"A tool for checking Common Vulnerabilities and Exposures (CVEs)" matching MCP tools:

• kev_detail

  ContrastAPI

  Look up CISA KEV (Known Exploited Vulnerabilities) full record for a CVE. Returns federal patch deadline (due_date), CISA-specified required_action remediation, known ransomware association, vendor/product, the CISA-given common name (e.g. 'Log4Shell'), CISA-reported CWE list, plus lifecycle metadata: date_updated (when CISA last revised the entry), date_removed (set when CISA removed the CVE from the catalog — null while still active), and updated_at (our DB sync freshness). Returns 404 when the CVE is not in the KEV catalog — use cve_lookup for non-KEV CVEs. Best follow-up after cve_lookup or cve_search(kev=true) when an in_kev=true CVE is identified; chain with cwe_lookup on each returned CWE to investigate the weakness category. Free: 30/hr, Pro: 500/hr. Returns {cve_id, vendor_project, product, vulnerability_name, date_added, due_date, required_action, known_ransomware_use, notes, cwes, date_updated, date_removed, updated_at, verdict, next_calls}.

  Connector

• osv_query_package

  osv-advisory-mcp-server

  Query known vulnerabilities for a single package version across any supported ecosystem. Returns all matching OSV advisories with severity (CVSS vectors), CVE aliases, affected version ranges, and first safe version. Use osv_list_ecosystems to validate the ecosystem string before querying — ecosystem strings are case-sensitive exact matches and an invalid value returns an error, not empty results.

  Connector

• law_legislation_get_section

  UK Business Tools - Ledgerhall

  USE THIS TOOL WHEN you have a known Act / SI and want the parsed text of a specific section, with extent and in-force metadata. Returns full section text, territorial extent, in-force status, and prospective flag. Content capped per max_chars (default 10,000, ~2,500 tokens) — raise for unusually long definition sections; check content_truncated in the response. ALWAYS check `extent` — a section may apply to England & Wales but not Scotland or Northern Ireland. Reciting a section without checking extent is a recurring legal-research error. Alternative: call read_resource(uri="legislation://{type}/{year}/{number}/ section/{section}") for raw CLML XML; use this tool when you want the parsed structured response instead.

  Connector

• google_flights_location_search

  Searchapi

  Search for airports and cities to get their identifiers for Google Flights tools. Returns: - IATA airport codes (e.g., 'JFK') for specific airports - kgmid (e.g., '/m/02_286') for cities - searches all airports in that city Use this tool when you have a city name like 'New York' or 'Paris' and need to convert it to codes that the flight tools accept. Note: Common IATA codes like JFK, LAX, SFO, LHR, CDG, NRT can be used directly without this tool.

  Connector

• gpi_status_codes

  banking-intelligence

  Explain SWIFT GPI tracking status codes and provide stuck-payment investigation guidance. USE THIS TOOL FIRST whenever the user reports a payment that is stuck, delayed, not arriving, held, pending, rejected, or otherwise not behaving as expected. It is the primary diagnostic entrypoint for payment investigation — calling with a specific code returns a full investigation playbook (common delay causes, recommended actions, GPI SLA timeframes, escalation steps). Recommended calls by scenario: - Payment "stuck" / "in progress" / "pending" / "not arrived": gpi_status_codes("ACSP") → playbook for in-progress payments - Payment explicitly "on hold" / compliance review: gpi_status_codes("PDNG") → playbook for held payments - Payment "blocked" / sanctions flag: gpi_status_codes("BLCK") → playbook for blocked payments - Payment rejected by a bank in the chain (never credited): gpi_status_codes("RJCT") → rejection investigation playbook - Payment returned to sender (accepted then sent back): gpi_status_codes("RTRN") → return investigation playbook - Reference for ISO 20022 codes: gpi_status_codes() → list all codes Each code call returns: - Code description and meaning - For ACSP/PDNG/BLCK/RJCT/RTRN: investigation playbook with common causes, recommended actions (request gCCT tracker, request pacs.002/pacs.004 reason code, verify beneficiary details, escalate via MT199, etc.), and common ISO 20022 reason codes (AC01, AC04, AG01, RR01-RR04, etc.) when applicable - Child reason codes (e.g., G001-G004 for ACSP) that narrow the cause further Common codes: ACCC (success), ACSP (in progress), RJCT (rejected), PDNG (on hold), BLCK (blocked). GPI reason codes (G000-G004) qualify ACSP with more detail (e.g. G001 = cover payment sent, G002 = forwarded to next agent). Examples: gpi_status_codes("ACSP") # stuck-payment diagnostic playbook gpi_status_codes("G001") # detail on a specific reason code gpi_status_codes() # full reference list

