Skip to main content
Glama
261,119 tools. Last updated 2026-07-05 11:02

"Allowing a model to access and read content from links" matching MCP tools:

  • Walk and verify a stamp's full provenance lineage by merkle_root. Use this when a stamp was created with derived_from links, to map what an output was built from. Returns a MAP of the graph (not a yes/no verdict): each node carries hash_binds and anchored, each edge carries edge_verified, and `valid` is true only if every node and edge checks out. A node whose payload was never published is an unresolved frontier (resolved:false). Read-only. Provenance, not truth.
    Connector
  • Fetch a specific filing's metadata and document content by accession number. Returns the primary document as readable text. Use offset/next_offset for multi-page access to large filings (10-K, S-1 can exceed 1M chars): pass the next_offset from a truncated response to read the next page. Use section to jump directly to a heading (e.g. 'risk factors', 'item 7') without needing an offset.
    Connector
  • Search the MITRE D3FEND catalog of defensive techniques by keyword, tactic, or targeted artifact. Default response is SLIM (drops `uri` from each row — saves ~60 chars/row, ~30% on popular drills); pass include='full' for the verbose record. Pass exclude_id when chaining from d3fend_defense_lookup to skip self in sibling-artifact searches. Use to discover defenses applicable to a given threat model — e.g. 'what defenses harden access tokens?' (tactic=Harden + artifact='Access Token'). Drill into d3fend_defense_lookup with any returned defense_id for the ATT&CK technique mappings. Free: 30/hr, Pro: 500/hr. Returns {query, total, results [{defense_id, label, uri (only when include=full), parent_label, tactic, artifact}], next_calls}.
    Connector
  • DESTRUCTIVE to access — the OLD root password STOPS WORKING immediately. REQUIRES confirm = exact hostname (from get_vps_status) or 'DELETE'. Agent must confirm with the human before calling. New password is NOT in this response — read it ONCE via get_vps_status (also emailed).
    Connector
  • Fetch the FULL TEXT of a biomedical paper from PubMed Central (the open-access subset) by PubMed ID. PREFER OVER get_abstract when you need methods/results/discussion, not just the abstract — "read the full paper", "what methods did <PMID> use", "extract details from the paper". Resolves the PMID to its PMC id and returns the article body text (capped ~40k chars). Only open-access articles are in PMC — returns has_full_text:false (use get_abstract) otherwise.
    Connector
  • Returns turva.dev's own agent-readiness scores from independent public scanners (startuphub.ai, isitagentready.com), including per-scanner sub-scores, leaderboard rank, and notable wins, with the measurement date and verification links. Use this when a user asks how turva.dev scores, whether its claims are verifiable, or what proof backs the audit service. Read-only: returns static JSON and changes nothing.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • Transform any blog post or article URL into ready-to-post social media content for Twitter/X threads, LinkedIn posts, Instagram captions, Facebook posts, and email newsletters. Pay-per-event: $0.07 for all 5 platforms, $0.03 for single platform.

  • Anchor a content-creation event to the Knox chain; returns a C2PA-aligned, FRE 902-shaped bundle.

  • Fetch a read-only HeyClaude registry entry detail payload by category and slug. By default (bodyMode='excerpt') the body markdown is trimmed to a short lead and large copyable fields are omitted to conserve context, with bodyChars/bodyTruncated/omittedFields describing what was dropped; pass bodyMode='full' for the complete content or 'none' to drop the body entirely. Use entry.asset to retrieve omitted install/script content.
    Connector
  • Return public pricing, checkout, documentation, and access links for SEC Event Intelligence without an API key. Use this after sec_demo_latest_filings to choose the free Basic tier or the $19/month Pro starter plan for production watchlist polling. Authentication: no API key required for this public MCP setup tool.
