ZoomEye MCP Server

Official

Overview Schema Related Servers Score Discussions

zoomeye_vuldb_by_keyword

Query ZoomEye's vulnerability database by keyword to retrieve detailed security vulnerabilities including CVE IDs, severity, and affected versions for specific products or vendors.

Instructions

Search ZoomEye's vulnerability database for security vulnerabilities based on a specified keyword.

This function queries the ZoomEye vulnerability database to retrieve information about known security vulnerabilities associated with specific products, vendors. Results include vulnerability details such as CVE IDs, severity ratings, affected versions, and vulnerability descriptions.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`keyword`	Yes	Search term to query the vulnerability database. This can be a product name, vendor name (e.g., "nginx", "mysql", "tomcat", "WordPress", "hikvision", "huawei").
`page_size`	No	Number of records per page, default is 10, maximum is 100.

Implementation Reference

src/mcp_server_zoomeye/server.py:298-302 (handler)

Handler: When the tool 'zoomeye_vuldb_by_keyword' is called, it extracts the 'keyword' argument and calls zoomeye_service.query_vulnerability_by_keyword(keyword).

case ZoomeyeTools.ZOOMEYE_VULDB_BY_KEYWORD:
    keyword = arguments.get("keyword")
    if not keyword:
        raise ValueError("Missing required argument: keyword")
    result = await zoomeye_service.query_vulnerability_by_keyword(keyword)

src/mcp_server_zoomeye/server.py:236-262 (schema)

Schema/Registration: The tool 'zoomeye_vuldb_by_keyword' is registered with its name, description, and input schema (keyword required, page_size optional).

        Tool(
            name=ZoomeyeTools.ZOOMEYE_VULDB_BY_KEYWORD,
            description="""Search ZoomEye's vulnerability database for security vulnerabilities based on a specified keyword.

This function queries the ZoomEye vulnerability database to retrieve information about known
security vulnerabilities associated with specific products, vendors.
Results include vulnerability details such as CVE IDs, severity ratings, affected versions,
and vulnerability descriptions.""",
            inputSchema={
                "type": "object",
                "properties": {
                    "keyword": {
                        "type": "string",
                        "description": """Search term to query the vulnerability database. This can be a product name,
                  vendor name (e.g., "nginx", "mysql", "tomcat",
                  "WordPress", "hikvision", "huawei").""",
                    },
                    "page_size": {
                        "type": "integer",
                        "description": "Number of records per page, default is 10, maximum is 100.",
                        "default": 10,
                        "maximum": 100
                    }
                },
                "required": ["keyword"],
            },
        )

src/mcp_server_zoomeye/server.py:144-166 (helper)

Helper: ZoomeyeService.query_vulnerability_by_keyword() method that makes the actual HTTP GET request to 'https://api.zoomeye.ai/v2/search/vuldb' with keyword and page_size params.

async def query_vulnerability_by_keyword(self, keyword: str, page_size: int = 10):
    """Query vulnerability by keyword.
    Args:
        keyword (str): The keyword to query. 
    Returns:
        dict: The API response data.
    Raises:
        ValueError: If API key is not provided or API request fails.
    """
    url = "https://api.zoomeye.ai/v2/search/vuldb"
    headers = {"API-KEY": self.key, "Content-Type": "application/json"}
    try:
        client = await self.get_client()
        async with client:
            response = await client.get(url, headers=headers, params={"search": keyword, "page_size": page_size})
            response.raise_for_status()  # Raise exception for HTTP errors
            return response.json()
    except httpx.HTTPError as e:
        import traceback
        traceback.print_exc()
        raise ValueError(f"Error querying ZoomEye API: {str(e)}")
    except json.JSONDecodeError:
        raise ValueError("Invalid JSON response from ZoomEye API")

src/mcp_server_zoomeye/server.py:23-24 (registration)
Registration: Enum definition of ZOOMEYE_VULDB_BY_KEYWORD = 'zoomeye_vuldb_by_keyword' used as the tool's unique identifier.
```
ZOOMEYE_VULDB_BY_KEYWORD = "zoomeye_vuldb_by_keyword"
"""Query vulnerability by keyword."""
```

Tool Definition Quality

A3.7/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, but the description only lists output fields without behavioral disclosures like read-only guarantee, rate limits, or authentication needs.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise and front-loaded, though the second paragraph could be shortened without losing value.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no output schema, the description reasonably explains return fields (CVE, severity, etc.) and implies pagination via page_size, though total count is omitted.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, and the description enhances understanding by providing examples for keyword and clarifying page_size defaults/maximum.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool searches ZoomEye's vulnerability database by keyword, and implicitly distinguishes it from siblings (search vs. by ID).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explains it retrieves vulnerability info for products/vendors but does not explicitly compare with zoomeye_search or zoomeye_vuldb_by_id.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/zoomeye-ai/mcp_zoomeye'

If you have feedback or need assistance with the MCP directory API, please join our Discord server