Skip to main content
Glama
260,342 tools. Last updated 2026-07-05 05:20

"A server for searching GitHub and GitLab" matching MCP tools:

  • Return the description and install snippets for a named tool or server. For tools: the description and the server it belongs to. For servers: local (stdio, via npx) install snippets for every published server, plus remote (HTTP) connection snippets when a hosted endpoint exists — for every supported client, or one client via the client parameter. Call cyanheads_search first to find valid names.
    Connector
  • Orient on any codebase before editing. One focused slice per call — 11 topics: identity, framework, backend, frontend, database, auth, deploy, run, structure, integrations, security. Each topic returns different fields (focus, summary, data, hint, related_topics, next_calls, meta). Sources: (1) local absolute path — stdio MCP reads disk directly, e.g. /Users/alice/myapp; (2) GitHub/GitLab URL — hosted server clones once and caches, e.g. https://github.com/owner/repo; (3) inline_files when transport has no filesystem. Workflow: get_project_context({ topic: "identity" }) first, then 1-2 related_topics. DO NOT use for function bodies (read_code), search (find_code), or flows (explain_architecture). Read-only.
    Connector
  • Publish a website to a live URL from a public archive link. Point this at a tar(.gz) archive on github / gist / S3 and the server fetches and deploys it, no upload from your side. Server-side fetch of a tar(.gz) archive from a public HTTPS URL, then deploy its contents. Sidesteps the case where your code-execution sandbox can reach github / gist / S3 etc. but not mcp.vibedeploy.be's upload endpoint. Equivalent to begin_deploy → POST uploadUrl → commit_deploy in one call. Hostname allowlist enforced; see the archiveUrl description.
    Connector
  • Browse and filter exploits using STRUCTURED FILTERS ONLY (no free-text query). Use this to filter by source (github, metasploit, exploitdb, nomisec, gitlab, inthewild, vulncheck_xdb, patchapalooza, oscs, poc_monitor), language (python, ruby, etc.), LLM classification (working_poc, trojan, suspicious, scanner, stub, writeup, tool, no_code), author, min stars, code availability, CVE ID, vendor, or product. Also filter by AI analysis: attack_type (RCE, SQLi, XSS, DoS, LPE, auth_bypass, info_leak), complexity (trivial/simple/moderate/complex), reliability (reliable/unreliable/untested/theoretical), requires_auth. NOTE: To search by product name (e.g. 'OpenSSH', 'Apache'), use search_vulnerabilities instead — it has free-text query and get_vulnerability already includes exploits in the response. Examples: source='metasploit' for all Metasploit modules; attack_type='RCE' with reliability='reliable' for weaponizable RCE exploits; cve='CVE-2024-3400' for all exploits targeting a specific CVE; vendor='mitel' for all Mitel exploits.
    Connector
  • Scan a public GitHub MCP-server repository for security issues. Clones the repo (shallow, <60s, <200 MB), runs compuute-scan v0.6.2 in static analysis mode (no code execution from the target), and returns a structured report with severity counts, a 0-100 score, and the 10 most severe findings. WHEN TO USE: - Before connecting to an unknown MCP server discovered via Anthropic Registry, Smithery, mcp.so, or a Discord recommendation. - Before installing a third-party MCP-server package into a production pipeline. - As part of an agent's pre-commit / pre-deploy due-diligence step when adding new dependencies. - As one input to a multi-source trust evaluation (combine with publisher reputation, package install