Skip to main content
Glama
299,395 tools. Last updated 2026-07-14 21:54

"Arch Linux package management tool with Wiki access and safety checks" matching MCP tools:

  • Permanently delete a published website. The site will be immediately inaccessible. Requires authentication via edit_key or api_key, and requires confirm: true as a safety mechanism to prevent accidental deletion. Use this when a user explicitly asks you to remove or delete a site. IMPORTANT: Always confirm with the user before calling this tool — deletion cannot be undone.
    Connector
  • Permanently delete a published website. The site will be immediately inaccessible. Requires authentication via edit_key or api_key, and requires confirm: true as a safety mechanism to prevent accidental deletion. Use this when a user explicitly asks you to remove or delete a site. IMPORTANT: Always confirm with the user before calling this tool — deletion cannot be undone.
    Connector
  • Full-text search the ACC Docs repository of a project for drawings, specs, submittals, and other files via the APS Data Management search endpoint. When to use: The user wants to find a document by keyword (filename, sheet number, or metadata match). E.g. 'find the latest A-201 sheet' or 'search for mechanical specs on Tower project'. When NOT to use: Do not use to upload a file (use acc_upload_file); do not use to fetch issues/RFIs. If you already have a document URN, fetch it directly with an agent that has Data Management folder/item access. APS scopes: data:read account:read. No write scope required. Rate limits: APS Data Management ~50 req/min per app per endpoint; pageable (limit 200 upstream). Avoid tight query loops. Errors: 401 (APS token expired — refresh); 403 (user lacks Docs view permission on the project); 404 (project_id not found — verify 'b.' prefix and hub membership); 422 (invalid filter syntax — simplify query text); 429 (rate limit — back off 60s); 5xx (ACC upstream — retry with jitter). Side effects: None. Read-only and idempotent.
    Connector
  • Validates a package of 2-20 related trade finance documents for cross-document consistency. Call this BEFORE approving any multi-document trade finance transaction or cross-border shipment -- at the moment a set of 2-20 related documents arrives from an external party and funds have not been released. Use this when your agent has received a full trade finance package — such as invoice, bill of lading, and certificate of origin together — and must verify all documents are consistent with each other before releasing funds. Returns PASS/FLAG/FAIL verdict per document with mismatch details. Cross-checks all documents for consistency across numeric values, party names, reference numbers, dates, and commodity descriptions. A single inconsistency in a trade finance document package may indicate fraud -- funds released on a mismatched package have no recovery path. Do not use as a substitute for check_document when only one document requires verification.
    Connector
  • Health & security posture of a software package (npm / PyPI / Go / Maven / Cargo / NuGet / RubyGems) from deps.dev (Google Open Source Insights, keyless): latest version, license, count of known security advisories, the OpenSSF Scorecard (0-10 security-posture score for the source repo + its weakest checks) and popularity (stars/forks). The "should I depend on this?" check — pairs with check_vulnerability (is a version vulnerable) and software_version (is the runtime current). Args: package (e.g. "lodash", "requests"), ecosystem (npm|pypi|go|maven|cargo|nuget|rubygems), version (optional — defaults to the latest). Every value is returned in an Ed25519-signed, provenance-stamped envelope (source and observation time) you can verify offline against /.well-known/keys, no account required.
    Connector
  • Use when: the user is blocked by a package, setup, runtime, config, or integration problem — search shared fixes before debugging from memory. Returns: matching solutions; when count is 0, also returns next_action, open_issues, and hint for the required next step. Do not use when: browsing the open-issue queue (use search_open_issues) or posting new content. Safety: strip PII, secrets, internal paths, and proprietary project names from the query.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • List supported Linux operating systems and their corresponding versions for use with the `linux_audit` tool. ## What this tool does Returns an array of supported OS/version pairs, each in the form: {"os":"name", "versions":["version or codename"]} This allows the LLM and the user to know exactly which inputs are valid for the `linux_audit` tool. ## When to use this tool Use this tool when: - the user does not know which OS names or versions are supported - the user provides unclear or ambiguous OS information - you need to validate `os`/`version` before performing a Linux audit This tool should typically be called **before `linux_audit`** whenever parameters are uncertain. ## Inputs This tool does not require any input. ## Outputs Returns an array of objects: - **os**: supported Linux distribution identifier - **versions**: corresponding list of supported release or codename Example: [ {"os": "ubuntu", "versions": ["noble","focal"]}, {"os": "debian", "versions": ["bookworm","sid"]}, {"os": "redhat", "version": ["redhat-9.0"]} ] ## LLM usage guidelines - Use this tool to validate or suggest correct OS/version combinations before calling `linux_audit`. - If the user provides invalid or misspelled OS names, retrieve the official list here and ask them to select one. - Do not guess operating system identifiers-always rely on this tool to confirm correctness.
