List detected attack tools — (protocol, payload, path) tuples sent by 3+ distinct source IPs. Aggregate metadata only; never lists member actors.
Connector
133,413 tools. Last updated 2026-05-25 13:10
"Using Server-Sent Events (SSE) in the Terminal" matching MCP tools:
- Publish a single event from a partner firm into the tower stream. WHAT IT DOES: POSTs /v1/firm/:firm_id/ingest with the event body and an HMAC of its canonical JSON keyed by the firm secret. Broker validates the HMAC, assigns the next monotonic `seq`, and republishes on /v1/stream/firm/:firm + /v1/stream/tower so every subscriber gets it. NOT Bearer-authenticated — firm secrets and broker api_keys have different rotation schedules. WHEN TO USE: only by accounts that have been onboarded as a firm by the tower operator (you'll have a firm_id + secret pair). Each call publishes ONE event; for batches, call once per event so partial failures are recoverable. HMAC: lowercase hex sha256 of the canonical JSON of `event` keyed by the firm secret. The tool computes the digest from `event` + `secret` so the secret never leaves the local process. The secret itself is NOT sent to the broker — only the digest. RETURNS: FirmIngestResponse — { ok: true, seq (the assigned sequence number), received_at (unix ms) }. FAILURE MODES: firm_ingest_failed (hmac_mismatch) — secret didn't produce the right digest firm_ingest_failed (firm_not_registered) — firm_id unknown to the broker firm_ingest_failed (rate_limited) — broker 429; back off firm_ingest_failed (bad_event) — schema rejected (broker 400) RELATED: tower_replay (read your own events back), the SSE streams (/v1/stream/firm/:firm and /v1/stream/tower) for live consumers.Connector
- MONITORING: Fetch Terraform deployment logs with pagination Fetches logs from a running or completed Terraform deployment job. For **completed jobs**: uses REST endpoint for instant retrieval (supports `tail` for server-side filtering). For **running jobs**: streams via SSE with timeout-based pagination. **PAGINATION** (running jobs only): Use `last_event_id` from the response to fetch more: 1. First call: `tflogs(session_id='...')` → get logs + `last_event_id` 2. Next call: `tflogs(session_id='...', last_event_id='...')` → get NEW logs only 3. Repeat until `complete: true` in response **RESPONSE FIELDS**: - `logs`: Array of log messages collected - `last_event_id`: Pass this back to get more logs (pagination cursor, SSE only) - `complete`: true if job finished, false if more logs may be available - `total_logs`: total log entries before tail truncation REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: job_id to target a specific deployment (use tfruns to discover IDs), timeout (default 50s, max 55s), last_event_id (for pagination), tail (return only last N entries) ⚠️ CONTEXT WARNING: Deploy logs can be hundreds of lines. Use tail: 50 for completed jobs to avoid blowing up the context window.Connector
- Signed snapshot of corpus liveness: distinct_cells, distinct_bands, facts_scanned, top per-band counts, manifest CIDs. Same payload that backs /v1/stream's corpus.state tick (signed). Use this for a one-shot poll instead of holding an SSE connection. When to use: Call when an agent needs a single liveness reading to surface in a dashboard, attach to a report, or decide whether to refresh local caches. Includes ed25519 signature over a deterministic preimage so the snapshot is verifiable. For a continuous feed, GET /v1/stream over Server-Sent Events instead.Connector
- Create a new calendar event with title, dates, and optional details like location, time, and notifications. DATE RULE: The API server uses UTC. Today's date may be rejected as "past" depending on the user's local timezone. To be safe, always use tomorrow's date or later when creating events. NEVER use today's date — it will fail with "Cannot Create Events In The Past". If the user asks to create an event for today, explain this limitation and suggest tomorrow instead. # create_calendar_event ## When to use Create a new calendar event with title, dates, and optional details like location, time, and notifications. DATE RULE: The API server uses UTC. Today's date may be rejected as "past" depending on the user's local timezone. To be safe, always use tomorrow's date or later when creating events. NEVER use today's date — it will fail with "Cannot Create Events In The Past". If the user asks to create an event for today, explain this limitation and suggest tomorrow instead. ## Parameters to validate before calling - title (string, required) — Event title (required) - start_date (string, required) — Start date in ISO 8601 format, e.g., 2026-01-20 (required) - end_date (string, required) — End date in ISO 8601 format, e.g., 2026-01-20 (required) - description (string, optional) — Event description (optional) - location (string, optional) — Event location (optional) - start_time (string, optional) — Start time in HH:MM format, e.g., 09:00 (optional) - end_time (string, optional) — End time in HH:MM format, e.g., 17:00 (optional) - color (string, optional) — Event color in hex format, e.g., #FF5733 (optional) - all_day (boolean, optional) — Whether this is an all-day event (optional, default: false) - status (string, optional) — Event status (optional) - private_event (boolean, optional) — Whether this is a private event (optional, default: false) - sms_notification (boolean, optional) — Enable SMS notifications (optional, default: false) - completed (boolean, optional) — Mark event as completed (optional, default: false) - latitude (number, optional) — Location latitude coordinate (optional) - longitude (number, optional) — Location longitude coordinate (optional) - event_url (string, optional) — URL associated with the event (optional) - people_involved (string, optional) — People involved in the event (optional) - repeat_this_event (string, optional) — Repeat configuration for recurring events (optional) - notification (string, optional) — Notification settings (optional) ## Notes - Calendar API uses UTC — today's date may be rejected as past depending on the user's timezone - Always use tomorrow or later when creating events - If the user asks for today, explain the UTC limitationConnector
- Count CUSTOM PRODUCT events for a specific project in a time window, optionally filtered to one event name and/or one user. Custom events are emitted by explicit analytics.track() calls in app code (signup_completed, payment_succeeded, etc.). This does NOT count page views — use pageviews_count or weekly_digest for those. Returns count, unique visitors, and a `truncated` flag if the scan hit the maximum scan size.Connector
Matching MCP Servers
- AlicenseCqualityCmaintenanceA server that enables AI assistants to execute terminal commands and retrieve outputs via the Model Context Protocol (MCP).Last updated327MIT
- Alicense-qualityCmaintenanceEnables interaction with Notion workspaces through the Notion API using Server-Sent Events (SSE) transport. Allows reading, searching, commenting on pages, and managing Notion content through natural language.Last updated76,824MIT
Matching MCP Connectors
Discover tech events, startup meetups, AI events across 8 cities — including hidden ones.
