Skip to main content
Glama
133,956 tools. Last updated 2026-05-25 17:54

"OWASP Dependency-Check" matching MCP tools:

  • get_balance

    Unphurl

    Check your pipeline check credit balance. Shows credits remaining, total purchased, total used, and lifetime free lookups count. Credits are consumed only when unknown domains run through the full analysis pipeline. Known domains (Tranco Top 100K) and cached domains (previously analysed by any Unphurl customer) are always free. If credits_remaining is 0, you can still check known and cached domains for free. To check unknown domains, purchase more credits using the "purchase" tool.
    Connector

  • scan_skill

    SecurityScan

    Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")
    Connector

  • dependency_vulnerability_scan

    gapup-mcp

    SCA (Software Composition Analysis) — scans a project dependency manifest and returns known vulnerabilities for each dependency. Supports: package.json (npm), requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), composer.json (PHP), Gemfile.lock (Ruby), CycloneDX SBOM JSON. PRIMARY source: OSV.dev (keyless, free, covers npm/PyPI/Go/crates.io/Packagist/RubyGems + GHSA advisories federated). CVSS enrichment: NVD NIST (when OSV lacks score). Exploitation flag: CISA KEV (known-exploited-vulnerabilities catalog). Returns per-vuln CVE/GHSA IDs, severity, CVSS score, fixed version, and actionable upgrade recommendations. Relevant for EU NIS2 supply chain risk obligations, DORA, SOC 2 vendor assessments. Cache TTL 6h. Parallel OSV queries (concurrency=10). SLA <=30s p95.
    Connector

  • aidefense_locate_concept

    website-search

    Reverse-lookup a single concept ID (MITRE ATLAS technique like 'AML.T0051', OWASP LLM Top 10 risk like 'LLM01', OWASP Agentic Top 10 issue like 'ASI03', or ISO 42001 Annex A clause like 'A.6') across the AI Defense Matrix. Returns which framework the concept belongs to, the asset rows whose alignment cites it, the cells whose evaluation cellPrompts cite it, and those prompts themselves. Useful when a vendor's product is defined by a specific technique ('we defend AML.T0051') and they need to find which matrix cells to claim. Recognizes only concepts with structured IDs; for prose-only frameworks (NIST IR 8596, CSA AICM, Google SAIF, OWASP AI Exchange) use aidefense_get_framework_alignment instead. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis.
    Connector

  • ping

    mcp

    Check if the API is responding. Returns status and server timestamp.
    Connector

  • check_package

    Hextrap MCP

    Check if a package is allowed by a hextrap firewall and verify it is not a suspected typosquat. Call this BEFORE suggesting any npm, PyPI, or Go dependency to ensure it meets security policy.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • dependencyoracle

    DependencyOracle - 10 ICT dependency tools: SBOM, supply chain, third-party graph.

  • Inbox Placement Test

    Programmatic email deliverability testing for AI agents. Create inbox placement tests across Gmail, Outlook, Yahoo, Mail.ru, Yandex — get per-provider placement (Inbox/Spam/Promotions), SPF/DKIM/DMARC auth, Rspamd & SpamAssassin verdicts, DNS health, and live SSE results.

  • audit_github_repo

    Commit — Supply Chain Risk Scoring

    Audit the supply chain risk of a GitHub repository's dependencies. Fetches the repo's package.json and/or requirements.txt from GitHub and runs behavioral commitment scoring on every dependency. This is the fastest way to audit a project — just provide the GitHub URL or owner/repo slug, and get a full risk table in seconds. Risk flags: - CRITICAL: single publisher/maintainer/owner + >10M weekly downloads (publish-access concentration risk) - HIGH: sole publisher/maintainer + >1M/wk downloads, OR new package (<1yr) with high adoption - WARN: no release in 12+ months (potential abandonware) Examples: - "vercel/next.js" — audit Next.js dependencies - "https://github.com/langchain-ai/langchainjs" — audit LangChain JS - "facebook/react" — audit React's dependency tree - "anthropics/anthropic-sdk-python" — audit Anthropic Python SDK Use this when someone asks "is my project at risk?" or "audit this repo's dependencies".
    Connector

