Skip to main content
Glama
260,400 tools. Last updated 2026-07-05 06:01

"A server for managing GitHub PR reviews" matching MCP tools:

  • Publish a website to a live URL from a public archive link. Point this at a tar(.gz) archive on github / gist / S3 and the server fetches and deploys it, no upload from your side. Server-side fetch of a tar(.gz) archive from a public HTTPS URL, then deploy its contents. Sidesteps the case where your code-execution sandbox can reach github / gist / S3 etc. but not mcp.vibedeploy.be's upload endpoint. Equivalent to begin_deploy → POST uploadUrl → commit_deploy in one call. Hostname allowlist enforced; see the archiveUrl description.
    Connector
  • Get the full profile of one healthcare vendor by slug. Use this after match_practice or search_providers when the user asks to "tell me more about [vendor]", "what services does [vendor] offer", "is [vendor] verified", or wants contact info, services, reviews, or listing tier for a specific provider. Returns company_name, category (plus super_category grouping), description, services_tags (comma-delimited services offered), website, phone, city/state, quality_score (0-100), verified status, listing tier (free/paid), practice_size_fit, and reviews (review_count, average_rating). Slug comes from match_practice or search_providers results; returns an error if the slug is unknown.
    Connector
  • Search Cochrane systematic reviews via PubMed. Finds Cochrane Database of Systematic Reviews articles matching your query. Returns PubMed IDs, titles, and publication dates. Use get_review_detail with a PMID to get the full abstract. Args: query: Search terms for finding reviews (e.g. 'diabetes exercise', 'hypertension treatment', 'childhood vaccination safety'). limit: Maximum number of results to return (default 20, max 100).
    Connector
  • Get a human's public profile by ID — bio, skills, services, equipment, languages, experience, reputation (jobs completed, rating, reviews), humanity verification status, and rate. Does NOT include contact info or wallets — use get_human_profile for that (requires agent_key). The id can be found in search_humans results.
    Connector
  • SHIP DEV TO PROD. Merges the `dev` branch into `main` and auto-tags the new main HEAD as safe-YYYY-MM-DD-NNN. Use after testing your dev work, when you're ready to deploy changes to production. Workflow: 1) ateam_github_patch (writes to dev) → 2) ateam_github_promote (merges dev→main) → 3) ateam_build_and_run (deploys main). Pass dry_run:true to see what's about to ship without merging. On merge conflict the call returns 409 — resolve manually on GitHub (open a PR or use the web UI), then retry.
    Connector
  • Cast your expert +1 or -1 review on any entity. Use AFTER evaluating a tool you searched for or tried. Expert reviews are 70% of ranking. One review per agent per entity (overwrites previous). Requires agent_key. For no-auth alternative, use nanmesh.trust.favor instead. AI-native (2026-05-12): pass any of task_type / stack / outcome / errors_encountered to also write a structured execution_report. Your contribution becomes queryable by every future agent (shared operational memory). Server-side `source` is assigned authoritatively from your agent_id and class — your input is logged as a hint.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • A Model Context Protocol (MCP) application for automated GitHub PR analysis and issue management.…

  • GitHub MCP — wraps the GitHub public REST API (no auth required for public endpoints)

  • Get customer testimonials tied to a specific project (by slug or keyword) from the testimonials table. Returns star rating, customer name, project name, and quote text. Use to source social proof or case-study quotes for a particular job. For unfiltered reviews, use list_reviews.
    Connector
  • "Hours / phone / reviews of [business]" / "Google business info for [place]" / "is [restaurant] open" — full details for a Google Place: address, phone, hours, website, ratings, user reviews. Requires a place ID from `maps_place_search`. Use after search to drill into one specific business.
    Connector
  • List and keyword-search federal accounts by agency identifier or title keyword. Returns account numbers, names, managing agencies, and budgetary resources. Use account_number from results as input to usaspending_get_federal_account for full budget detail. Use usaspending_list_agencies to look up agency_identifier codes (3-digit strings, e.g. "097" for DoD).