    Connector
  • Create a link-in-bio site with a name, bio, and links. Returns a live URL on unu.lu that expires in 1 hour unless claimed. Do NOT call until you have at least a name and one link from the user — gather real content first, never create with placeholder or empty content. If the user provides a handle (e.g. '_guy.a' for Instagram), construct the full URL yourself — do not ask them to paste it. When feasible, offer to find all public links for the person. Before calling: tell the user they can choose a skin on the preview page for the overall aesthetic; ask permission before adding emoji leading_icons to decorate links (for not-well-known social URLs). The response includes an assistant_message with the site URL and claim details — present these to the user. Persist claim_token and claim_code_short for subsequent updates — never ask the user for them back in the same conversation. Never create a duplicate site; always update the existing one. After creation: tell the user they can pick a custom handle when they claim; share the preview URL in a copy-paste block; offer to refine bio, links, or ordering. Keep iteration fast — apply changes immediately, don't re-confirm minor edits.
    Connector
  • Run a read-only SQL query in the project and return the result. Prefer this tool over `execute_sql` if possible. This tool is restricted to only `SELECT` statements. `INSERT`, `UPDATE`, and `DELETE` statements and stored procedures aren't allowed. If the query doesn't include a `SELECT` statement, an error is returned. For information on creating queries, see the [GoogleSQL documentation](https://cloud.google.com/bigquery/docs/reference/standard-sql/query-syntax). Example Queries: -- Count the number of penguins in each island. SELECT island, COUNT(*) AS population FROM bigquery-public-data.ml_datasets.penguins GROUP BY island -- Evaluate a bigquery ML Model. SELECT * FROM ML.EVALUATE(MODEL `my_dataset.my_model`) -- Evaluate BigQuery ML model on custom data SELECT * FROM ML.EVALUATE(MODEL `my_dataset.my_model`, (SELECT * FROM `my_dataset.my_table`)) -- Predict using BigQuery ML model: SELECT * FROM ML.PREDICT(MODEL `my_dataset.my_model`, (SELECT * FROM `my_dataset.my_table`)) -- Forecast data using AI.FORECAST SELECT * FROM AI.FORECAST(TABLE `project.dataset.my_table`, data_col => 'num_trips', timestamp_col => 'date', id_cols => ['usertype'], horizon => 30) Queries executed using the `execute_sql_readonly` tool will have the job label `goog-mcp-server: true` automatically set. Queries are charged to the project specified in the `projectId` field.
    Connector
  • Register a new agent account and get an API key. No authentication needed. The returned API key grants read+write access to all BorealHost API endpoints. Store it securely — it cannot be retrieved again. The key is automatically activated for this session — all subsequent tool calls will use it. No extra configuration needed. If no email is provided, a synthetic agent identity is created (agent-{uuid}@api.borealhost.ai). If an email is provided, it links to an existing or new human account. Args: name: Human-readable name for this API key (default: "Agent Key") email: Optional email to link to a human account Returns: {"api_key": "bh_...", "key_id": "uuid", "prefix": "bh_...", "scopes": ["read", "write"], "account_id": "uuid", "message": "Store this API key securely..."} Errors: RATE_LIMITED: Max 5 registrations per IP per hour VALIDATION_ERROR: Invalid email format
    Connector
  • List files and directories in a site's container. Path scoping depends on the plan: - Shared plans: rooted at wp-content/ (WordPress content directory) - VPS/dedicated plans: full filesystem access Requires: API key with read scope. Args: slug: Site identifier path: Relative path to list (empty for root of accessible area) Returns: {"path": "/", "entries": [{"name": "index.php", "type": "file", "size": 1234, "modified": "iso8601"}, {"name": "uploads", "type": "directory", "modified": "iso8601"}]} Errors: NOT_FOUND: Unknown slug or path doesn't exist
    Connector
  • List all Argo campaigns the current grant token has access to, including the access level ("read" or "read+write") for each. Call this first when the user has not provided a campaign ID. Each entry includes both `campaignName` and `id` (shown inline as `[id: …]` and also in structuredContent.idMap). Use the `id` verbatim for any subsequent tool call that takes a `campaignId`. In prose to the user, refer to campaigns by `campaignName`; do not print the raw `id` unless asked.