    Connector
  • Analyze text for writing style issues: weasel words, passive voice, duplicate words, long sentences, nominalizations, hedging, filler adverbs, and research-cited AI tells. Read-only and stateless — text is analyzed in memory on the hosted server and never stored. Returns a plain-text report with each issue's line and column, the matched text, surrounding context, and the reason for AI tells; texts over 100,000 characters return an error message. This hosted server has no filesystem access — the wsc-mcp npm package adds a check_file tool for local files. It only reports issues — to auto-remove duplicate words, follow up with fix_duplicates.
    Connector
  • Use this tool when you need the most complete token safety signal and social traction or holder momentum is part of your decision criteria. Input the contract address and chain (Base gives full signals; other chains return holder velocity as unknown). Returns the standard safety verdict plus Farcaster mention count and sentiment (last 24h) and holder growth trend — so you can catch tokens with anomalous momentum or negative social sentiment that on-chain checks alone would miss. Example input: {"contractAddress":"0x4ed4e862860bed51a9570b96d89af5e1b0efefed","chainId":"base"} Example output shape: {"riskScore":12,"recommendation":"SAFE","pro":{"proVerdict":"SAFE","farcaster":{"mentions":14,"sentiment":"positive"},"holderGrowth":{"trend":"rising","change24h":8.2}}}
    Connector
  • Create or remove a bidirectional link between two notes. Required: action ('link'|'unlink'), source_note_id (integer), target_note_id (integer). Prefer wiki-link syntax [[id:Title]] in note bodies for inline linking — use this tool for programmatic links without modifying body text. Unlinking is destructive and cannot be undone.
    Connector
  • Generate a new internal API key credential for the current user. Returns `data` containing the issued key — store it securely and pass it to `tronsave_login` (`apiKey` mode) for internal-tool access. Side effect: issues secret material; not idempotent — each call mints a fresh key. If a previous key existed, treat it as rotated and stop using the old key once the new one is wired up. Requires a signature session and `mcp-session-id`. Sensitive output — never log raw keys; unauthorized sessions or policy checks may reject issuance.
    Connector
  • Compare two or more exact package names side by side using live npm or PyPI metadata. Use this when you already know the candidate packages and need evidence for claims such as 'tool A is newer', 'tool B is still maintained', or 'these packages use different licenses'. It returns per-package registry metadata in input order, with field availability varying by registry. Missing or unpublished packages return found=false. Do not use it to discover unknown alternatives, estimate market size, or compare packages across different registries. Registry responses are cached for 5 minutes.
    Connector
  • Generate a new internal API key credential for the current user. Returns `data` containing the issued key — store it securely and pass it to `tronsave_login` (`apiKey` mode) for internal-tool access. Side effect: issues secret material; not idempotent — each call mints a fresh key. If a previous key existed, treat it as rotated and stop using the old key once the new one is wired up. Requires a signature session and `mcp-session-id`. Sensitive output — never log raw keys; unauthorized sessions or policy checks may reject issuance.
    Connector
  • Deletes a deployment and its underlying app VM. Pass the numeric id from list_deployments. IMPORTANT: if the deployment used database:'managed', the managed Postgres VM is NOT deleted (data safety) — this tool returns its id so you can delete_database it when you're done with the data. Cannot be undone.
    Connector
  • List the credit packages available for purchase (id, name, credit amount, price in USD, and price per 1k credits). Use the returned package id with buy_credits.
    Connector
  • Perform a Linux package vulnerability audit using SecDB. ## What this tool does Analyzes the installed packages of a Linux system-identified by OS and OS version-and returns vulnerability information plus a Markdown summary. The audit results are based exclusively on the package list provided by the user. ## When to use this tool Use this tool when the user wants to determine: - whether installed packages contain known vulnerabilities - whether a host, VM, container, or base image is affected by security advisories - which packages require patching or upgrading If the user does not know the valid values for `os` or `version`, first call the `linux_os` tool to retrieve the exact supported combinations. ## Inputs - **os**: Linux distribution identifier supported by SecDB (use `linux_os` to obtain allowed values). - **version**: OS version or codename corresponding to the selected distribution. - **packages**: list of installed packages, **one per line**, generated using the appropriate system command: ### For RPM-based distributions (RHEL, CentOS, Rocky, Alma, SUSE) rpm -qa --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' ### For DEB-based distributions (Ubuntu, Debian) dpkg-query -W -f='${Package} ${Version} ${Architecture}\n' ### For Alpine Linux apk list -I The raw output of these commands can be passed directly as the `packages` input (one package per line). ... python3 3.12.3-0ubuntu2.1 amd64 systemd 255.4-1ubuntu8.10 amd64 tmux 3.4-1ubuntu0.1 amd64 ... ## Outputs - **report**: structured objects describing the advisories affecting the audited packages. - **summary**: Markdown summary including total vulnerabilities, severity breakdown, and key findings. ## LLM usage guidelines - Never guess whether a package is vulnerable-always call this tool for Linux audits. - If `os` or `version` is unclear or missing, call `linux_os` and ask the user to choose a valid combination. - Normalize the package list to “one entry per line” if the user provides unstructured output. - The `summary` is already Markdown and can be shown directly. - Use `report` when deeper technical analysis is required.