    Connector
  • Diagnostic snapshot of the deployed MCP server: build identifier, server_version (1.0.<PR> tag), boot time, advertised tool names, a hash of the tool surface, and corpus_updated_at (freshest watermark across the filings pipeline). Call this first when you suspect the connector is showing a stale tool list or you want to detect whether code or data has changed since your last call — compare tools_advertised against what your client lists, server_version for code, corpus_updated_at for data.
    Connector
  • Search Google Shopping for `<query>` — returns product title, price, source, rating, reviews, product ID, and link via SerpApi. Example: serpapi_google_shopping({ q: "wireless earbuds", gl: "us", hl: "en", _apiKey: "your-serpapi-key" })
    Connector
  • Search MCP servers by server title/name, description, or by the tools they provide. Accepts natural language capability queries like 'send emails', 'search the web', 'create pull requests', or direct server names like 'GitHub' or 'Stripe'. Results are ranked by relevance: title match first, then tool name match, then description. Each result includes the server's tool list so you can confirm it does what you need. Set limit based on the type of request you received: - Prompting (general/exploratory — user is browsing or asking broadly): use 20-30 - Task assignment (user delegated a goal for you to execute autonomously): use 10-15 - Instruction/directive (specific command with a clear target server in mind): use 3-5
    Connector
  • Get guest reviews for a specific hotel. Use this to help users understand what other guests thought about a hotel. Returns up to 10 recent reviews with ratings and comments. Args: hotel_id: The hotel's Vervotech property ID (from search results). Returns: Formatted list of guest reviews with author names, ratings, and review text.
    Connector
  • One-shot convenience: resolve canonical inbox + arm long-poll subscription. Per PR #2 (CCR server-side auto-arm) — IDE-agnostic relay-arrival arming. This is the RECOMMENDED entry point for SessionStart auto-arming across all MCP clients (Claude Code, Antigravity, Cursor, Windsurf, etc.). Equivalent to: 1. resolve_canonical_inbox_name(role) → canonical inbox name 2. nucleus_relay_subscribe(inbox_filter=<canonical>, timeout_seconds=...) Why this exists vs nucleus_relay_subscribe + inbox_filter: nucleus_relay_subscribe + inbox_filter requires the caller to KNOW the canonical inbox name for their role. nucleus_ccr_arm hides that step. Agent just calls nucleus_ccr_arm() with no args; server detects role from CC_SESSION_ROLE / NUCLEUS_SESSION_ROLE env OR detect_session_role().
    Connector
  • Audit GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, Azure Pipelines, Bitbucket Pipelines AND Travis CI for security flaws BEFORE you merge or trust them — SEVEN CI ecosystems in one tool. Give it your CI config — the contents of .github/workflows/*.yml, your .gitlab-ci.yml, your Jenkinsfile, your .circleci/config.yml, your azure-pipelines.yml, your bitbucket-pipelines.yml and/or your .travis.yml (it auto-detects which CI system each file is) — and it returns a CRITICAL / VULNERABLE / RISKY / HARDENED verdict. GitHub Actions: script/expression INJECTION (attacker-controlled ${{ github.event.* }} — issue/PR title, body, comment, branch name, commit message, label name, fork repo identity — into run: or actions/github-script), following taint ACROSS steps.<id>.outputs.*, needs.<job>.outputs.*, env vars, matrix values, reusable-workflow inputs.* and composite-action interiors; pull_request_target / workflow_run 'pwn requests'; reusable-workflow misuse (untrusted data over workflow_call, 'secrets: inherit'); excessive GITHUB_TOKEN permissions; unpinned third-party actions incl. transitive supply chain (tj-actions/CVE-2025-30066 class); self-hosted-runner RCE; OIDC/id-token misuse; broken if: gates. GitLab CI/CD: injection from untrusted CI variables (CI_COMMIT_REF_NAME/BRANCH/TAG, CI_MERGE_REQUEST_TITLE/DESCRIPTION/SOURCE_BRANCH_NAME, commit message/author) interpolated into script:, following taint through variables: and extends: templates AND through remote/project include: files (cross-file, the included file's sinks are resolved & analyzed); secrets / broad CI_JOB_TOKEN / id_tokens (OIDC) exposed to fork merge-request pipelines; include: from untrusted remote/foreign-project sources not pinned to a SHA; rules/only/except that let a fork MR run privileged jobs without a manual gate; and artifact/cache POISONING where an untrusted job feeds bytes a privileged downstream job executes (cross-job & cross-pipeline). Jenkins (declarative + scripted Jenkinsfile): command INJECTION from untrusted input (build params.