Skip to main content
Glama
197,971 tools. Last updated 2026-06-13 01:49

"TOML" matching MCP tools:

  • inspect_security_headers

    Ground Truth - First Tool Call

    Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.
    Connector

  • check_endpoint

    Ground Truth - First Tool Call

    Perform one live, unauthenticated fetch against a public URL or API endpoint before you recommend it, document it, or build on top of it. Use this when the question is simply whether an endpoint currently responds and what kind of response it returns. It reports HTTP status, content type, elapsed time, likely auth/rate-limit signals, and a short response sample. A successful result only proves basic reachability at fetch time. Do not use it to validate authenticated flows, POST side effects, JavaScript execution, or deeper business logic.
    Connector

  • check_pricing

    Ground Truth - First Tool Call

    Fetch a public pricing page and extract first-pass pricing signals before you quote plan costs, free tiers, or plan names. Use this when you already have a likely pricing URL and need a quick live scan of visible page text. It returns price-like strings, heuristic plan labels, free or free-trial signals, and cache information. It does not map prices to exact plans, normalize currencies, execute checkout flows, or guarantee that a price applies to a specific region or customer type. JavaScript-rendered, logged-in, or heavily obfuscated pricing details can be missed. Results are cached for 5 minutes.
    Connector

  • test_hypothesis

    Ground Truth - First Tool Call

    Run a small verification plan made of concrete live checks and summarize whether a hypothesis is supported. Use this when one conclusion depends on multiple simple checks such as endpoint reachability, npm search counts, or whether a page contains an exact substring. This is a coordination tool, not an open-ended research agent: every test must be explicitly defined in advance, and tests run in order with no branching or early exit. The final verdict is mechanical: all tests passing => SUPPORTED, zero passing => REFUTED, otherwise PARTIALLY SUPPORTED. Use verify_claim when you already have evidence URLs, estimate_market for category sizing, and compare_competitors when you already know exact package names.
    Connector

  • estimate_market

    Ground Truth - First Tool Call

    Search npm or PyPI to estimate how crowded a package category is before you claim that a market is empty, niche, or competitive. Use this when you have a category or search phrase such as 'edge orm' and want live result counts plus representative matches. Do not use it to compare exact known package names or to infer adoption from downloads; it reflects search results, not market share. Registry responses are cached for 5 minutes.
    Connector

  • verify_claim

    Ground Truth - First Tool Call

    Check whether a factual claim is supported by a specific set of public evidence URLs that you already have. For each source, the tool performs a case-insensitive keyword match over the fetched page body, then marks that source as supporting the claim when at least half of the supplied keywords appear. Use this for evidence-backed claim checks on known pages, not for open-ended search, semantic reasoning, or contradiction extraction. The aggregate verdict is driven only by the per-page keyword support ratio. Fetched pages are cached for 5 minutes.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • frontend_security_audit_ci_pipeline

    DataNexus MCP

    Scan GitHub Actions, Vercel, or Netlify CI configs for exposed secrets, missing lockfile enforcement, and unpinned dependencies. Paste your config content — no filesystem access required. config: Raw YAML/TOML content of your CI config. Required. 500 KB max. config_type: github_actions (full check suite), vercel, or netlify (secrets only in Sprint 8). Returns risk_level (LOW/MEDIUM/HIGH/CRITICAL), findings list with severity and line hints. NOTE: ${{ secrets.FOO }} and ${{ env.FOO }} references are NOT flagged — only literal secret values. Read-only. No side effects. Idempotent. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="frontend_security_audit_ci_pipeline", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".
    Connector

  • compare_competitors

    Ground Truth - First Tool Call

    Compare two or more exact package names side by side using live npm or PyPI metadata. Use this when you already know the candidate packages and need evidence for claims such as 'tool A is newer', 'tool B is still maintained', or 'these packages use different licenses'. It returns per-package registry metadata in input order, with field availability varying by registry. Missing or unpublished packages return found=false. Do not use it to discover unknown alternatives, estimate market size, or compare packages across different registries. Registry responses are cached for 5 minutes.
    Connector

