Skip to main content
Glama
259,901 tools. Last updated 2026-07-05 04:08

"Security testing and vulnerability assessment of MCP Server execution functions" matching MCP tools:

  • Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.
    Connector
  • Checks that the Strale API is reachable and the MCP server is running. Call this before a series of capability executions to verify connectivity, or when troubleshooting connection issues. Returns server status, version, tool count, capability count, solution count, and a timestamp. No API key required.
    Connector
  • Configure automatic top-up when balance drops below a threshold. The configuration lives ONLY in the current MCP session — it is held in memory by the MCP server process and is lost on server restart, MCP client reconnect, or server redeploy. Top-ups are signed locally with TRON_PRIVATE_KEY and sent to your Merx deposit address (memo-routed). For persistent auto-deposit you currently need to call this tool again at the start of each session.
    Connector
  • Connectivity check that confirms the Nordic MCP server process is responding. Use this at the start of a session to verify the server is reachable before making other calls. Do not use as a proxy for database health — the server can respond while the Qdrant vector database is temporarily unavailable. To confirm data availability, call search_filings directly. Returns: A greeting string: "Hello {name}! Nordic MCP server is running."
    Connector
  • Scan a public GitHub MCP-server repository for security issues. Clones the repo (shallow, <60s, <200 MB), runs compuute-scan v0.6.2 in static analysis mode (no code execution from the target), and returns a structured report with severity counts, a 0-100 score, and the 10 most severe findings. WHEN TO USE: - Before connecting to an unknown MCP server discovered via Anthropic Registry, Smithery, mcp.so, or a Discord recommendation. - Before installing a third-party MCP-server package into a production pipeline. - As part of an agent's pre-commit / pre-deploy due-diligence step when adding new dependencies. - As one input to a multi-source trust evaluation (combine with publisher reputation, package install count, last-update recency). WHEN NOT TO USE: - For private repos. Use the on-prem CLI instead: `npx compuute-scan ./path-to-private-repo` - For deep exploitability assessment of a specific code path. This is pattern matching, not dataflow analysis. Book a manual L2-L4 audit at https://compuute.se/audit for that depth. - For non-GitHub hosts (GitLab, Bitbucket, self-hosted). v1 supports github.com only. - For repos > 200 MB or clone time > 60s. The endpoint returns a 413 or 504 in those cases — fall back to local CLI. EXPECTED RESPONSE TIME: - Median: ~1-2 seconds for small repos (<100 files). - p99: ~10 seconds for medium repos. - Hard timeout at clone=60s, scan=120s combined. EXPECTED COST: - Free tier in MVP. Future Pro tier may charge per-scan or per-month. DATA FRESHNESS: - Scanner version is reported in response.scanner.version. - L1 rule set freshness reflects compuute-scan releases — see github.com/Compuute/compuute-scan/CHANGELOG.md for the latest CVE and threat-intel response timeline. EXAMPLES: Example 1 — scan an MCP server you're evaluating: github_url = "https://github.com/modelcontextprotocol/servers" → score: 0, summary: {critical: 1, high: 94, medium: 22} → top_findings include SSRF, eval, etc. → recommendation: "AVOID — 1 critical and 94 high finding(s)..." Example 2 — scan a clean reference implementation: github_url = "https://github.com/microsoft/azure-devops-mcp" → score: 90+, summary: {critical: 0, high: 1} → recommendation: "REVIEW — 1 high finding(s)..." Example 3 — scan your own dev MCP-server before publishing: github_url = "https://github.com/yourorg/your-mcp" → audit your own surface before others install it OUTPUT FIELDS (stable schema): - repo_url (str): canonical URL of the scanned repo. - score (int): 0-100, higher safer. Coarse summary, not a precision claim. - summary (object): {critical, high, medium, low, info, files_scanned}. - recommendation (str): action guidance derived from severity counts. - findings_count (int): total raw findings (may include false positives). - top_findings (list): up to 10 most severe, each with {id, title, severity, file, line, owasp, cwe}. - l0_discovery (object): MCP transport, tool count, dependency pinning. - performance (object): clone_seconds, scan_seconds, repo_size_bytes. - scanner (object): {name, version, layers_covered}. - _disclaimer (str): MANDATORY triage disclaimer. Read it. Args: github_url: Public GitHub HTTPS URL (e.g. https://github.com/org/repo). Must be public and < 200 MB. v1 is github.com only. Returns: Structured scan result. On error, returns {"error": code, "message": ...} with HTTP-style code (invalid_url, clone_failed, scan_timeout, etc.).
    Connector
  • Read comprehensive Butterbase documentation (local, no API calls). Available topics: - all: Complete documentation (default) - overview: Platform introduction and key features - mcp: MCP tool reference and examples - rest: HTTP data API (auto-generated REST endpoints) - auth: End-user authentication (OAuth, JWT) - storage: File upload/download with S3 - functions: Serverless functions (triggers, context) - frontend: Static frontend deployment (upload zip, deploy to live URL) - ai: AI model gateway (chat completions, BYOK, usage) - meetings: Meeting bots that join Zoom/Meet/Teams/Webex calls and return recordings + transcripts - billing: Your Butterbase plan, usage meters, app-level Stripe Connect (subscriptions and one-time payments) - platform: MCP over HTTP, /llms.txt, subdomains, suggestions, rate limits - regions: Choosing a region at app creation, moving apps between regions, discovering the live region list - schema: Schema DSL reference (types, indexes, constraints) - sdk: TypeScript SDK installation, client setup, query builder, auth, storage, functions - cli: CLI installation, commands for apps, schema, functions, storage, config - integrations: Third-party integrations (OAuth connect flow, tool execution, SDK, CLI) - substrate: Per-user memory + action coordination plane for AI agents (entities, decisions, attention rules, action ledger, outbox, ws stream, ctx.substrate inside functions) Example: Input: { topic: "auth" } Output: Full authentication documentation with OAuth setup, JWT handling, etc. Don't know the topic slug? Pass a freeform { query: "..." } instead and the tool returns the best-matching section plus an index of related topics: Input: { query: "how do I send email" } Output: Ranked topic index + the full text of the top-matching section. Use this to: - Learn Butterbase features and APIs - Get code examples for common tasks - Reference schema DSL syntax - Understand authentication flow - Learn about app monetization (subscriptions and one-time purchases) Note: This is a local documentation tool. No network requests are made. Idempotency: Safe to call anytime (read-only operation).
    Connector

