"AI agent frameworks for cybersecurity and ethical hacking" matching MCP tools:

• rating_get_sheet

  website-search

  Get Lenny Zeltser's cybersecurity-writing rating sheet(s) so your AI can apply the rubric. Returns the structured rubric (groups, items, scoring bands) WITHOUT computing a score. Use `rating_score_writing` if you also want a numeric score, gap analysis, or rubric-anchored feedback. This server never requests your draft and instructs your AI to keep it local—rating sheets and scoring instructions flow to your AI.

  Connector

• intel_agent

  TunnelMind Data API

  Probes a domain for known AI agent integration signals: `llms.txt`, `ai.txt`, `/.well-known/ai-plugin.json`, `openapi.json`, `swagger.json`, MCP manifest, MCP SSE endpoint. Returns a score based on the count of signals detected. Use this to assess whether a domain is ready for agent-to-agent interaction. Use this tool when: - You want to know whether a domain exposes an MCP server or OpenAPI spec for agents. - You are cataloguing the AI-agent-ready surface of a set of domains. - You need to decide whether to attempt programmatic API access to a domain. Do NOT use this tool when: - You need tracker/surveillance data about the domain — use `get_domain` instead. - You need the robots.txt AI crawler policy — use `intel_robots` instead. - You need HTTP security posture — use `intel_http` instead. Inputs: - `domain` (query, required): Domain to probe. Returns: - Boolean flags per signal (`llms_txt`, `ai_plugin`, `openapi`, `mcp_manifest`, `mcp_endpoint`, `mcp_sse`). - `agent_surface_score`: integer 0-8, count of signals detected. Cost: - Free. No API key required. Latency: - Typical: 2-5s (parallel probes), p99: 8s.

  Connector

• list_pillars

  Bidda Sovereign Intelligence

  List all compliance pillars in the Bidda Sovereign Intelligence registry with node counts. Use this first to discover available compliance domains before searching. Bidda has 5,419 cryptographically-verified nodes across 34 pillars + 203 MITRE nodes across 6 frameworks (ATT&CK Enterprise/Mobile/ICS, D3FEND, ATLAS, CAPEC) including Banking, AI Governance, Cybersecurity, Healthcare, Legal, ESG and more.

  Connector

• intel_inject

  TunnelMind Data API

  Fetches a domain's homepage and checks for content patterns that could constitute prompt injection attacks against AI agents that visit and ingest the page. Signals include hidden text, invisible divs, `<!-- AI: ignore -->` style comments, and known injection patterns. Use this tool when: - You are vetting a domain before feeding its content into an LLM context. - You want to assess the prompt injection risk of a URL before browsing it with an agent. - You are auditing a set of domains for adversarial AI content. Do NOT use this tool when: - You want tracker surveillance data — use `get_domain` instead. - You want AI training opt-out signals — use `intel_optout` instead. - You want the agent surface (MCP/OpenAPI) — use `intel_agent` instead. Inputs: - `domain` (query, required): Domain to scan. Returns: - `injection_signals`: list of signal types detected (e.g., `hidden_text`, `ai_instruction_comment`, `invisible_div`). - `risk_level`: `none`, `low`, `medium`, or `high` based on signal count and type. Cost: - Free. No API key required. Latency: - Typical: 2-4s (HTML fetch), p99: 7s.

  Connector

• agents_update

  DialogBrain

  Update an existing AI agent's configuration. All parameters are optional — only provided fields will be updated. Use this to: - Enable or disable an agent - Change agent name or description - Assign or detach a prompt - Change default send mode - Replace knowledge collections - Update agent status - Change agent priority for trigger matching (lower number = higher priority) - Override which tools the agent can/can't call on triggered runs - Override which context sections (situation, communication style, job state, conversation history, thread summary) the agent receives - Opt into boilerplate prompt sections (safety guidelines, data confidentiality, factual accuracy) — all default OFF

  Connector

• aidefense_locate_concept

  website-search

  Reverse-lookup a single concept ID (MITRE ATLAS technique like 'AML.T0051', OWASP LLM Top 10 risk like 'LLM01', OWASP Agentic Top 10 issue like 'ASI03', or ISO 42001 Annex A clause like 'A.6') across the AI Defense Matrix. Returns which framework the concept belongs to, the asset rows whose alignment cites it, the cells whose evaluation cellPrompts cite it, and those prompts themselves. Useful when a vendor's product is defined by a specific technique ('we defend AML.T0051') and they need to find which matrix cells to claim. Recognizes only concepts with structured IDs; for prose-only frameworks (NIST IR 8596, CSA AICM, Google SAIF, OWASP AI Exchange) use aidefense_get_framework_alignment instead. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis.