  • check_dependencies

    ContrastAPI

    Audit project dependencies (npm/PyPI/Maven/RubyGems/etc.) against CVE database: find known vulnerabilities in your package list. Bulk query up to 50 packages per call (same for Free and Pro). Use for dependency security scanning; use cve_lookup for single CVE. Free: 30/hr (1 per package), Pro: 500/hr. Returns {findings, total, by_severity, summary}. Each finding includes fixed_in (first patched version per NVD/MITRE version range) when a version range matched — omitted from wire when the range is open-ended or no input version was supplied; remediation copy then says 'Check if ... is affected ... and upgrade if so' instead of 'Upgrade to X.Y.Z or later'.
    Connector

  • get_dependency_chain

    Bidda Sovereign Intelligence

    Walk the prerequisite chain for a compliance node. Given one node, returns its full dependency tree (the prior obligations an agent must satisfy before this one applies). Use this to plan a complete compliance posture: unlocking one node usually requires understanding 3-8 upstream nodes. Defaults to depth 2; max 4.
    Connector

  • check_availability

    outdoorithm

    Check real-time campground availability for specific dates. Queries the camply-service to check live campsite availability against reservation systems. Supports 30+ providers including RecreationDotGov, ReserveCalifornia, state parks, and county parks. Args: campground_id: Campground CUID (e.g., "ReserveCalifornia:uuid:725") start_date: Check-in date in YYYY-MM-DD format end_date: Check-out date in YYYY-MM-DD format min_nights: Minimum consecutive nights required (1-7, default 1)
    Connector

  • tf_service_status

    terminalfeed

    Fetches operational status of major dev infrastructure (GitHub, Cloudflare, Discord, OpenAI, Vercel, npm, Reddit, Atlassian, Anthropic). Cache TTL 60s. Use when the agent needs to know if a dependency is up or to explain a recent outage.
    Connector

  • get_npm_package

    developer-tools-mcp-server

    Look up Node.js package information from NPM registry. Returns latest version, download statistics (weekly/monthly), dependency list, package description, license, and GitHub link. Use for evaluating JavaScript libraries, checking maintenance status, or reviewing package popularity.
    Connector

  • fixatum_status

    Hedera Toolbox

    Check Fixatum registration status for a Hedera account. Returns DID if registered, live score, and whether provenance is actively building. Free. Use before fixatum_register to check if already registered.
    Connector

  • aidefense_get_framework_alignment

    website-search

    Get AI Defense Matrix cross-mappings to eight external frameworks: NIST IR 8596, CSA AI Controls Matrix, ISO 42001, Google SAIF, MITRE ATLAS, OWASP AI Exchange, OWASP LLM Top 10, OWASP Agentic Security Top 10. Each row maps an AI asset class to how that framework applies. Each returned framework also carries a 'concepts' array of the structured IDs (MITRE ATLAS techniques, OWASP risks, ISO clauses) the matrix references for it. Supports a 'buyer' archetype shortcut to scope to the frameworks a particular buyer will care about. Use to translate between framework vocabularies. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis.
    Connector

  • lexicon.monitor.outage

    Lexicon

    Detects live infrastructure outages for a vendor or query. Returns outage status, financial impact, SLA breach risk, monetary loss estimate, refund eligibility, and hidden dependency maps.
    Connector

  • getRecommendedComponentVersions

    dependency-management-mcp-server

    Returns top dependency version recommendations ranked by Developer Trust Score with security, licensing, and quality analysis. Developer Trust Score is a measure of quality, security, licensing, and maintainability. Use this when selecting a new component to add to a project (without version) or when upgrading an existing component (with version). Dependencies can be referred to as packages, components or libraries. They can be transitive (brought in by other dependencies) or direct (explicitly added to the project).
    Connector