Matching MCP Servers

Matching MCP Connectors

  • AI agents publish bounties for real-world tasks. Gasless USDC payments via x402.

  • Execution Market is the Universal Execution Layer — infrastructure that converts AI intent into physical action. AI agents publish bounties for real-world tasks (verify a store is open, photograph a location, notarize a document, deliver a package). Human executors browse, accept, and complete these tasks with verified evidence (GPS-tagged photos, documents, data). Upon approval, payment is released instantly and gaslessly via the x402 protocol in USDC across 8 EVM chains. Key cap

  • Purchase Agentic Security Shield and receive all security configuration files. TWO-PHASE FLOW (you MUST do BOTH steps): STEP 1 — on-chain payment + token exchange: a) Send 19 USDC on Base network to the recipient address in /pricing or /.well-known/mcp/server-card.json (payTo field). b) POST /purchase (HTTP REST, not this MCP tool!) Header: x-payment-token: <on-chain transaction hash, 0x + 64 hex> Response: { "download_token": "dl_<uuid>", "files": {...} } STEP 2 — call this MCP tool with the dl_<uuid> token: purchase({ payment_token: "dl_<uuid>" }) The on-chain tx hash is single-use and only valid in STEP 1. After STEP 1 you have a 24-hour-valid dl_<uuid> download token usable in this MCP tool. Most agents will get the files inline from STEP 1's response and never need to call this MCP tool — it exists for clients that prefer MCP-native delivery.
    Connector
  • Load Lenny Zeltser's product strategy context for local analysis. Returns expert strategic frameworks, principles, and guidance for evaluating or creating security product plans. Includes rating-sheet items (the lens taxonomy: structure, words, tone) as concrete reference points for grounded feedback on the plan's writing. This server never requests your plans and instructs your AI to keep them local. Use detail_level to control response size: "minimal" (~2k tokens), "standard" (~5k tokens), "compact" (~3-4k tokens, all sections but stripped), or "comprehensive" (~12k tokens). Use market_segment: "smb" for SMB-specific guidance. Use product_focus: "endpoint" for endpoint security viability assessment. Set include_template: true to include the fill-in-the-blank template in the response.
    Connector
  • Check server connectivity, authentication status, and database size. When to use: First tool call to verify MCP connection and auth state before collection operations. Examples: - `status()` - check if server is operational, see quote_count, and current auth state
    Connector
  • Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.
    Connector
  • Returns VoiceFlip MCP server health and version metadata. No authentication required. Use this first to verify the server is reachable from your MCP client.
    Connector
  • Translate a customer's primary concern into a product recommendation. primary_concern must be one of: blockout, heat, glare, moisture, privacy, security, automation. Optionally narrow by room (bedroom, lounge, etc.), location, budget, and aesthetic. Returns a recommended product_id with rationale — pass it to get_price or configure_product next. Security concern routes to brochure MCP (Garden Route customers only).
    Connector
  • Generate realistic mock data from a JSON Schema. Supports all common types (string, number, integer, boolean, array, object, null), format hints (email, date, date-time, uri, uuid), enum, const, and nested schemas. Perfect for testing MCP tools with realistic data.
    Connector
  • Get Lenny Zeltser's Malware cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `malware_load_context`. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.
    Connector
  • Get Lenny Zeltser's expert criteria for reviewing an existing security assessment report or brief. Surfaces the 17 info-assessment review items across five groups (Key Takeaways, Assessment Scope, Prioritized Findings, Remediation Suggestions, Assessment Methodology), cross-cutting criteria, the risk-adjusted severity model, anti-patterns, and a pointer to rating_score_writing for a numeric score. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Get Lenny Zeltser's Security Assessment one-page executive brief template. Standalone variant of `assessment_get_template` for callers that only want the brief without the long-form report. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Get Lenny Zeltser's Security Assessment cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `assessment_load_context`. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
    Connector
  • Return a short, human-readable walkthrough for testing this server: the endpoint, the tool/prompt/resource names, and ready-to-paste sample prompts. Use to give someone a guided demo. For the full machine-readable capability catalog, use list_capabilities instead.
    Connector