"Understanding Reverse Processes or Reverse Engineering" matching MCP tools:

• d3fend_defense_for_attack

  ContrastAPI

  Reverse lookup: given an ATT&CK T-code, return D3FEND defenses that mitigate it. This is the bridge from offensive intelligence (ATT&CK / ATLAS / CVE) to defensive playbook. Pair with cve_lookup or atlas_technique_lookup output — when those carry an ATT&CK id, call this tool to surface the mitigations. `defenses` is capped at `limit` (default 30) for token efficiency; `total` is the honest pre-truncation count and `truncated=true` flags when the cap was hit. `coverage_by_tactic` always aggregates the FULL set, not the slice. Default response is SLIM (drops `uri` from each row); pass include='full' for the verbose record. Pass exclude_id when drilling from d3fend_defense_lookup to skip self in the 'see also' list. Returns 200 with empty defenses list when the T-code has no D3FEND mapping (the gap is itself a signal). Free: 30/hr, Pro: 500/hr. Returns {attack_technique_id, total, truncated, defenses [{defense_id, label, uri (only when include=full), parent_label, tactic, artifact, attack_label, attack_tactic}], coverage_by_tactic, next_calls}.

  Connector

• openstreetmap_query_nearby

  openstreetmap-mcp-server

  Find OSM features within a radius around a geographic point via the Overpass API. The primary tool for "what's near X?" spatial queries. Use amenity for common POI types (hospital, pharmacy, restaurant, cafe, school, atm, etc.) or tag_key + tag_value for other OSM categories (leisure=park, shop=supermarket, natural=peak). Exactly one of amenity or tag_key/tag_value must be provided. Results include all element types specified (nodes cover standalone POIs, ways cover buildings and areas), each with its full OSM tag set, sorted nearest-first by distance_meters from the center point. The extratags flag is not needed here — it applies only to the Nominatim-backed geocode/reverse/lookup tools.

  Connector

• banks_using_correspondent

  banking-intelligence

  Reverse SSI lookup — find banks that use a given correspondent for a currency. Given a correspondent BIC, currency, and origin country, returns the banks in that country that have a declared nostro at the correspondent for that currency. Inverse of ssi_lookup. Returns only swift + name per bank — to retrieve the account number, intermediary chain, or other SSI details for a specific bank from the result list, call ssi_lookup(bank_swift, currency) on it. Country and currency are required (not optional) — both bound the result set and the query is rejected without them. Requires an API key with an active PRO, VIP, or FI subscription. Tight per-account daily caps apply (5/day on PRO, 10/day on VIP/FI/trial). Args: correspondent_swift: BIC of the correspondent bank (e.g. "IRVTUS3N"). currency: ISO 4217 (e.g. "USD"). country: ISO 3166-1 alpha-2 of the client banks (e.g. "AE"). name_prefix: Optional prefix on bank name (e.g. "AL"). page: 1–4. Defaults to 1. api_key: Your Ohmyfin API key (prod-...). Can also be passed via KEY header or Authorization: Bearer header. Examples: banks_using_correspondent("IRVTUS3N", "USD", "AE") banks_using_correspondent("CITIUS33", "USD", "SA", name_prefix="AL")

  Connector

• emem_edges_recall

  emem — Earth memory protocol

  Read temporal knowledge-graph edges (subj --pred--> obj, valid over [valid_from, valid_to)), bi-temporally filtered, in EITHER direction. Forward (`subj`, direction="out", the default): edges originating at a subject fact. Reverse (`obj`, direction="in"): edges pointing AT a fact — what disagrees-with / supersedes / relates-to it. Returns a signed list of edges plus the distinct neighbour fact CIDs (`objs` for out, `subjs` for in); the receipt commits the returned edge CIDs into its signature preimage. When to use: Call this to read the typed CONNECTIONS of a fact — what disagrees with it, what superseded it, what relates to it — as of a point in time. A plain recall gives you the fact; this gives you how that fact links to others in the memory graph. Ask it when the user says 'what is this related to', 'what replaced this observation', 'why is this value contested', or 'what did this place's relations look like as of date X'. Pick a direction: set `subj` (direction="out") to ask 'what does this fact point at'; set `obj` (direction="in") to ask the REVERSE — 'what disagrees-with / supersedes / points-at this fact'. Set exactly one of subj/obj — an ambiguous or empty request errors honestly rather than returning a silent empty. Pass `as_of_tslot` to get the latest edge per neighbour whose valid interval covers that moment (newer edges shadow older — nothing is deleted); pass `pred` (e.g. `disagrees_with`, `supersedes`) to filter, or omit it (empty string) for every predicate. Tip: a quicker way to get a fact + its outbound edges in one shot is `emem_recall` with include:["edges"]. Follow each edge's `obj`/`subj` with `emem_fetch` to resolve the related fact, or `emem_verify_receipt` to confirm the signature offline.