    Connector
  • Reads the rendered text content of a Google Chrome tab. Identify the tab either by `url_match` (substring match against URL; first hit wins) or by `window_index` + `tab_index` (from chrome_list_tabs). Text is capped at `max_bytes` (default 100 KB). Pass `include_html: true` to also get the raw HTML source. Pass `include_links: true` to extract all links with their href and text. Requires 'Allow JavaScript from Apple Events' (Chrome → View → Developer); run chrome_setup_check if reads come back empty.
    Connector
  • Pre-execution content scan for skill/instruction files. Analyzes the full text of a skill (markdown, plain text, SKILL.md, etc.) for malicious patterns BEFORE the agent follows the instructions. This is the critical defense against remote skill-mediated credential exfiltration (CodeMax attack class, 2026-03-14) where model-level safety only fires AFTER the payload has already executed. Call this on any skill/instruction content fetched from the web before executing any of its steps. If should_block is True, refuse to proceed. Detection signals: - Download-and-execute chains (wget/curl → chmod +x → run) - Bootstrap file modification (.npmrc, NODE_OPTIONS, LD_PRELOAD) - Encrypted credential exfiltration (GPG, openssl → HTTP POST) - Credential access patterns (process.env, keychain, .env files) - Code obfuscation (base64 decode pipe to shell) - Multi-stage kill chain correlation Args: content: Full text content of the skill file source_url: URL where the skill was fetched from (for reporting) Returns: risk: "CLEAN" | "LOW" | "SUSPICIOUS" | "MALICIOUS" risk_score: 0.0–1.0 should_block: True if the skill should NOT be executed should_warn: True if the skill warrants user confirmation kill_chain: True if a multi-stage attack chain was detected signals: List of detection signals with categories and excerpts content_hash: SHA256 of the content (for IOC submission if malicious)
    Connector
  • SECOND STEP in the troubleshooting workflow. Read the full content and solution of a specific Knowledge Base card. Returns the card content WITH reliability metrics and related cards so you can assess trustworthiness and explore connected issues. WHEN TO USE: - Call this ONLY after obtaining a valid `kb_id` from the `resolve_kb_id` tool. INPUT: - `kb_id`: The exact ID of the card (e.g., 'CROSS_DOCKER_001'). OUTPUT: - Returns reliability metrics followed by the full Markdown content of the card, plus related cards. - You MUST apply the solution provided in the card to resolve the user's issue. - After applying, you MUST call `save_kb_card` with `outcome` parameter to close the feedback loop.
    Connector
  • Discover all knowledge bases you have access to. Returns collection names, descriptions, content types, stats, available operations, and usage examples for each collection. Call this first to understand what data is available before searching.
    Connector
  • Fetches the complete markdown content of an Apollo documentation page using its slug, or everything after https://apollographql.com/docs. Documentation slugs can be obtained from the SearchDocs tool results. Use this after ApolloDocsSearch to read full pages rather than just excerpts. Content will be given in chunks with the totalCount field specifying the total number of chunks. Start with a chunkIndex of 0 and fetch each chunk.
    Connector
  • Sync user-entered field values of the open Market Cap Calculator back to the session store so the model can read them via the state tool. Called by the View after any field change; hidden from the model.
    Connector
  • Create a new API key with specified scopes. Cannot create keys with higher scopes than the current key. Site-scoped keys restrict access to a single site. Requires: API key with write scope. Args: name: Human-readable name for the key (1-100 chars) scopes: Comma-separated scopes. Options: "read", "read,write", "read,write,admin". Default: "read" site_slug: Optional — restrict the key to a single site. Omit for account-wide access. Returns: {"api_key": "bh_...", "key_id": "uuid", "prefix": "bh_...", "name": "My Key", "scopes": ["read", "write"], "message": "Store this API key securely — it will not be shown again."} Errors: VALIDATION_ERROR: Invalid name, scopes, or max 25 active keys FORBIDDEN: Cannot create keys with higher scopes than current key
    Connector