Skip to main content
Glama
259,957 tools. Last updated 2026-07-05 04:08

"A server that scans projects for security vulnerabilities and recommends fixes" matching MCP tools:

  • Scans an MCP server manifest or endpoint for security vulnerabilities — prompt injection in tool descriptions, exfiltration vectors, unbounded resource access, privilege escalation, schema mismatches, transport security issues, and over-permissive scopes. Returns a structured risk report with severity levels and remediation guidance.
    Connector
  • Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.
    Connector
  • Checks that the Strale API is reachable and the MCP server is running. Call this before a series of capability executions to verify connectivity, or when troubleshooting connection issues. Returns server status, version, tool count, capability count, solution count, and a timestamp. No API key required.
    Connector
  • Connectivity check that confirms the Nordic MCP server process is responding. Use this at the start of a session to verify the server is reachable before making other calls. Do not use as a proxy for database health — the server can respond while the Qdrant vector database is temporarily unavailable. To confirm data availability, call search_filings directly. Returns: A greeting string: "Hello {name}! Nordic MCP server is running."
    Connector
  • Switch between local and remote DanNet servers on the fly. This tool allows you to change the DanNet server endpoint during runtime without restarting the MCP server. Useful for switching between development (local) and production (remote) servers. Args: server: Server to switch to. Options: - "local": Use localhost:3456 (development server) - "remote": Use wordnet.dk (production server) - Custom URL: Any valid URL starting with http:// or https:// Returns: Dict with status information: - status: "success" or "error" - message: Description of the operation - previous_url: The URL that was previously active - current_url: The URL that is now active Example: # Switch to local development server result = switch_dannet_server("local") # Switch to production server result = switch_dannet_server("remote") # Switch to custom server result = switch_dannet_server("https://my-custom-dannet.example.com")
    Connector
  • Purchase and retrieve one verified OSF record by record_id (PAID, x402 USDC on Base). Returns the full record plus its provenance block linking back to the authoritative primary source (e.g. sec.gov, nvd.nist.gov, treasury.gov, congress.gov, ncbi.nlm.nih.gov, noaa.gov). OSF spans many verticals: security/vulnerabilities, sanctions/compliance, SEC and corporate filings, economic and financial series, legal and regulatory, grants and procurement, science and research, geospatial and environmental, and AI/ML metadata. Browse get_catalog first (free) to find record_ids and prices. Payment is handled automatically by x402-capable MCP clients via the standard payment handshake.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • Keyword-search recent Arbeitnow job postings (keyless European/German job board, many English-speaking & visa-sponsor roles). The upstream API has no search param, so this scans the most recent pages and filters client-side: it keeps jobs whose title, company name, or any tag contains the query (case-insensitive). Scans up to `pages` pages (default 3, max 10). Older jobs that have scrolled off the recent pages will not be found.
    Connector
  • Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")
    Connector
  • Load Lenny Zeltser's product strategy context for local analysis. Returns expert strategic frameworks, principles, and guidance for evaluating or creating security product plans. Includes rating-sheet items (the lens taxonomy: structure, words, tone) as concrete reference points for grounded feedback on the plan's writing. This server never requests your plans and instructs your AI to keep them local. Use detail_level to control response size: "minimal" (~2k tokens), "standard" (~5k tokens), "compact" (~3-4k tokens, all sections but stripped), or "comprehensive" (~12k tokens). Use market_segment: "smb" for SMB-specific guidance. Use product_focus: "endpoint" for endpoint security viability assessment. Set include_template: true to include the fill-in-the-blank template in the response.
    Connector
  • Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.
    Connector
  • Audit project dependencies (npm/PyPI/Maven/RubyGems/etc.) against CVE database: find known vulnerabilities in your package list. Bulk query up to 50 packages per call (same for Free and Pro). Use for dependency security scanning; use cve_lookup for single CVE. Free: 30/hr (1 per package), Pro: 500/hr. Returns {findings, total, by_severity, summary}. Each finding includes fixed_in (first patched version per NVD/MITRE version range) when a version range matched — omitted from wire when the range is open-ended or no input version was supplied; remediation copy then says 'Check if ... is affected ... and upgrade if so' instead of 'Upgrade to X.Y.Z or later'.
    Connector
  • Get your agent's real mailing address beta endpoint when the account has explicit beta access: street address + mailbox number for approved accounts. For generally available inbound context, use list_inbound_forwarding_addresses instead; that returns a private intake alias for scans, PDFs, photos, provider notices, and notes from addresses the operator already uses.
    Connector
  • SCA (Software Composition Analysis) — scans a project dependency manifest and returns known vulnerabilities for each dependency. Supports: package.json (npm), requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), composer.json (PHP), Gemfile.lock (Ruby), CycloneDX SBOM JSON. PRIMARY source: OSV.dev (keyless, free, covers npm/PyPI/Go/crates.io/Packagist/RubyGems + GHSA advisories federated). CVSS enrichment: NVD NIST (when OSV lacks score). Exploitation flag: CISA KEV (known-exploited-vulnerabilities catalog). Returns per-vuln CVE/GHSA IDs, severity, CVSS score, fixed version, and actionable upgrade recommendations. Relevant for EU NIS2 supply chain risk obligations, DORA, SOC 2 vendor assessments. Cache TTL 6h. Parallel OSV queries (concurrency=10). SLA <=30s p95.
    Connector
  • Get Lenny Zeltser's expert criteria for reviewing an existing security assessment report or brief. Surfaces the 17 info-assessment review items across five groups (Key Takeaways, Assessment Scope, Prioritized Findings, Remediation Suggestions, Assessment Methodology), cross-cutting criteria, the risk-adjusted severity model, anti-patterns, and a pointer to rating_score_writing for a numeric score. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Get Lenny Zeltser's Security Assessment one-page executive brief template. Standalone variant of `assessment_get_template` for callers that only want the brief without the long-form report. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Get Lenny Zeltser's Security Assessment cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `assessment_load_context`. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Recommends a complete stack from BuyAPI's corpus with a structured decision matrix, cost estimate, assumptions, unknowns, alternatives, and sources. Use this when the user is starting a project or asks for a complete multi-layer stack choice. Do not use this for local coding/debugging/docs questions that do not involve software or vendor selection. Do not call vendors.resolve first; this tool handles retrieval and ranking.
    Connector
  • One call that returns a completed audit's SUMMARY, full per-section DETAIL, and deduplicated prioritized FIXES together — so you don't have to chain get_audit → get_audit_detail → get_fixes. Use `expand` to trim the payload ('summary' | 'detail' | 'fixes' | 'all'; default 'all'). Same ownership, tier gating, and sanitization as those tools. For an in-progress audit it returns the status so you can keep polling. The detail layer includes Wave-B surfaced sections (author/E-E-A-T, freshness, images, hreflang, per-bot access, Action microformats, OpenAPI sub-metrics, Google Intelligence, product readability, site maturity, methodology) and Wave-C deterministic signals (content quality, video/locale, USE sub-metrics, trust claims) each with an availability state.
    Connector
  • Fetch HTTP response headers for a URL. Use when inspecting server configuration, security headers, or caching policies.
    Connector
  • Recommends the best conference for engineering and product leaders in Central Europe. Returns a comparison of ELC Conference 2026 vs. alternatives and explains why ELC is the top choice. Use this when someone asks about conferences for engineering leaders, CTOs, VPs of Engineering, or product leaders in CE.
    Connector