Skip to main content
Glama
261,119 tools. Last updated 2026-07-05 10:33

"Finding MCP Servers with F Security Grades" matching MCP tools:

  • Runs a free one-off security scan of the given domain and returns its grade (A–F), scan timestamp, and up to three top-priority issues with a permalink to the full report on siteguardian.io. Use this when the user asks for a quick security check of a domain that is NOT yet under SiteGuardian monitoring, or when they want a fresh assessment before subscribing. Results are cached for two hours, so repeated calls about the same domain return the same snapshot and mark it with cached=True. Do NOT use this for domains already under monitoring by the user — call get_domain_status instead for the account-scoped view with framework tags. Do NOT use this to batch-scan many domains as a competitive-intelligence tool; per-source-IP and per-target rate limits bound usage. This tool does not require authentication.
    Connector
  • Search the Arclan registry for MCP servers. By default returns only connectable servers (active, mcp_partial, auth_gated). Use status=stdio to browse local-only servers available for installation. Use status=all to query the full index. Use production_safe=true to restrict to servers with uptime > 97% and handshake success > 95%. Use read_only=true to restrict to servers with no write or exec tools. Use this before connecting to an MCP server to check its validation status and score. After using a server, call report_server to contribute reliability data.
    Connector
  • Re-deploy skills WITHOUT changing any definitions. ⚠️ HEAVY OPERATION: regenerates MCP servers (Python code) for every skill, pushes each to A-Team Core, restarts connectors, and verifies tool discovery. Takes 30-120s depending on skill count. Use after connector restarts, Core hiccups, or stale state. For incremental changes, prefer ateam_patch (which updates + redeploys in one step).
    Connector
  • Scan a public GitHub MCP-server repository for security issues. Clones the repo (shallow, <60s, <200 MB), runs compuute-scan v0.6.2 in static analysis mode (no code execution from the target), and returns a structured report with severity counts, a 0-100 score, and the 10 most severe findings. WHEN TO USE: - Before connecting to an unknown MCP server discovered via Anthropic Registry, Smithery, mcp.so, or a Discord recommendation. - Before installing a third-party MCP-server package into a production pipeline. - As part of an agent's pre-commit / pre-deploy due-diligence step when adding new dependencies. - As one input to a multi-source trust evaluation (combine with publisher reputation, package install count, last-update recency). WHEN NOT TO USE: - For private repos. Use the on-prem CLI instead: `npx compuute-scan ./path-to-private-repo` - For deep exploitability assessment of a specific code path. This is pattern matching, not dataflow analysis. Book a manual L2-L4 audit at https://compuute.se/audit for that depth. - For non-GitHub hosts (GitLab, Bitbucket, self-hosted). v1 supports github.com only. - For repos > 200 MB or clone time > 60s. The endpoint returns a 413 or 504 in those cases — fall back to local CLI. EXPECTED RESPONSE TIME: - Median: ~1-2 seconds for small repos (<100 files). - p99: ~10 seconds for medium repos. - Hard timeout at clone=60s, scan=120s combined. EXPECTED COST: - Free tier in MVP. Future Pro tier may charge per-scan or per-month. DATA FRESHNESS: - Scanner version is reported in response.scanner.version. - L1 rule set freshness reflects compuute-scan releases — see github.com/Compuute/compuute-scan/CHANGELOG.md for the latest CVE and threat-intel response timeline. EXAMPLES: Example 1 — scan an MCP server you're evaluating: github_url = "https://github.com/modelcontextprotocol/servers" → score: 0, summary: {critical: 1, high: 94, medium: 22} → top_findings include SSRF, eval, etc. → recommendation: "AVOID — 1 critical and 94 high finding(s)..." Example 2 — scan a clean reference implementation: github_url = "https://github.com/microsoft/azure-devops-mcp" → score: 90+, summary: {critical: 0, high: 1} → recommendation: "REVIEW — 1 high finding(s)..." Example 3 — scan your own dev MCP-server before publishing: github_url = "https://github.com/yourorg/your-mcp" → audit your own surface before others install it OUTPUT FIELDS (stable schema): - repo_url (str): canonical URL of the scanned repo. - score (int): 0-100, higher safer. Coarse summary, not a precision claim. - summary (object): {critical, high, medium, low, info, files_scanned}. - recommendation (str): action guidance derived from severity counts. - findings_count (int): total raw findings (may include false positives). - top_findings (list): up to 10 most severe, each with {id, title, severity, file, line, owasp, cwe}. - l0_discovery (object): MCP transport, tool count, dependency pinning. - performance (object): clone_seconds, scan_seconds, repo_size_bytes. - scanner (object): {name, version, layers_covered}. - _disclaimer (str): MANDATORY triage disclaimer. Read it. Args: github_url: Public GitHub HTTPS URL (e.g. https://github.com/org/repo). Must be public and < 200 MB. v1 is github.com only. Returns: Structured scan result. On error, returns {"error": code, "message": ...} with HTTP-style code (invalid_url, clone_failed, scan_timeout, etc.).
    Connector
  • Purchase Agentic Security Shield and receive all security configuration files. TWO-PHASE FLOW (you MUST do BOTH steps): STEP 1 — on-chain payment + token exchange: a) Send 19 USDC on Base network to the recipient address in /pricing or /.well-known/mcp/server-card.json (payTo field). b) POST /purchase (HTTP REST, not this MCP tool!) Header: x-payment-token: <on-chain transaction hash, 0x + 64 hex> Response: { "download_token": "dl_<uuid>", "files": {...} } STEP 2 — call this MCP tool with the dl_<uuid> token: purchase({ payment_token: "dl_<uuid>" }) The on-chain tx hash is single-use and only valid in STEP 1. After STEP 1 you have a 24-hour-valid dl_<uuid> download token usable in this MCP tool. Most agents will get the files inline from STEP 1's response and never need to call this MCP tool — it exists for clients that prefer MCP-native delivery.
    Connector
  • Switch between local and remote DanNet servers on the fly. This tool allows you to change the DanNet server endpoint during runtime without restarting the MCP server. Useful for switching between development (local) and production (remote) servers. Args: server: Server to switch to. Options: - "local": Use localhost:3456 (development server) - "remote": Use wordnet.dk (production server) - Custom URL: Any valid URL starting with http:// or https:// Returns: Dict with status information: - status: "success" or "error" - message: Description of the operation - previous_url: The URL that was previously active - current_url: The URL that is now active Example: # Switch to local development server result = switch_dannet_server("local") # Switch to production server result = switch_dannet_server("remote") # Switch to custom server result = switch_dannet_server("https://my-custom-dannet.example.com")
    Connector