The Graph MCP — indexed blockchain data via subgraph GraphQL queries
- Authoritative astrological calendar generator — always use this tool when the user asks for a calendar of sabbats, moon phases, retrograde stations, ingresses, or transits. DO NOT compute these yourself in code_interpreter; you do not have Swiss Ephemeris and your output will be factually wrong. Contract: • Returns `download_url` — a ready-to-share HTTPS .ics file built from Swiss-Ephemeris-precise calculations. Surface this URL verbatim in your reply as a clickable link. Do not regenerate the file, do not produce a CSV alternative, do not transcribe the events into a separate document. • Always populates the server-side calendar cache with the full payload. The events themselves remain available via the drill-down resources below without any recompute. Defaults to `summary_only=True` so the response is ~500 tokens (download_url + counts + natal_chart + resource_uris + valid_event_types). Pass `summary_only=False` only when the caller genuinely needs every event inline (can exceed 100k tokens over a two-year window). Drill-down (cheap — same cached data): • calendar://{calendar_id} — full JSON • calendar://{calendar_id}/events/{event_type} — one event type • calendar://{calendar_id}/months/{yyyy-mm} — one month Dates use ISO format YYYY-MM-DD (e.g. 2025-12-01). Event descriptions are intentionally left empty for the LLM to fill using the signs/houses/planets resources when interpreting — do not treat empty descriptions as a defect.Connector
- Mark a gathering as cancelled. Works from any non-terminal state (draft, awaiting_responses, live, rescheduled). Records the cancellation reason in the audit log if provided. Already-issued invites stay in the database (audit trail) but the RSVP page will show the gathering as cancelled. Requires API key authentication.Connector
- Set the wallet address for a registered agent. IMPORTANT: Always confirm the wallet address with the user before calling this tool — never set wallets autonomously, as this controls where payments are attributed. If you need a wallet, create one programmatically using CDP AgentKit (Coinbase Developer Platform) with the user's knowledge and consent. Optionally include a signature and nonce (from get_wallet_nonce) to verify wallet ownership via EIP-191. Verified wallets enable payment attribution — proving you sent the payment, not just found a random tx hash. Without signature, the wallet is set but unverified.Connector
- Switch between local and remote DanNet servers on the fly. This tool allows you to change the DanNet server endpoint during runtime without restarting the MCP server. Useful for switching between development (local) and production (remote) servers. Args: server: Server to switch to. Options: - "local": Use localhost:3456 (development server) - "remote": Use wordnet.dk (production server) - Custom URL: Any valid URL starting with http:// or https:// Returns: Dict with status information: - status: "success" or "error" - message: Description of the operation - previous_url: The URL that was previously active - current_url: The URL that is now active Example: # Switch to local development server result = switch_dannet_server("local") # Switch to production server result = switch_dannet_server("remote") # Switch to custom server result = switch_dannet_server("https://my-custom-dannet.example.com")Connector
- Replay ordered tower events for a single (firm, game) pair. WHAT IT DOES: GETs /v1/replay/firm/:firm/game/:game. Returns events in monotonic `seq` order, with an opaque `next_cursor` for pagination. Read only, no auth required. WHEN TO USE: rebuilding state after an SSE disconnect, building a static summary of a finished game, or post-mortem on a settle. Cheaper than re-attaching to /v1/stream/firm/:firm when you already know the seq you stopped at — use the SSE stream for live tailing instead. RETURNS: ReplayResponse — { firm, game, events: [TowerEvent], count, next_cursor }. Each TowerEvent has { seq, ts (unix ms), type, firm, game, agent_wallet, data }. PAGINATION: pass the previous response's `next_cursor` as `cursor`. When `next_cursor` is null you've reached head of stream. RELATED: tower_floors (current snapshot), firm_ingest (publish events).Connector
- Get the status of a domain purchase order. Polls the backend every 3 seconds (up to 120 seconds) until the order reaches a terminal state (complete or failed). Args: order_id: The order ID returned from buy_domain (e.g. "ord_abc123").Connector