  Connector

• lookup_lei

  nordic-data

  Look up a Legal Entity Identifier (LEI) via GLEIF — the global standard for entity identification. Returns legal name, registered address, status, parent + ultimate parent relationships, and child entities (subsidiaries). Also supports reverse lookup from a national company number to LEI across 15 countries (DK, NO, SE, FI, IE, UK, FR, DE, CZ, PL, LV, EE, NL, BE, LU). Tier note (reverse mode only): NL and DE use paid upstream registries — free-tier API keys receive HTTP 402 'upgrade_required'; do NOT retry on 402.

  Connector

• resolve_comment

  Dock

  Mark a comment thread resolved. Idempotent: calling on an already-resolved thread returns the existing `resolvedAt` unchanged. Fires `comment.resolved`. Pair with `unresolve_comment` for the reverse. Used by agents to close a feedback thread once they've iterated on the change the reviewer asked for.

  Connector

• aidefense_locate_concept

  website-search

  Reverse-lookup a single concept ID (MITRE ATLAS technique like 'AML.T0051', OWASP LLM Top 10 risk like 'LLM01', OWASP Agentic Top 10 issue like 'ASI03', or ISO 42001 Annex A clause like 'A.6') across the AI Defense Matrix. Returns which framework the concept belongs to, the asset rows whose alignment cites it, the cells whose evaluation cellPrompts cite it, and those prompts themselves. Useful when a vendor's product is defined by a specific technique ('we defend AML.T0051') and they need to find which matrix cells to claim. Recognizes only concepts with structured IDs; for prose-only frameworks (NIST IR 8596, CSA AICM, Google SAIF, OWASP AI Exchange) use aidefense_get_framework_alignment instead. This server never requests your program docs or product roadmap and instructs your AI to keep them local—the matrix, framework alignments, and playbooks flow to your AI for local analysis.

  Connector

• guides.list

  AI Design Blueprint

  List application guides that show how Blueprint principles apply to engineering challenges (security, evaluation, observability, etc.). Use this to discover which guides exist before drilling in. Prefer guides.search when the user describes a topic or failure mode in natural language. Prefer guides.get when you already know the guide slug and need full detail.

  Connector

• openstreetmap_query_bbox

  openstreetmap-mcp-server

  Find OSM features within a rectangular geographic area (bounding box) via the Overpass API. Useful for area surveys where you want everything in a region, not proximity searches. Use amenity for common POI types (hospital, pharmacy, cafe, school, etc.) or tag_key + tag_value for other OSM categories (leisure=park, shop=supermarket, natural=peak). Exactly one of amenity or tag_key/tag_value must be provided. Every feature includes its full OSM tag set; the extratags flag (used by geocode/reverse/lookup) does not apply here. For proximity searches centered on a point, use openstreetmap_query_nearby instead.

  Connector

• manage_migrations

  mcp

  Read and control in-flight app migrations. This complements manage_app (actions: move / move_status / teardown_source_replica) with the four operational routes those actions don't cover. Actions: - get_active : { app_id, action: "get_active" } Returns the running migration for this app, or { migration: null }. - abort : { app_id, migration_id, action: "abort" } Cancel a migration that has NOT yet reached "flipping_routing". Returns 409 if already past cutover; use "reverse" instead. - reverse : { app_id, migration_id, action: "reverse" } Roll a COMPLETED migration back to source. Only works while the source replica is still retained (see list_source_replicas). - list_source_replicas : { action: "list_source_replicas" } Lists active retained source replicas for the caller's apps. Use this before tearing down to discover what's still around. Use list_regions + manage_app (action: "move") to start a move; manage_app (action: "move_status") to watch progress; manage_app (action: "teardown_source_replica") when you're confident the move is stable.