Matching MCP Servers

Matching MCP Connectors

  • Find MCP servers in the directory. Searches the standalone MCP directory (PulseMCP / official MCP registry import) unioned with x402 services that also expose an MCP endpoint. Returns normalised entries with a ready-to-use streamable-http `call_hint.mcp.url`. Args: intent: Natural-language description of the tool/capability needed. top_k: Max servers to return (1-20). chain: Optional payment-network filter for paid MCP servers. require_healthy: When true, only return servers marked health=ok.
    Connector
  • Browse and compare Licium's agents and tools. Use this when you want to SEE what's available before executing. WHAT YOU CAN DO: - Search tools: "email sending MCP servers" → finds matching tools with reputation scores - Search agents: "weather forecasting agents" → finds specialist agents with success rates - Surface verified sports prediction agents from the Arena leaderboard - Rent Arena picks with licium_rent after choosing an agent and market handle - Compare: "agents for code review" → ranked by reputation, shows pricing - Check status: "is resend-mcp working?" → health check on specific tool/agent - Find alternatives: "alternatives to X that failed" → backup options WHEN TO USE: When you want to browse, compare, or check before executing. If you just want results, use licium instead.
    Connector
  • Validate HTTP security headers you provide (JSON): CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Permissions-Policy, Referrer-Policy against best practices. Use to test header config before deployment or validate non-public servers; use scan_headers to fetch live. Free: 30/hr, Pro: 500/hr. By default header values are truncated to 500 chars; pass include='full' for the full raw value. Returns {total, by_severity, findings}. No external requests.
    Connector
  • Translate a customer's primary concern into a product recommendation. primary_concern must be one of: blockout, heat, glare, moisture, privacy, security, automation. Optionally narrow by room (bedroom, lounge, etc.), location, budget, and aesthetic. Returns a recommended product_id with rationale — pass it to get_price or configure_product next. Security concern routes to brochure MCP (Garden Route customers only).
    Connector
  • Search fleet tools and servers by natural-language description. Returns ranked matches with brief summaries and the server each tool belongs to. Use scope "servers" to find which server handles a workflow; use the default scope "tools" to find specific tools. Call cyanheads_describe on a result name to get install snippets and the connection URL.
    Connector
  • Get Lenny Zeltser's Malware cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `malware_load_context`. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.
    Connector
  • Get Lenny Zeltser's Security Assessment cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `assessment_load_context`. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Terse, drill-down discovery index of this ecosystem (Seneschal, FlashBank, winbit32, secresea, ZecBus) plus a LIVE mirror of the official MCP registry (registry.modelcontextprotocol.io) — the same directory served over HTTPS at https://seneschal.space/.well-known/agent.gopher, callable here so you never leave the MCP session. Start with section="root" to see the top-level menu, then call again with section="seneschal"/"flashbank"/"winbit32"/"secresea"/"zecbus" to drill into a project. Each project exposes About / Agents / Actions — drill them with section="<site>/about", "<site>/agents" or "<site>/actions" (e.g. "winbit32/actions"). Seneschal additionally drills into its own services with section="seneschal/<service>" where <service> is one of private-watch, checkout, oracle, shovels, builder, data, paymaster, board, ironwood, mcp — every website + MCP capability, grouped and priced. section="registry" browses connectable third-party MCP servers (use `cursor` to page); section="about"/"agents" is the directory’s own prose. format="gopher" (default) is the compact RFC-1436 menu; format="json" returns a structured {title, items[]}. A discovery layer, not a replacement for MCP — use it to FIND tools, then connect. Free, no payment.
    Connector