  • list_resources

    Ground Truth - First Tool Call

    List all available Ground Truth tools and their access tiers. Zero-cost schema discovery. Call this to explore what verification tools are available before making a tool call. No quota consumption, no API key required.
    Connector

  • create_monitor

    Ground Truth - First Tool Call

    Create a persistent monitor that tracks a URL, pricing page, package version, endpoint status, vendor claim, or custom keyword pattern over time. Monitors run automatically on their configured schedule (hourly/daily/weekly) via the Cloudflare cron trigger, or on demand with run_monitor_now. Results are stored in the Durable Object SQLite database. Requires a team API key.
    Connector

  • run_monitor_now

    Ground Truth - First Tool Call

    Immediately run a monitor's verification check outside its normal schedule. Records the result and returns whether the observed value changed since the last run. Counts against your monthly quota. Requires a team API key.
    Connector

  • assets.list

    AI Design Blueprint Doctrine

    Public — list downloadable doctrine and agent asset artifacts (skill packs, rule packs, MCP setup snippets) the user can drop into their AI coding tool to import the Blueprint as native skill/rule files. Returns a list of assets with name, format (one of: zip / md / markdown / mdc / json / toml / text — the full vocabulary), pack_version, download_url, and platform target (Claude Code, Cursor, Codex, Gemini, Qwen). The response also carries `count` (length of `assets`) for symmetry with principles.list / clusters.list / guides.list. WHEN TO CALL: the user asks how to bring the Blueprint into their coding agent, or wants to install it as a local skill/rule file. WHEN NOT TO CALL: for the live MCP tools themselves — those are already available through this server. For doctrine content, prefer principles.list/get and guides.list/get. BEHAVIOR: read-only, idempotent, no auth required. Asset artefacts are regenerated on every deploy from the canonical doctrine.
    Connector

  • assess_compliance_posture

    Ground Truth - First Tool Call

    Scan a public security, trust, compliance, or legal page for common enterprise buying signals before you claim a vendor supports a particular compliance posture. It looks for public references to SOC 2, ISO 27001, GDPR, HIPAA, DPA terms, subprocessors, SSO, SCIM, encryption, and data residency language. This is a signal scanner, not proof of certification or legal sufficiency.
    Connector

  • is-broker-scam-tool

    broker-safety

    Retrieves information to determine whether a broker is legitimate or a scam. This tool can look up brokers using either their company name or website URL. It returns verification data, scam reports, regulatory status, and trustworthiness indicators to help assess the broker's credibility. Use this tool when users ask about broker reliability, safety, legitimacy, or want to verify if a specific broker is trustworthy before investing or trading.
    Connector

  • send-signing-request-tool

    ClearPolicy

    Send a document to one or more people to sign or acknowledge. Use this when a user wants their team or contacts to sign a policy, agreement, or compliance document.
    Connector

  • assets.list

    AI Design Blueprint

    Public — list downloadable doctrine and agent asset artifacts (skill packs, rule packs, MCP setup snippets) the user can drop into their AI coding tool to import the Blueprint as native skill/rule files. Returns a list of assets with name, format (one of: zip / md / markdown / mdc / json / toml / text — the full vocabulary), pack_version, download_url, and platform target (Claude Code, Cursor, Codex, Gemini, Qwen). The response also carries `count` (length of `assets`) for symmetry with principles.list / clusters.list / guides.list. WHEN TO CALL: the user asks how to bring the Blueprint into their coding agent, or wants to install it as a local skill/rule file. WHEN NOT TO CALL: for the live MCP tools themselves — those are already available through this server. For doctrine content, prefer principles.list/get and guides.list/get. BEHAVIOR: read-only, idempotent, no auth required. Asset artefacts are regenerated on every deploy from the canonical doctrine.
    Connector

  • create-deposit-tool

    copyright01

    Create a new copyright deposit. Supported types: text, website, youtube, social, github. For text deposits, provide content_text. For other types, provide website_url. Returns the deposit details with certificate verification code.
    Connector