  Connector

• search_datanexus_tools

  DataNexus MCP

  Find the right DataNexus tool by describing your task in plain English. Read-only. No side effects. Call this before any other DataNexus tool to reduce context load from 40000 to 800 tokens. query: Plain English description of your task e.g. check if a Python package has CVEs or look up a UK charity by name. Required. domain: Restrict results to one sub-server: nonprofit, security, compliance, domain, legal, govcon, or regulatory. Optional. Returns matching tool names and parameter hints you can call directly. Do not call this recursively or to validate results — use validate_tool_output for that. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="search_datanexus_tools", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

  Connector

• security_audit_sbom_vulnerabilities

  DataNexus MCP

  Audit a Software Bill of Materials for known vulnerabilities across all listed packages. Read-only. No side effects. Idempotent. sbom_json: CycloneDX or SPDX SBOM as a JSON string. Required. Large SBOMs (100+ packages) may take up to 10 seconds. Returns CVEs grouped by package with severity and fixed versions. Use this when you have a full SBOM to audit. Use security_fetch_package_vulnerabilities instead when checking a single package version. Verified source: Google OSV.dev batch API. 1-hour cache. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_audit_sbom_vulnerabilities", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

  Connector

• audit_stack

  Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database

  Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and searches for critical/ high severity CVEs with public exploits for each one, sorted by EPSS exploitation probability. Use this when a user describes their infrastructure and wants to know what to patch first. Example: technologies='nginx, postgresql, node.js' returns a risk-sorted list of exploitable CVEs grouped by technology. Rate-limit cost: each technology requires up to 2 API calls; 5 technologies counts as up to 10 calls toward your rate limit.

  Connector

• dependency_vulnerability_scan

  gapup-mcp

  SCA (Software Composition Analysis) — scans a project dependency manifest and returns known vulnerabilities for each dependency. Supports: package.json (npm), requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), composer.json (PHP), Gemfile.lock (Ruby), CycloneDX SBOM JSON. PRIMARY source: OSV.dev (keyless, free, covers npm/PyPI/Go/crates.io/Packagist/RubyGems + GHSA advisories federated). CVSS enrichment: NVD NIST (when OSV lacks score). Exploitation flag: CISA KEV (known-exploited-vulnerabilities catalog). Returns per-vuln CVE/GHSA IDs, severity, CVSS score, fixed version, and actionable upgrade recommendations. Relevant for EU NIS2 supply chain risk obligations, DORA, SOC 2 vendor assessments. Cache TTL 6h. Parallel OSV queries (concurrency=10). SLA <=30s p95.

  Connector

• cve_leading

  ContrastAPI

  List CVEs indexed from MITRE/GHSA BEFORE NVD publication (early-warning, freshest data). By default each result is slim (no description, no cvss_breakdown, no affected_products list, no references) — pass include='full' for the same payload shape as cve_lookup; for drill-down on a single CVE prefer cve_lookup. Use for threat intelligence on emerging CVEs; use cve_search for published NVD data. Verdict (sources_queried, falsifiable_fields, completeness, data_age) is at the response root — applies to the whole batch, not per-row. Response carries a global hint pointing at cve_lookup — drill into any returned cve_id for full detail and chained pivots (exploit_lookup, kev_detail, cwe_lookup). Free: 30/hr, Pro: 500/hr. Returns {count, total, truncated, offset, summary, results, next_offset, verdict, hint}.

  Connector

• hemmabo_booking_quote

  HemmaBo Host Booking Engine

  Get a detailed pricing quote for a specific property, dates, and guest count. Use this tool after confirming availability to show the user exact pricing before booking. Do NOT use before checking availability — the quote may be invalid if dates are unavailable. Returns the final host-source total for the booking flow, per-night breakdown, and package pricing context. All prices are integers in the property's local currency (e.g. SEK).

  Connector

• worldbank_get_data

  worldbank-mcp-server

  Queries World Bank indicator values for one or more countries across a time range. The primary data-access tool — use worldbank_search_indicators to find indicator_id values. Returns observations with null values when data is not available for a country×year cell (common for sparse series). Specify either date_range (historical analysis) or mrv (most recent N values), not both. For "all" countries, use pagination (per_page up to 1000) since the API returns ~266 entries per indicator.