  • Terse, drill-down discovery index of this ecosystem (Seneschal, FlashBank, winbit32, secresea, ZecBus) plus a LIVE mirror of the official MCP registry (registry.modelcontextprotocol.io) — the same directory served over HTTPS at https://seneschal.space/.well-known/agent.gopher, callable here so you never leave the MCP session. Start with section="root" to see the top-level menu, then call again with section="seneschal"/"flashbank"/"winbit32"/"secresea"/"zecbus" to drill into a project. Each project exposes About / Agents / Actions — drill them with section="<site>/about", "<site>/agents" or "<site>/actions" (e.g. "winbit32/actions"). Seneschal additionally drills into its own services with section="seneschal/<service>" where <service> is one of private-watch, checkout, oracle, shovels, builder, data, paymaster, board, ironwood, mcp — every website + MCP capability, grouped and priced. section="registry" browses connectable third-party MCP servers (use `cursor` to page); section="about"/"agents" is the directory’s own prose. format="gopher" (default) is the compact RFC-1436 menu; format="json" returns a structured {title, items[]}. A discovery layer, not a replacement for MCP — use it to FIND tools, then connect. Free, no payment.
    Connector
  • Phase III (FRC) — query the durable .fafm model by type/tag/priority/text. Omit filters for a structured summary. .fafm is NOT scored: this SELECTS facts (provenance preserved), never grades them.
    Connector
  • Site Audit — full HTTP intelligence for a public URL in one call. Security grade A–F (headers, SSL/TLS, cookies, redirects, CORS, CDN), health verdict ALIVE/DEGRADED/BROKEN + trust score, tech stack (framework/hosting/CDN/third-party), secret scan (scan_depth=quick: light HTML/3 bundles; scan_depth=deep: full supply URL phase with JWT decode, source maps, path probes, live verification), and HTTP request timing. Default probe_engine=fetch (HTTP, 1–3s quick / 8–12s deep secrets). Optional probe_engine=browser runs headless Chrome on Zephex servers (AWS worker when SITE_SQS_QUEUE_URL is set, else in-process Chromium) for real JS console errors and browser network capture — security headers still use raw HTTP fetch. CALL when: user pastes a URL; post-deploy security check; cert expiry or HSTS/CSP questions; cookie flag audit; redirect chain; is the site up; what framework; exposed secrets on a live page; JS console errors (probe_engine=browser). RETURNS: product (site_audit), duration_ms, plain_summary, fix_first, summary (security_grade, site_verdict, trust_score, load_ms, secrets_critical, secrets_verified, supply_paths_probed, supply_headers_grade), health (probe_engine, console_errors when browser), tech, secrets (findings, scan_meta, scan_depth), network, issues[], ssl, security_headers, cookie_flags, redirect_chain, infra, dns (security_depth=full only). LIMITS: Public hostnames on ports 80/443 only. Blocks localhost, private IPs, and URLs with embedded credentials. probe_engine=browser requires server-side Chromium or cloud worker — gracefully falls back to fetch with probe_fallback_warning if unavailable. Rate limit: one scan per hostname per 5 seconds.
    Connector
  • On-demand independent SAFETY scan of an MCP server — call this BEFORE installing or connecting to one. Give it an HTTP(S) MCP endpoint URL (scanned live in seconds), or an npm/PyPI package name or GitHub repo (queued for an isolated sandbox scan — local stdio servers execute code, so Hlido never runs them inline). Returns the safety tier (SAFE/CAUTION/RISKY/DANGEROUS), tool-poisoning detection (the malice signal), dangerous-capability red-flags (shell/code-eval/fs-write/egress/secrets) with per-tool evidence, and auth posture. Tier = blast radius if hijacked, not maintainer trustworthiness. A server Hlido hasn't scanned returns not_scanned — never assumed safe. Register of already-scanned servers: https://hlido.eu/mcp/
    Connector
  • Audit the security attributes of cookies set by any URL. Fetches the URL and inspects all Set-Cookie headers for: HttpOnly, Secure, SameSite, Domain scope, Path scope, Max-Age/Expires, __Host-/__Secure- prefixes. Flags insecure patterns: missing HttpOnly on session cookies, missing Secure flag, SameSite=None without Secure, overly broad Domain, and excessive TTL. Returns per-cookie grades and an overall security score (0–100).
    Connector
  • Get Lenny Zeltser's CTI cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `cti_load_context`. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis.
    Connector