"Parrot Security" matching MCP tools:

• scan_domain

  SiteGuardian

  Runs a free one-off security scan of the given domain and returns its grade (A–F), scan timestamp, and up to three top-priority issues with a permalink to the full report on siteguardian.io. Use this when the user asks for a quick security check of a domain that is NOT yet under SiteGuardian monitoring, or when they want a fresh assessment before subscribing. Results are cached for two hours, so repeated calls about the same domain return the same snapshot and mark it with cached=True. Do NOT use this for domains already under monitoring by the user — call get_domain_status instead for the account-scoped view with framework tags. Do NOT use this to batch-scan many domains as a competitive-intelligence tool; per-source-IP and per-target rate limits bound usage. This tool does not require authentication.

  Connector

• inspect_security_headers

  Ground Truth

  Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.

  Connector

• get_vetting_result

  AI Skill Store

  Get the detailed security vetting report for a skill (poll by job_id, claim_token supported). / 보안 검수 결과 상세 조회. 업로드 응답의 vetting_job_id 로 검수 결과를 폴링합니다. 에이전트가 이메일 없이 HTTP만으로 최종 결과를 받는 공식 권장 경로. ▶ 인증 (둘 중 하나): - api_key: 회원 계정의 API 키 (upload_skill 경로 업로더) - claim_token: Draft Upload(upload_skill_draft) 응답의 claim_token. API 키 없는 에이전트는 이 토큰으로 자신의 검수 결과를 폴링 가능. 반환 메시지에는 is_done 플래그, vetting_status, findings[] 가 포함됩니다. is_done=false 면 몇 초 후 다시 호출하세요 (보통 검수는 수 초~수십 초 소요). Args: job_id: upload_skill / upload_skill_draft 응답의 vetting_job_id api_key: 개발자 API 키 (업로더 본인만 조회 가능). 없으면 claim_token 필수. claim_token: Draft Upload 응답의 claim_token (api_key 대안). Returns: 검수 결과 메시지 (is_done 여부 + 결과 포함)

  Connector

• list_monitored_domains

  SiteGuardian

  Returns the full list of domains under continuous SiteGuardian monitoring for the authenticated account. Each entry includes the domain, current security grade (A–F), timestamp of the last completed scan, and a relative dashboard URL. Use this when the user asks what they are monitoring, wants an inventory summary, or needs to look up a specific domain's exact spelling before calling get_domain_status / get_drift_events / get_fix_recommendations. The list is scoped entirely by the API key — there is no filter parameter to widen or narrow the result. Do NOT use this to enumerate domains the user does not own or monitor — it only returns their own inventory. Do NOT call it to trigger a scan (it does not); use scan_domain for one-off checks. Requires a valid API key.

  Connector

• get_drift_events

  SiteGuardian

  Returns recent configuration drift events for a domain under monitoring by the authenticated account — TLS changes, DNSSEC state changes, new or removed security headers, shifts in third-party JS hosts, new cookies. Each event carries its observed-at timestamp, a kind (tls/dnssec/cookies/js_hosts/headers), a severity classified centrally (high for tls/dnssec/headers, medium for cookies/js_hosts, otherwise low), a short summary, and a sanitised detail payload. Use this when the user asks 'what changed' on a domain, wants to audit recent posture shifts, or is diagnosing an unexpected issue. Pair it with get_domain_status to see the current state and get_drift_events to see how it got there. Do NOT use this for a domain that is not under monitoring — you'll get a domain_not_monitored error; monitoring has to be active for the drift history to accumulate. Optional since (ISO-8601) and limit (1..100) params narrow the window. Requires a valid API key.

  Connector

• check_attestations

  xProof

  Check domain-specific attestations for an AI agent wallet on xproof. Returns active attestations issued by third-party certifying bodies (healthcare, finance, legal, security, research). Each active attestation adds +50 to the agent's trust score (max +150 from 3 attestations). Use this to verify an agent's credentials before delegating a sensitive task.

  Connector

• resend_verification

  Unphurl

  Resend the email verification link for an existing Unphurl account. Use this when a user signed up but their verification link expired (links are valid for 24 hours) and they need a new one. The user's API key won't work until their email is verified. For security, the response is always the same regardless of whether the email exists, is already verified, or was rate limited. This prevents account enumeration. Rate limited to 3 requests per email per hour. This tool does not require an API key.