count, last-update recency). WHEN NOT TO USE: - For private repos. Use the on-prem CLI instead: `npx compuute-scan ./path-to-private-repo` - For deep exploitability assessment of a specific code path. This is pattern matching, not dataflow analysis. Book a manual L2-L4 audit at https://compuute.se/audit for that depth. - For non-GitHub hosts (GitLab, Bitbucket, self-hosted). v1 supports github.com only. - For repos > 200 MB or clone time > 60s. The endpoint returns a 413 or 504 in those cases — fall back to local CLI. EXPECTED RESPONSE TIME: - Median: ~1-2 seconds for small repos (<100 files). - p99: ~10 seconds for medium repos. - Hard timeout at clone=60s, scan=120s combined. EXPECTED COST: - Free tier in MVP. Future Pro tier may charge per-scan or per-month. DATA FRESHNESS: - Scanner version is reported in response.scanner.version. - L1 rule set freshness reflects compuute-scan releases — see github.com/Compuute/compuute-scan/CHANGELOG.md for the latest CVE and threat-intel response timeline. EXAMPLES: Example 1 — scan an MCP server you're evaluating: github_url = "https://github.com/modelcontextprotocol/servers" → score: 0, summary: {critical: 1, high: 94, medium: 22} → top_findings include SSRF, eval, etc. → recommendation: "AVOID — 1 critical and 94 high finding(s)..." Example 2 — scan a clean reference implementation: github_url = "https://github.com/microsoft/azure-devops-mcp" → score: 90+, summary: {critical: 0, high: 1} → recommendation: "REVIEW — 1 high finding(s)..." Example 3 — scan your own dev MCP-server before publishing: github_url = "https://github.com/yourorg/your-mcp" → audit your own surface before others install it OUTPUT FIELDS (stable schema): - repo_url (str): canonical URL of the scanned repo. - score (int): 0-100, higher safer. Coarse summary, not a precision claim. - summary (object): {critical, high, medium, low, info, files_scanned}. - recommendation (str): action guidance derived from severity counts. - findings_count (int): total raw findings (may include false positives). - top_findings (list): up to 10 most severe, each with {id, title, severity, file, line, owasp, cwe}. - l0_discovery (object): MCP transport, tool count, dependency pinning. - performance (object): clone_seconds, scan_seconds, repo_size_bytes. - scanner (object): {name, version, layers_covered}. - _disclaimer (str): MANDATORY triage disclaimer. Read it. Args: github_url: Public GitHub HTTPS URL (e.g. https://github.com/org/repo). Must be public and < 200 MB. v1 is github.com only. Returns: Structured scan result. On error, returns {"error": code, "message": ...} with HTTP-style code (invalid_url, clone_failed, scan_timeout, etc.).
    Connector
  • Switch between local and remote DanNet servers on the fly. This tool allows you to change the DanNet server endpoint during runtime without restarting the MCP server. Useful for switching between development (local) and production (remote) servers. Args: server: Server to switch to. Options: - "local": Use localhost:3456 (development server) - "remote": Use wordnet.dk (production server) - Custom URL: Any valid URL starting with http:// or https:// Returns: Dict with status information: - status: "success" or "error" - message: Description of the operation - previous_url: The URL that was previously active - current_url: The URL that is now active Example: # Switch to local development server result = switch_dannet_server("local") # Switch to production server result = switch_dannet_server("remote") # Switch to custom server result = switch_dannet_server("https://my-custom-dannet.example.com")
    Connector