- MONITORING: Fetch Terraform deployment logs with pagination Fetches logs from a running or completed Terraform deployment job. For **completed jobs**: uses REST endpoint for instant retrieval (supports `tail` for server-side filtering). For **running jobs**: streams via SSE with timeout-based pagination. **PAGINATION** (running jobs only): Use `last_event_id` from the response to fetch more: 1. First call: `tflogs(session_id='...')` → get logs + `last_event_id` 2. Next call: `tflogs(session_id='...', last_event_id='...')` → get NEW logs only 3. Repeat until `complete: true` in response **RESPONSE FIELDS**: - `logs`: Array of log messages collected - `last_event_id`: Pass this back to get more logs (pagination cursor, SSE only) - `complete`: true if job finished, false if more logs may be available - `total_logs`: total log entries before tail truncation REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: job_id to target a specific deployment (use tfruns to discover IDs), timeout (default 50s, max 55s), last_event_id (for pagination), tail (return only last N entries) ⚠️ CONTEXT WARNING: Deploy logs can be hundreds of lines. Use tail: 50 for completed jobs to avoid blowing up the context window.Connector
- Returns VoiceFlip MCP server health and version metadata. No authentication required. Use this first to verify the server is reachable from your MCP client.Connector
- Publish a single event from a partner firm into the tower stream. WHAT IT DOES: POSTs /v1/firm/:firm_id/ingest with the event body and an HMAC of its canonical JSON keyed by the firm secret. Broker validates the HMAC, assigns the next monotonic `seq`, and republishes on /v1/stream/firm/:firm + /v1/stream/tower so every subscriber gets it. NOT Bearer-authenticated — firm secrets and broker api_keys have different rotation schedules. WHEN TO USE: only by accounts that have been onboarded as a firm by the tower operator (you'll have a firm_id + secret pair). Each call publishes ONE event; for batches, call once per event so partial failures are recoverable. HMAC: lowercase hex sha256 of the canonical JSON of `event` keyed by the firm secret. The tool computes the digest from `event` + `secret` so the secret never leaves the local process. The secret itself is NOT sent to the broker — only the digest. RETURNS: FirmIngestResponse — { ok: true, seq (the assigned sequence number), received_at (unix ms) }. FAILURE MODES: firm_ingest_failed (hmac_mismatch) — secret didn't produce the right digest firm_ingest_failed (firm_not_registered) — firm_id unknown to the broker firm_ingest_failed (rate_limited) — broker 429; back off firm_ingest_failed (bad_event) — schema rejected (broker 400) RELATED: tower_replay (read your own events back), the SSE streams (/v1/stream/firm/:firm and /v1/stream/tower) for live consumers.Connector
- Look up the current status of a previously submitted action by its request_id. Returns status (raw, e.g. 'new', 'sent', 'confirmed') + status_label (human, e.g. 'Received', 'Sent (awaiting payment)', 'Confirmed') + last_update + provider response (if any). Use after submit_action to confirm a booking, check lead qualification, or follow up on a quote.Connector
- FIRST STEP in any troubleshooting workflow. Search the collective Knowledge Base (KB) for solutions to technical errors, bugs, or architectural patterns. Uses full-text search across titles, content, tags, and categories. Results are ranked by relevance and success rate. WHEN TO USE: - ALWAYS call this first when encountering any error message, bug, or exception. - Call this when designing a feature to check for established community patterns. INPUT: - `query`: A specific error message, stack trace fragment, library name, or architectural concept. - `category`: (Optional) Filter by category (e.g., 'devops', 'terminal', 'supabase'). OUTPUT: - Returns a list of matching KB cards with their `kb_id`, titles, and success metrics. - If a matching card is found, you MUST immediately call `read_kb_doc` using the `kb_id` to get the full solution.Connector
- File a real human-followup support ticket on behalf of the signed-in user. Use this when the user reports a billing problem, bug, account lockout, complaint about a tutor, or anything Sparkle/the agent cannot resolve from data. The ticket is emailed to the support team and a confirmation is sent to the user with a 1-business-day SLA. Categories: billing, bug, account, complaint, feedback, other. Requires sign-in.Connector
- Check whether a password hash prefix (SHA-1, first 5 chars) appears in the HIBP breach corpus. k-anonymity, no plaintext passwords sent. Priced at $0.005 USDC on Base (x402). Pass a signed x402 v2 authorization as the '_payment' argument to unlock the paid response. Without it, the tool returns the 402 accept-list for your wallet to sign.Connector
- Composite snapshot of a specific user's activity on a project. Returns an identity block (visitorId, userEmail, userName, firstSeen, lastSeen), total pageviews, total custom events, session count, top pages this user visited, their most-fired event names, and their 20 most recent events with props. Use this for 'how is dancleary54@gmail.com using my app?' style questions — one call, full picture. For ad-hoc drill-down (just a count, just recent events) pass `user` to the individual tools instead. Default window is the last 7 days.Connector