    Connector
  • Perform a software package vulnerability audit using SecDB. ## What this tool does Analyzes a list of software packages identified by PURL (Package URL) and returns vulnerability information plus a Markdown summary. The audit results are based exclusively on the package list provided. ## When to use this tool Use this tool when the user wants to determine: - whether application dependencies contain known vulnerabilities - whether a project is affected by security advisories - which packages require patching or upgrading ## Supported ecosystems - **npm** - Node.js packages (e.g. pkg:npm/lodash@4.17.21) - **maven** - Java/JVM packages (e.g. pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1) - **pypi** - Python packages (e.g. pkg:pypi/django@4.2.0) - **gem** - Ruby gems (e.g. pkg:gem/rails@7.0.0) - **cargo** - Rust crates (e.g. pkg:cargo/openssl-src@111.10) - **nuget** - .NET packages (e.g. pkg:nuget/Newtonsoft.Json@13.0.1) - **golang** - Go modules (e.g. pkg:golang/github.com/gin-gonic/gin@1.9.1) - **composer** - PHP packages (e.g. pkg:composer/symfony/symfony@6.4.0) ## Inputs - **purls**: list of Package URLs, one per entry. Generate them from your project manifest files: - Node.js: package.json / package-lock.json - Python: requirements.txt / Pipfile.lock / pyproject.toml - Ruby: Gemfile.lock - Go: go.mod / go.sum - Rust: Cargo.lock - PHP: composer.lock - Java: pom.xml / build.gradle - .NET: *.csproj / packages.lock.json ## Outputs - **report**: structured JSON objects describing the advisories affecting the audited packages. - **summary**: Markdown summary including total vulnerabilities, severity breakdown, and key findings. ## LLM usage guidelines - Never guess whether a package is vulnerable — always call this tool. - Only submit PURLs from the supported ecosystems listed above; others will be ignored. - The `summary` is already Markdown and can be shown directly. - Use `report` when deeper technical analysis is required.
    Connector
  • On-demand independent SAFETY scan of an MCP server — call this BEFORE installing or connecting to one. Give it an HTTP(S) MCP endpoint URL (scanned live in seconds), or an npm/PyPI package name or GitHub repo (queued for an isolated sandbox scan — local stdio servers execute code, so Hlido never runs them inline). Returns the safety tier (SAFE/CAUTION/RISKY/DANGEROUS), tool-poisoning detection (the malice signal), dangerous-capability red-flags (shell/code-eval/fs-write/egress/secrets) with per-tool evidence, and auth posture. Tier = blast radius if hijacked, not maintainer trustworthiness. A server Hlido hasn't scanned returns not_scanned — never assumed safe. Register of already-scanned servers: https://hlido.eu/mcp/
    Connector
  • Run the full email and DNS deliverability check for a domain: MX, SPF, DKIM, DMARC, DNS health, provider detection, and blacklists. Returns a letter grade (A to F), a 0 to 100 score, and every individual check with its RFC reference. Set include_smtp to also run a live SMTP probe of the mail servers: the probe is non-blocking, so when smtp_status is "pending" or "running" call this tool again (poll_after_seconds hints how long to wait) until smtp_status is "complete" and the SMTP checks appear in checks.
    Connector
  • Supply-chain GUARDRAIL for AI coding agents and CI pipelines: check whether a dependency (npm or PyPI) is on the DugganUSA malicious-package deny-list BEFORE you install it. This is the runtime defense against slopsquatting / HalluSquatting / hijacked-package attacks — an AI agent about to run `npm install` or `pip install`, or a CI pre-install hook, calls this FIRST and blocks on a hit. Returns a crisp, machine-actionable verdict: {ecosystem, package, version, malicious, verdict:"block"|"allow"|"review", reason, advice, source}. `malicious:true` = the exact package is on our OSV-curated deny-list (215k+ named-not-heuristic entries across npm + PyPI). `malicious:false` = not on our known-bad list — absence is NOT proof of safety, so still pin and review new deps. If a `version` is supplied and the entry is version-scoped, the check is version-aware; all-versions-malicious packages block on any version. Designed to be the easiest AI-supply-chain guardrail to wire in: one MCP tool call, no auth, in the agent's pre-install step. Same data is available for CI at /api/v1/stix-feed/packages.json. Examples: {"ecosystem":"npm","name":"cxp-jquery"} → malicious:true, verdict:block. {"ecosystem":"pypi","name":"requests"} → malicious:false, verdict:allow.
    Connector