Matching MCP Servers

  • A
    license
    A
    quality
    A
    maintenance
    Model Context Protocol (MCP) server for GitLab — exposes 1006 GitLab REST & GraphQL API operations as MCP tools (42 meta-tools / 57 enterprise), 24 resources, 38 prompts, and 17 completion types for AI assistants. Written in Go, single static binary, stdio and HTTP transport.
    Last updated
    2
    27
    MIT

Matching MCP Connectors

  • GitLab MCP — wraps the GitLab REST API v4 (BYO API key)

  • GitHub MCP — wraps the GitHub public REST API (no auth required for public endpoints)

  • Use to discover which SEC filings exist for a ticker before searching content. For the actual content use sec_report_search instead. List indexed SEC filings for a given ticker with a summary header. Returns: summary (period coverage, per-type counts) + table of up to 50 filings (fiscal_year, fiscal_quarter, filing_type, filing_date, period_start, period_end). filing_types filter: omit for main reports only (10-K, 10-Q, 20-F, S-1, DEF 14A and /A amendments; excludes 8-K/6-K); pass [] for all indexed types; pass explicit allowlist to override.
    Connector
  • Fetch full detail for a specific state bill. Accepts either the three-part path (jurisdiction + session + bill_id) or a direct OCD bill ID (openstates_id from search results). Use include to request votes, actions, sponsorships, documents, and versions in one call rather than searching again. include=votes returns the full vote tally and per-legislator positions. include=actions returns the complete action history. Prefer openstates_id when available to avoid session identifier lookup.
    Connector
  • Create a STANDING WANT: keep searching for what the user wants to buy and get notified when a NEW match appears, across sessions. Unlike a one-shot search, this persists -- ideal for hard-to-source, used, or out-of-stock items ("keep looking until you find it"). Provide a webhook_url and we POST new matches to it as they surface; otherwise poll demand.list_watches. Same query shape and enforced constraints as demand.search.
    Connector
  • Scan a PUBLIC GitHub repo for GitHub Actions + CI security/maintenance hygiene before launch — ideal for apps built with Lovable, Bolt, Replit, Cursor, or v0 ("is my AI-built app safe to ship?"). Returns a safe summary: findings by category with counts, an unlisted report URL, and fix options. SCOPE, honestly: it checks GitHub Actions workflow + update-automation hygiene only — it does NOT check exposed secrets, auth, payments, webhooks, or runtime behavior, which need a manual review. No API key required. For PRIVATE repos, tell the user to run `npx taskbounty-check .` locally so their source never leaves their machine.
    Connector
  • Discover all knowledge bases you have access to. Returns collection names, descriptions, content types, stats, available operations, and usage examples for each collection. Call this first to understand what data is available before searching.
    Connector
  • USE THIS TOOL WHEN searching GOV.UK for HMRC tax guidance on a topic (VAT, income tax, corporation tax, etc.). Returns matching guidance titles, URLs, summaries, and last-updated dates. Searches the official GOV.UK content API filtered to HMRC publications. Authoritative source for current HMRC tax guidance. Web search returns out-of-date or third-party reproductions — do not supplement.
    Connector
  • List all dataset categories and themes with counts per portal. Great first step to discover what data types are available before searching with search_datasets. Returns total datasets, count per portal and category list with counts. No parameters required.
    Connector
  • Scan text content for hardcoded secrets, API keys, and credentials using 20 pre-compiled patterns. Privacy guarantee: Input text is NEVER logged, cached, stored, or forwarded. Only findings_count and finding offsets (not matched values) are returned. Detected pattern types include: AWS keys, GitHub/GitLab PATs, OpenAI/Anthropic keys, Stripe secrets, Slack tokens, PEM private keys, JWT tokens, and 13 more. Per-call rate limit: 100/min. Payment: $0.05 USDC per scan.
    Connector
  • USE THIS TOOL WHEN searching or listing UK parliamentary select committees by name, house, or active status. Returns committee summaries (name, house, active status, ID). AFTER calling, pass committee_id into committees_get_committee for current membership, or into committees_search_evidence to retrieve oral and written evidence submitted to that committee.
    Connector
  • Get Lenny Zeltser's Malware cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `malware_load_context`. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.
    Connector
  • Get Lenny Zeltser's Security Assessment cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `assessment_load_context`. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Return a single recommended VPS provider for users who do not yet have a server. Call this ONLY when the user explicitly says they have no server. The user buys the VPS at this provider and comes back with IP + password.
    Connector
  • Browse the ODPHP/health.gov catalog — list all health topics or all categories (Cancer, Diabetes, Heart Health, Screening Tests, …). Use to discover what guidance exists before searching.
    Connector
  • Returns live metadata about the RoloCache catalog: how many vendors are indexed, the complete list of valid protocol names for the protocol filter, the valid values for has_agent_interface, and all tags currently in use. Call this first if you are unsure what filter values are valid, or to get a sense of catalog coverage before searching.
    Connector