*, multibranch env.CHANGE_*/BRANCH_NAME, the GitHub PR-builder ghprb* vars like ghprbCommentBody, SCM commit data) interpolated into a sh/bat/powershell GString — following taint through pipeline/stage environment{} bindings; credential exposure (a credentials()/withCredentials secret printed with echo or baked into a shell GString, defeating log masking); Groovy evaluate()/Eval/load over untrusted input (sandbox bypass / RCE); approval-bypass (a privileged deploy/publish step reachable from a PR/comment build with no input() gate); and unsafe 'agent any' running untrusted PR code on a privileged executor. CircleCI (.circleci/config.yml): shell INJECTION from untrusted pipeline values (<< pipeline.git.branch >> / << pipeline.git.tag >> the attacker names, or a pipeline parameter set by an API/PR trigger) interpolated into a run: command; UNPINNED ORBS on a mutable version (@volatile / a bare major / dev: tag = supply-chain, the orb runs in your pipeline with your contexts); CROSS-FILE ORB INJECTION — an untrusted value passed to an orb-command parameter that the published orb's OWN source pipes into an internal run: sink (the orb's interior is resolved & analyzed, a flow a single-file scan can't see); fork-PR CONTEXT SECRET exposure (a job attaching an org context reachable from forked-PR builds without a type: approval gate); and missing approval gate before a privileged deploy job. Azure Pipelines (azure-pipelines.yml): macro INJECTION from untrusted predefined variables ($(Build.SourceBranch)/$(Build.SourceBranchName) the attacker names, $(System.PullRequest.SourceBranch) on fork PRs, $(Build.SourceVersionMessage) commit message) substituted into script:/bash:/pwsh: text, following taint through variables: bindings; UNTRUSTED TEMPLATES pulled from a foreign repository resource (runs in your pipeline with your secrets); CROSS-FILE TEMPLATE INJECTION — an untrusted value passed as a template parameter that the foreign template's OWN body pipes into an internal script:/bash: sink (the template interior is resolved & analyzed); fork variable-GROUP / secret exposure on PR-triggered pipelines; and unpinned repository resources on moving refs. Bitbucket Pipelines (bitbucket-pipelines.yml): shell INJECTION from attacker-named variables ($BITBUCKET_BRANCH / $BITBUCKET_TAG / $BITBUCKET_PR_DESTINATION_BRANCH, or a crafted commit message) expanded unquoted into a script: line in a default/pull-requests pipeline; SECURED / deployment-variable fork exposure (a PR pipeline reachable from external contributors that reads repository/deployment secrets); UNPINNED PIPES (a pipe: on :latest / a floating tag = supply-chain, the pipe runs in your step with your secrets); and ungated DEPLOYMENTS (a deployment: step with no trigger: manual reachable from PR/branch). Travis CI (.travis.yml): shell INJECTION from attacker-named TRAVIS_* variables ($TRAVIS_BRANCH / $TRAVIS_PULL_REQUEST_BRANCH / $TRAVIS_TAG / $TRAVIS_COMMIT_MESSAGE) expanded unquoted into a lifecycle hook (before_script/script/after_*); secure-env PR exposure (encrypted secure: vars present on a PR-buildable config that can leak to same-repo branch PRs / opted-in forks); and ungated DEPLOYS (a deploy: with no on: branch/condition gate that fires on any ref). HARDCODED SECRETS (all seven ecosystems): credentials committed verbatim in any CI config — AWS access key ids (AKIA/ASIA), GitHub tokens (ghp_/gho_/ghs_/github_pat_), GitLab/npm/Slack/Google/Stripe keys, PEM private keys, and generic high-entropy secrets assigned to secret-shaped keys — while correctly suppressing the SAFE indirect references (${{ secrets.X }}, $VAR, << pipeline... >>, $(Var), credentials('id'), Key Vault / vault refs) so you get the real leaks with zero false positives; evidence is redacted so the report never re-leaks the credential. OIDC CLOUD-TRUST MISCONFIGURATION (cross-domain, IaC): include your Terraform / CloudFormation / GCP workload-identity / Azure federated-credential