// SCAN REPORT

VulnMCP

16 tools. 1 can modify or destroy data without limits.

1 write tool that can modify data. Rate limits recommended.

Last updated:

1 can modify or destroy data
15 read-only
16 tools total

Community server · catalogue entry verified 11/06/2026

How to control VulnMCP ↓

TOOL MAP

Read (15) Write / Execute (1) Destructive / Financial (0)

MOST DANGEROUS TOOLS

High Risk
Write · Medium create_sighting create_sighting

1 of VulnMCP's 16 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL VULNMCP

PolicyLayer is an MCP gateway — it sits between your AI agents and VulnMCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "create_sighting": {
    "limits": [
      {
        "counter": "create_sighting_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "classify_cwe": {
    "limits": [
      {
        "counter": "classify_cwe_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register VulnMCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON VULNMCP →

Free to start. No card required.

ALL 16 VULNMCP TOOLS

WRITE 1 tools
Write create_sighting create_sighting
READ 15 tools
Read classify_cwe classify_cwe Read classify_severity classify_severity Read get_gna_entry get_gna_entry Read get_most_sighted_vulnerabilities get_most_sighted_vulnerabilities Read get_recent_vulnerabilities_by_cwe Fetch the 3 most recent vulnerabilities for a given CWE ID from Vulnerability Lookup. Read get_vulnerability get_vulnerability Read guess_cpes guess_cpes Read list_gcve_references list_gcve_references Read list_gna_entries list_gna_entries Read list_kev_entries list_kev_entries Read search_bundles search_bundles Read search_comments search_comments Read search_gna Search for GNA entries by name (case-insensitive substring match). Read search_sightings search_sightings Read search_vulnerabilities search_vulnerabilities

FAQ

How do I prevent bulk modifications through VulnMCP? +

The VulnMCP server has 1 write tools including create_sighting. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach VulnMCP.

How many tools does the Vuln MCP server expose? +

16 tools across 2 categories: Read, Write. 15 are read-only. 1 can modify, create, or delete data.

How do I enforce a policy on VulnMCP? +

Register the Vuln MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every VulnMCP tool call.

Deterministic rules across all 16 VulnMCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON VULNMCP →

Free to start. No card required.

16 VulnMCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.