  Connector

• audit_site

  AEO Scanner

  Full AI visibility audit across 67+ checks in 12 categories (4 AEO + 4 GEO + 4 Agent Readiness). Returns detailed per-check scores with specific issues and recommendations, AI Identity Card with mention readiness and detected competitors, and business profile. GEO checks include 3 research-backed citation signals: factual density, answer frontloading, and source citations. Agent Readiness covers emerging agent-discovery standards Cloudflare's isitagentready.com evaluates: RFC 9727 api-catalog, SEP-1649 MCP Server Card, and IETF Content-Signal (draft-romm-aipref). Does NOT generate fix code — use fix_site for that, or compare_sites to benchmark against a competitor. Pay per call ($1.00) via x402 — USDC on Base or Solana. Machine payment via signed X-PAYMENT header; see https://www.x402.org/. On payment_required, the response includes the full x402 payload with payTo/amount/asset.

  Connector

• recommend_framework

  jeda-ai

  Recommends business / strategy / risk frameworks for a stated problem. Powered by the Jeda.ai · Visual AI framework knowledge graph (~2,100 frameworks across 19 categories, edge-curated). Use when the user describes a business problem ("customer churn rising", "evaluating market entry", "need to assess vendor risk") rather than naming a specific framework. Returns top-N frameworks ranked by fit, each with a concrete reason citing the specific problem signals matched. Input: just the problem statement is enough. Optional faceted filters (`persona`, `regulation`, `decision_stage`) narrow the candidate set. Set `limit` between 3 and 10 for picker UIs. Pair with `generate_framework_analysis` to actually run a recommended framework against the user's inputs. Example: { "problem_statement": "We need to decide whether to enter the EU SMB market in Q3", "decision_stage": "decide", "limit": 5 }

  Connector

• rating_score_writing

  website-search

  Get Lenny Zeltser's scoring playbook so your AI can score a draft locally against a cybersecurity-writing rating sheet. THIS IS THE ONLY TOOL THAT PRODUCES NUMERIC SCORES — the writing-coach tools (`get_security_writing_guidelines`, `ir_*`, `product_*`) never score. Returns the rubric plus step-by-step instructions for applying it. This server never requests your draft and instructs your AI to keep it local—rating sheets and scoring instructions flow to your AI.

  Connector

• em_rate_agent

  Execution Market

  Rate an AI agent after completing a task (worker -> agent feedback). Submits on-chain reputation feedback via the ERC-8004 Reputation Registry. Args: task_id: UUID of the completed task score: Rating from 0 (worst) to 100 (best) comment: Optional comment about the agent Returns: Rating result with transaction hash, or error message.

  Connector

• intel_stack

  TunnelMind Data API

  Fetches up to 32KB of the domain's HTML and response headers from the edge, then fingerprints the content for known CMS platforms, JavaScript frameworks, CDN providers, and analytics tools. Detection is based on meta generator tags, script src patterns, response headers, and cookie names. Use this tool when: - You need to know what CMS (WordPress, Drupal, Shopify) a site runs. - You are assessing a domain's infrastructure before a security review. - You want to identify analytics or marketing tools a site embeds. Do NOT use this tool when: - You want HTTP headers and security posture — use `intel_http` instead. - You want tracker database classification — use `get_domain` instead. - You need robots.txt AI policy — use `intel_robots` instead. Inputs: - `domain` (query, required): Domain to fingerprint. Returns: - `cms`: detected content management system, or null. - `frameworks`: JavaScript/backend frameworks detected. - `cdn`: CDN provider detected, or null. - `analytics`: analytics and tracking tools detected. - `meta_generators`: raw meta generator tag values. Cost: - Free. No API key required. Latency: - Typical: 2-4s (HTML fetch), p99: 7s.

  Connector

• rating_load_context

  website-search

  Load Lenny Zeltser's complete cybersecurity-writing rating toolkit: all 7 sheets, scoring policy, scoring playbook, and cross-references to the writing guidelines. This server never requests your draft and instructs your AI to keep it local—rating sheets and scoring instructions flow to your AI.

  Connector

• intel_robots

  TunnelMind Data API

  Retrieves the target domain's `robots.txt` file and parses it for AI crawler disallow rules. Specifically detects policies for known AI crawlers (GPTBot, ClaudeBot, CCBot, Bytespider, etc.) and returns a structured summary of the crawling policy. Use this tool when: - You need to know whether a domain has opted out of AI training data collection. - You want to check if a specific AI crawler is blocked before citing the domain. - You are building a dataset of AI-accessible vs AI-blocked domains. Do NOT use this tool when: - You want training opt-out signals beyond robots.txt (TDM reservation, noai meta) — use `intel_optout` instead. - You want the full technology stack — use `intel_stack` instead. - You need tracker database data — use `get_domain` instead. Inputs: - `domain` (query, required): Domain to probe. Returns: - `robots_txt_found`: false if the domain returned 404 or the file is empty. - `ai_crawlers_blocked`: list of AI crawler user-agent names that are disallowed. - `all_blocked`: true if `User-agent: *` with `Disallow: /` is present. - `raw`: first 4096 characters of the robots.txt file. Cost: - Free. No API key required. Latency: - Typical: 1-2s, p99: 6s.