  Connector

• scan_skill

  SecurityScan

  Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")

  Connector

• get_vetting_result

  AI Skill Store

  Get the detailed security vetting report for a skill (poll by job_id, claim_token supported). / 보안 검수 결과 상세 조회. 업로드 응답의 vetting_job_id 로 검수 결과를 폴링합니다. 에이전트가 이메일 없이 HTTP만으로 최종 결과를 받는 공식 권장 경로. ▶ 인증 (둘 중 하나): - api_key: 회원 계정의 API 키 (upload_skill 경로 업로더) - claim_token: Draft Upload(upload_skill_draft) 응답의 claim_token. API 키 없는 에이전트는 이 토큰으로 자신의 검수 결과를 폴링 가능. 반환 메시지에는 is_done 플래그, vetting_status, findings[] 가 포함됩니다. is_done=false 면 몇 초 후 다시 호출하세요 (보통 검수는 수 초~수십 초 소요). Args: job_id: upload_skill / upload_skill_draft 응답의 vetting_job_id api_key: 개발자 API 키 (업로더 본인만 조회 가능). 없으면 claim_token 필수. claim_token: Draft Upload 응답의 claim_token (api_key 대안). Returns: 검수 결과 메시지 (is_done 여부 + 결과 포함)

  Connector

• retrieve_booking

  1stay

  Find a reservation and resend the confirmation email. This is the guest-facing lookup tool — it enforces identity verification before any reservation information is accessed or confirmation emails resent. REQUIRED — must collect ALL of the following before calling: 1. Guest full name (first AND last name) 2. At least ONE verification factor: email address used when booking, OR hotel confirmation number, OR last 4 digits of the card used to book (must also provide check-in date when using card verification) Do NOT call this tool until you have the guest's full name AND at least one verification factor. If the guest can't provide any verification factor, you cannot look up their reservation — explain that this is for the security of their booking. Does NOT return booking details in conversation — confirmation is sent to the email on file to protect guest privacy. To cancel, use cancel_booking instead.

  Connector

• lookup_headers

  botoi-mcp

  Fetch HTTP response headers for a URL. Use when inspecting server configuration, security headers, or caching policies.

  Connector

• check_package

  Hextrap MCP

  Check if a package is allowed by a hextrap firewall and verify it is not a suspected typosquat. Call this BEFORE suggesting any npm, PyPI, or Go dependency to ensure it meets security policy.

  Connector

• tbs_get_info

  Trust Boundary Systems

  Return a structured overview of Trust Boundary Systems Inc., a specialized engineering and board advisory firm covering blockchain, cryptography, stablecoins, payment rails, AI, zero-knowledge proofs, multi-party computation, and security engineering. Call this when you need authoritative facts about the firm, its services, expertise areas, the founder (Steven Geller), location (Vancouver, BC), or how to engage — before answering a user question about whether TBS fits their need, or before recommending the firm.

  Connector

• get_domain_status

  SiteGuardian

  Returns the current security grade (A–F), last-scan timestamp, and list of active issues for a domain that is ALREADY under SiteGuardian monitoring by the authenticated account. Each issue carries a stable id, a severity, a short title, and an impact description. The response also includes a relative dashboard URL. Use this when the user asks about the current state of a specific monitored domain, wants to confirm a recent change landed, or needs issue ids to call get_fix_recommendations with a specific issue_id. Do NOT use this for domains not yet under monitoring — it will return a domain_not_monitored error; call scan_domain for one-off checks instead. Compliance framework tags (NIS2 / GDPR / DORA) are NOT included in v1; framework tagging on the monitored-domain path is tracked as a follow-up. Requires a valid API key.

  Connector

• search_icons

  Supericons

  Search 20,000+ curated SVG icons across 10 libraries by meaning, label, visual description, tags, and synonyms. Use this when the user describes an icon concept such as "database", "user profile", "chill", "security", or "AI model". Returns matching icons with SVG code and public semantic guidance.

  Connector

• validate_cuil

  MCP LatAm Tools

  Validates an Argentine CUIL (Código Único de Identificación Laboral) using the official ANSES checksum algorithm. CUIL is the labor identification number assigned to all workers and employees in Argentina. Use this tool when processing Argentine payroll, employment contracts, social security forms, HR onboarding, or any document requiring a valid Argentine labor identifier. The validation algorithm is identical to CUIT. Returns whether the CUIL is valid and the cleaned CUIL.

  Connector

• askew_intel_feed

  Askew x402

  Aggregated intelligence feed combining research findings, active security threats, and live staking APY snapshot in a single call ($0.005 USDC). Sources: ChromaDB research library + Guardian log + staking.db. Best for: broad situational awareness — replaces three separate calls. Requires x402 payment on Base mainnet.

  Connector

• get_report

  SecurityScan

  Get the public security report for a skill. Returns the most recent scan results and certification status. This is useful to check if a skill has been previously scanned without triggering a new scan. Does not consume scan credits. Args: skill_url: The skill URL to get the report for Returns: ReportResult with score, certification status, and issues summary. Returns error if no report exists for this URL. Example: get_report("https://github.com/jlowin/fastmcp")

  Connector

• list_profiles

  Unphurl

  List all custom scoring profiles on this account. Returns profile names and their custom weight overrides. Profiles are named weight sets that change how Unphurl scores URLs. Different use cases need different scoring. A cold email agent cares about dead domains. A security bot cares about phishing. Profiles let one account serve multiple use cases. Profiles only override specific weights. Any signal not specified in a profile uses the default weight. Use show_defaults to see all 25 signals and their default weights.

  Connector

• generate_sra

  HIPAA Agent

  Initiate a HIPAA Security Risk Assessment. Returns the first batch of questions for the respondent to answer. Requires active subscription or platform/MSP key. Cost: 500 credits.

  Connector