  Connector

• confirm_donation

  zooidfund

  Step 2 of the MCP donation flow. Required inputs: campaign_id, amount, reasoning, and tx_hash. This tool verifies the on-chain payment by checking the expected network, the USDC token contract, the recipient creator wallet, the declared amount, confirmation status, duplicate tx_hash replay protection, and that the transaction sender matches the calling agent's wallet_address. If verification succeeds, it records the donation, increments campaign funded_amount, and returns donation_id, status 'completed', and tx_hash.

  Connector

• scan_skill

  SecurityScan

  Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")

  Connector

• legislation_get_section

  UK Legal Research

  USE THIS TOOL WHEN you have a known Act / SI and want the parsed text of a specific section, with extent and in-force metadata. Returns full section text, territorial extent, in-force status, and prospective flag. Content capped per max_chars (default 10,000, ~2,500 tokens) — raise for unusually long definition sections; check content_truncated in the response. ALWAYS check `extent` — a section may apply to England & Wales but not Scotland or Northern Ireland. Reciting a section without checking extent is a recurring legal-research error. Alternative: call read_resource(uri="legislation://{type}/{year}/{number}/ section/{section}") for raw CLML XML; use this tool when you want the parsed structured response instead.

  Connector

• parliament_find_member

  UK Legal Research

  USE THIS TOOL WHEN you have a member's name and need their integer member_id. Returns all members matching the name query, each with the integer `id`, party, constituency, house, and current-sitting status. Disambiguates common-name matches (e.g. "Lord Smith" returns multiple peers). CALL THIS BEFORE any tool that filters by member_id — including parliament_get_debate_contributions, parliament_member_debates, and parliament_member_interests. Name → ID first; ID-based filtering second. Skipping this step and text-searching by name returns unrelated results (see parliament_search_hansard's anti-bypass note for the Pannick case).

  Connector

• cwe_lookup

  ContrastAPI

  Look up MITRE CWE (Common Weakness Enumeration) catalog record from research view 1000. Default response is SLIM (first 3 mitigations, first 3 examples; extended_description is null) — pass include='full' for the verbose record (full mitigations + examples lists, populated extended_description). Returns description, abstract type (Pillar/Class/Base/Variant/Compound), status (Stable/Draft/Incomplete/Deprecated), exploit likelihood, recommended mitigations, observed example CVEs, parent_cwe (walk up the hierarchy), child_cwes (drill down to more specific weaknesses), and cve_count (LOWER BOUND — counts only CVEs whose primary CWE matches; CVEs with multiple CWEs may not be counted). Use after cve_lookup or kev_detail to understand the underlying weakness category; chain with cve_search(cwe_id=...) to enumerate all matching CVEs. Returns 404 when the CWE is not in research view 1000. Free: 30/hr, Pro: 500/hr. Returns {cwe_id, name, description, extended_description (null on slim, populated on include='full'), abstract_type, status, likelihood, mitigations (first 3 by default), total_mitigations, examples (first 3 by default), total_examples, parent_cwe, child_cwes, cve_count, updated_at, verdict, next_calls}.

  Connector

• wsdot_get_vessel_locations

  wsdot-mcp-server

  Returns real-time AIS positions, speed, heading, ETA, and dock status for all active WSF vessels. Use for "where is the ferry now?", vessel tracking, or checking if a vessel is in service. Position data may lag by 30–60 seconds. Many fields are null for vessels not currently operating.

  Connector

• service_status

  Vies Eu

  List all EU member states and whether each national VAT-checking service is currently Available or Unavailable, plus overall VIES (VoW) availability. Use this before/after a failed check_vat to tell a temporary national outage apart from a genuinely invalid VAT number.

  Connector

• vulnerabilities

  Osv Dev

  Find vulnerabilities affecting a package — optionally narrowed to a specific version, or alternatively by git commit hash. Pass package_name + ecosystem (npm / PyPI / Maven / NuGet / RubyGems / crates.io / Packagist / Hex / Pub / Go / Debian / Alpine / Ubuntu / Linux). Returns shaped vuln list with severity_level, affected_summary (introduced→fixed ranges), aliases, references, advisory_url. Use for "is lodash 4.17.4 safe", "what hits requests<2.20", "every CVE for log4j".

  Connector