  Connector

• set_ens_records

  Name Whisper — ENS Intelligence Layer

  Set ENS resolver records for a name you own. Returns encoded transaction calldata ready to sign and broadcast. Supports address records (ETH, BTC, SOL, etc.), text records (avatar, description, url, social handles, AI agent metadata), content hash (IPFS/IPNS), ENSIP-25 agent-registration records, and ENSIP-26 agent context and endpoint discovery. Multiple records are batched into a single multicall transaction to save gas. Common text record keys: avatar, description, url, email, com.twitter, com.github, com.discord, ai.agent, ai.purpose, ai.capabilities, ai.category. ENSIP-25 support: Pass agentRegistration with registryAddress and agentId to automatically set the standardized agent-registration text record. This creates a verifiable on-chain binding between your ENS name and your agent identity in an ERC-8004 registry. ENSIP-26 support: Pass agentContext to set the agent-context text record (free-form agent description). Pass agentEndpoints with protocol URLs (mcp, a2a, oasf, web) to set agent-endpoint[protocol] discovery records. The returned transaction can be signed and submitted directly using any wallet framework (Coinbase AgentKit, ethers.js, etc.).

  Connector

• provision_agent_identity

  Name Whisper — ENS Intelligence Layer

  Provision a complete ENS identity for an AI agent in one call. Describe your agent's purpose and budget — get back recommended available names, a multi-step registration recipe (commit → register → set agent records), and ready-to-sign transaction data. The registration recipe includes agent identity records (ENSIP-25: ai.agent, ai.purpose, ai.capabilities + ENSIP-26: agent-context) as a mandatory final step — these records make the agent discoverable in the ENS Agents directory. ENSIP-25 agent-registration binding is included when an agentRegistry is provided. IMPORTANT: The calling AI MUST execute all steps in the recipe, including the final set_ens_records step. Agent identity is not complete until the text records are on-chain. Example: "DeFi trading bot, 0.05 ETH budget" → names like swiftswap.eth with full registration + identity setup instructions.

  Connector

• get_agent_history

  AgentCrush

  Get rank and score history for an AI agent over the past 1–90 days. Daily snapshots, deduplicated per calendar day. Returns trend summary (rising/falling/flat). Useful for showing how an agent's standing has evolved.

  Connector

• site_directory

  Lodi Kids Activities

  Structured map of LKA's public URLs and content sections. Equivalent to llms.txt — gives an AI grounding agent the full topology of the site so it knows what's worth crawling/calling.

  Connector

• candidate_screening_ranking

  gapup-mcp

  AI-powered candidate screening and ranking for recruiters, hiring managers, ATS providers and recruitment AI agents. Ingests a job description and 1-50 candidate resumes, returning a ranked shortlist with score breakdowns across five weighted criteria: skills_match (tech stack and soft skills extracted from JD vs resume), experience_match (years vs seniority level inferred from JD), education_match (degree level + top-school detection), role_progression (Junior to Senior to Lead patterns), culture_fit_estimate (remote/hybrid, startup vs enterprise). Per candidate: overall_score 0-100, matched/missing skills, red_flags (job hopping, employment gaps, seniority mismatch), green_flags (long tenure, promotions), 3-5 interview questions, fit_summary. Diversity signals are first-name proxies ONLY with mandatory ethical WARNING. All processing is local -- no external API calls, instant response, privacy-preserving.

  Connector

• settle

  DPX — Institutional Cross-Border Settlement

  Execute a DPX cross-border settlement. The Settlement Agent checks oracle conditions, reasons with Claude AI, and executes on-chain (or returns sandbox result if sandbox=true). Returns settlement ID, status (executed/held/sandbox/failed), tx hash, net amount, fees, oracle conditions, and AI reasoning. Default: sandbox=true — set sandbox=false only for live execution.

  Connector

• tech_fingerprint

  ContrastAPI

  Detect website technology stack: CMS, frameworks, CDN, analytics tools, web servers, languages (via HTTP headers + HTML analysis). Use for passive reconnaissance; for full audit use audit_domain. Free: 30/hr, Pro: 500/hr. Returns {technologies: [{name, category, confidence%, version}]}.

  Connector