP standards.
`threat_analysis`	Analyze threats for a given system using OWASP threat intelligence data.
`compliance_check`	Check compliance requirements for a given standard against a system.
`secure_code_review`	Security-focused code review using OWASP guidelines.

Resources

Contextual data attached and managed by the client

Name	Description
`about`
`stats`
`top10_resource`
`api_top10_resource`
`llm_top10_resource`
`proactive_controls_resource`

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/zer0-kr/security-framework-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server