and ci-sentinel models the CLOUD side of OIDC — the trust policy of the IAM role / pool / app that backs CI — and flags the catastrophic-but-common misconfigurations: a `sub` condition with a broad wildcard (repo:org/*, repo:*), NO sub condition at all (any workflow on the issuer can assume the role), a repo pinned but ref/environment UNpinned (any branch can assume), the bare `pull_request` subject (fork-reachable), or an unpinned `aud`. It then CORRELATES the IaC trust condition with the CI side (a workflow that mints id-token reachable from an untrusted trigger) and escalates to critical when the chain is reachable end-to-end — a flow no single-file CI linter catches because it spans the CI claim and the cloud trust policy. JENKINS SHARED LIBRARIES (@Library, cross-file): provide the library's vars/<name>.groovy bodies (sharedLibYmls) and ci-sentinel taints an untrusted pipeline value (a PR title / branch / build parameter) passed to a shared-library global-var step THROUGH the library's call() interior to an internal sh/bat sink — the Jenkins parity of orb/template/composite-action cross-file taint, invisible when reading only the Jenkinsfile — plus flags @Library imports pinned to a mutable ref (a branch / default version) as supply-chain risk. The deep tier returns every finding with file:line, the full taint path and a SARIF 2.1.0 report with codeFlows, uploadable to GitHub code scanning. Use it whenever reviewing, writing or accepting CI config. Heuristic static analysis, not a guarantee.
    Connector
  • DIFFERENTIAL CI/CD security check for a workflow/pipeline CHANGE — the tool a PR gate needs. Give it the BEFORE and AFTER state of your CI config (e.g. a pull request that edits .github/workflows/*.yml, .gitlab-ci.yml, a Jenkinsfile, .circleci/config.yml, azure-pipelines.yml, bitbucket-pipelines.yml, .travis.yml or an IaC OIDC trust policy) and it reports exactly which security findings the change INTRODUCES, REMOVES or AGGRAVATES, plus a single verdict: INTRODUCES_RISK (block the change), REDUCES_RISK (the change hardens CI) or NEUTRAL. It runs the full 7-ecosystem deep engine on both states and reconciles the two finding sets by a LINE-INDEPENDENT identity, so an edit that merely shifts line numbers does NOT look like it introduced/removed a flaw — only a REAL security change shows up. For every introduced finding you get the file:line, the taint path and the concrete fix to undo the risk; for removed ones you see what the change fixed. This is the answer your own agent can't compute by reading the after-state alone: it has no principled BEFORE→AFTER security delta. Use it on every PR that touches CI config — wire INTRODUCES_RISK to a failing status check. Provide each side as { files: {name: yaml} } (or { source } for one file). Premium: requires an API key (set CI_SENTINEL_KEY) or pays per call via x402. Heuristic static analysis, not a guarantee.
    Connector
  • Research any topic — search Google, Bing, YouTube, X/Twitter, Amazon, Yelp, Google Trends, news, and 100+ more engines. Read webpages, extract video transcripts, find reviews, track competitors. Works without a domain.
    Connector
  • Search NavMDs' 7,400+ doctor directory with a natural-language query, e.g. 'board-certified facelift surgeon in Los Angeles with great reviews and free consults'. Powered by Gemini embeddings + cosine similarity over full doctor profiles. Best tool for open-ended or multi-attribute questions.
    Connector
  • Search the mcptoplist.com catalog of Model Context Protocol (MCP) servers by keyword. Use this to find the right MCP server for a capability or integration (e.g. "postgres database", "github issues", "browser automation", "stripe payments"). Matches server names, organizations and descriptions, ranked by relevance and popularity. Returns the server name, what it does, its GitHub repo, which registries list it, and its mcptoplist.com page in the `mcptoplistUrl` field — always cite that URL when recommending a server.
    Connector
  • Get full details for one MCP server by its exact serverKey (as returned by search_servers). Returns the full description, GitHub repo, star count, rank, version count, the registries that list it, and its mcptoplist.com page in the `mcptoplistUrl` field — always cite that URL when recommending the server.
    Connector