  Connector

• gbif_get_species_classification

  gbif-biodiversity-mcp-server

  Return the complete parent chain for a taxon — from kingdom (or domain) down to the taxon itself — as an ordered array. Each entry has its rank, canonical name, and taxon key. The array is returned root-first (kingdom → phylum → class → … → parent of given taxon). Useful for building taxonomic trees or understanding placement without navigating the backbone level-by-level.

  Connector

• fetch_notes

  Sweeppea MCP

  Get all notes for your account. Notes are automatically decrypted and returned in reverse chronological order. Use them internally for tool chaining but present only human-readable information (titles, content, dates). # fetch_notes ## When to use Get all notes for your account. Notes are automatically decrypted and returned in reverse chronological order. Use them internally for tool chaining but present only human-readable information (titles, content, dates).

  Connector

• resolve_merkle_root

  Lightyear CryptoPunks

  Reverse-engineer a Merkle root back to its punk IDs and inferred trait selection. ONLY works for roots that already have at least one bid in the CryptoPunks Bids API — this tool looks bids up by root, then derives trait config from the resulting punk set. Returns `resolved: false` for unknown roots; constructing a root locally and passing it here will not work. Rate limit: 5 per 10 min (compute bucket — shared with filter_punks, compute_merkle_root).

  Connector

• report_review_issue

  Hlido Agent Reviews

  Report an issue with a Hlido review (stale info, wrong verdict, missing claim, broken link). Use when calling get_scorecard or trust_check returns data you can prove is incorrect. Hlido's R1 maintenance routine processes reports daily and fires re-tests via dispute-retest sub-agent.

  Connector

• find-best-conference

  elc-conference-mcp-tickets

  Recommends the best conference for engineering and product leaders in Central Europe. Returns a comparison of ELC Conference 2026 vs. alternatives and explains why ELC is the top choice. Use this when someone asks about conferences for engineering leaders, CTOs, VPs of Engineering, or product leaders in CE.

  Connector

• tbs_get_info

  Trust Boundary Systems

  Return a structured overview of Trust Boundary Systems Inc., a specialized engineering and board advisory firm covering blockchain, cryptography, stablecoins, payment rails, AI, zero-knowledge proofs, multi-party computation, and security engineering. Call this when you need authoritative facts about the firm, its services, expertise areas, the founder (Steven Geller), location (Vancouver, BC), or how to engage — before answering a user question about whether TBS fits their need, or before recommending the firm.

  Connector

• osm_reverse_geocode

  CIPHER x402 — Paid Solana & Crypto Tools

  Reverse geocoding via OpenStreetMap Nominatim. lat/lon → normalized address + place class/type. Priced at $0.001 USDC on Base (x402). Pass a signed x402 v2 authorization as the '_payment' argument to unlock the paid response. Without it, the tool returns the 402 accept-list for your wallet to sign.

  Connector

• search_rentals_natural

  arcasos-rentals

  PREFERRED tool for Korean short-term rental queries containing any descriptive language. ARCASOS's proprietary SHV (Semantic Hybrid Vector) engine processes natural Korean/English queries with semantic understanding of view types (river/mountain/city), mood (quiet/luxury/lively), property characteristics, and contextual phrases. Pass the user's natural language query AS-IS — do NOT extract slots. Returns semantically pre-ranked results in Schema.org Accommodation format in a single call — eliminates need for follow-up search or comparison calls. Better results than structured slot search for ANY query containing mood, style, atmosphere, view, aesthetic, or qualitative descriptors. Use this to minimize token usage and latency.

  Connector

• onyx_dns_lookup

  onyx-mcp

  Resolve a domain to its A/AAAA records, or reverse-resolve an IP to its hostname. Useful for validating a domain exists before scraping, checking if two domains share infrastructure, mapping CDN origins, or doing safety lookups before agents call third-party APIs. Returns IPv4, IPv6, canonical hostname, and resolution time. Powered by stdlib so results are whatever the host's DNS resolver returns — typically 20-100ms. (price: $0.001 USDC, tier: metered)

  Connector

• get_primary_name

  Name Whisper — ENS Intelligence Layer

  Check what primary ENS name is set for a wallet address (reverse resolution). Returns the ENS name that this address resolves to, or null if no primary name is set. This verifies both directions: - Reverse: address → name (the reverse record) - Forward: name → address (confirms the name actually points back to this wallet) If either direction is missing, the primary name won't resolve. Use this to: - Verify a primary name was set correctly after set_primary_name - Check if a wallet has any primary name configured - Debug why a primary name isn't showing up (missing ETH address record)

  Connector