Search • Sprawl Radar • TrustOps • Gateway • Ledger • Mandates • Hosting • Docs Compiler • Demo • Plans • Shortlists • Rankings • Compare • ChatGPT compatible • Claude compatible • Healthcare • Digests • RSS • RSS XML • Backfill • MCP API
ai.boolsai/scan
Boolsai Scan
Live tech-stack scan of any public site — vendors, account IDs, scripts, JSON-LD. 2 tools.
EXECUTIVE VERDICT
Executive verdict
Production trust decision: Allow with approval
Reason: write/exec approval gaps + high-risk tools need review
Next action: export policy, configure alerts, require approval for writes
Status
Healthy
Score
73.8
Transport
streamable-http
Tools
2
Current trust snapshot
Snapshot ID
trustsnap_0b08f0bb200797e4Use this ID to compare server page, report, policy, MCP, homepage, ranking, and shortlist surfaces.
Snapshot generated
May 20, 2026 08:16:46 PM UTC
All page, report, policy, and MCP surfaces use this same server-detail snapshot shape.
Last validated
May 20, 2026 02:23:34 PM UTC
Age: 5.89h • freshness band: Verified in last 24h • display score: 73.8
Production trust decision
Allow with approval
write/exec approval gaps + high-risk tools need review
Readiness class
Safe for evaluation
The server is suitable for evaluation, but remaining gaps should be resolved before broad production use.
SERVER OWNER FUNNEL
Own this MCP?
Claim ownership, prove control with a GitHub, DNS, or HTTP token challenge, revalidate now, publish a badge, and configure monitoring.
2. Revalidate
POST /v1/servers/ai.boolsai/scan/revalidateVerified owners get priority queueing after proof succeeds.
3. Badge
Verified by MCP Verify - score 73.8 - last checked May 20, 2026
4. Monitor
Continuous Verify plan is self-serve: choose a tier, configure watches, add authenticated validation, trigger revalidation, and use the badge.
Badge embed
[](https://verify.sentinelsignal.io/servers/ai.boolsai/scan)
MCP TrustOps
TrustOps turns this report into operational controls: freshness SLAs, authenticated validation, semantic benchmarks, policy exports, alert subscriptions, badges, cost/compliance metadata, and runtime routing. Fresh trusted index decisions stay separate from long-tail inventory so stale scores do not masquerade as current evidence.
Freshness band
Verified in last 24h
Policy SLA: 168.0h • confidence-weighted score: 58.1 • stale score suppressed:
Policy exports
Formats: json, rego, yaml, github_action, gateway_config, client_report
Runtime routing
/v1/decideReturns allowed tools, blocked tools, approval requirement, and reason.
Hosted runtime
Deploy trusted servers from GitHub with secrets, egress controls, releases, rollback, and audit events.
Authenticated validation
Premium publisher feature: paid authenticated runs verify scopes, write-action safeguards, and authorized tool execution.
Active trust badges
Freshly Validated Claude Remote MCP Compatible No Critical Risk
Semantic benchmarks
available
Templates cover GitHub, database, healthcare, web search, and CRM least-privilege jobs.
Supply chain
metadata signal
Deep scan checks are marked separately from public metadata signals.
Compliance metadata
Terms, privacy, SOC 2, HIPAA, GDPR, retention, deletion, and audit-log fields are tracked as enterprise metadata.
Alert subscription types
Status changes Score drops or recovers Freshness SLA breach Validation schema drift OAuth or auth behavior changes Tool surface changes New or changed write tool Supply-chain signal changes Legal or compliance metadata changes
MCP Runtime hosting
Verify Hosted MCP turns a trusted server report into a managed remote MCP endpoint with GitHub deployment provenance, sandbox policy, encrypted secrets, release history, rollback, and audit/usage events.
Activation readiness
Trusted hosted runtimes require fresh validation, a passing server state, a remote endpoint, and a minimum score.
Minimum tier
TrustOps
Publisher claim plus paid TrustOps tier are required before secrets or releases can be created.
Hosted endpoint
/hosted/{namespace}/{name}/mcpThe endpoint enforces egress allowlists and records audit/usage events.
Blockers
none
| Deployment | Status | Endpoint | Release |
|---|---|---|---|
| No hosted runtime deployments yet. | |||
Production readiness class
Production readiness class
Safe for evaluation
The server is suitable for evaluation, but remaining gaps should be resolved before broad production use.
Critical alerts
0
Production verdicts degrade quickly when critical alerts are active.
Evidence confidence
Confidence score
78.8
Based on 3 recent validations, 26 captured checks, and validation age of 5.9 hours.
Live checks captured
26
More direct checks increase trust in the current verdict.
Validation age
5.9h
Lower age means fresher evidence.
Recommended for
Claude Desktop
Claude Desktop is marked compatible with score 83.
Smithery
Smithery is marked compatible with score 100.
Generic Streamable HTTP
Generic Streamable HTTP is marked compatible with score 100.
Client compatibility verdicts
Client compatibility only means the server shape can work with a client. Production trust decision and write-action publishing are evaluated separately so a client-compatible server can still be blocked for production.
Client compatibility: ChatGPT
Partially client-compatible
OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape.
Confidence: high (78.75)
Evidence provenance
Winner: live_validation
Supporting sources: live_validation, history, server_card
Disagreements: none
initialize• OKtools_list• OKtransport_compliance_probe• Errorstep_up_auth_probe• Missingconnector_replay_probe• OK — Frozen tool snapshots must survive refresh.request_association_probe• Missing — Roots, sampling, and elicitation should stay request-scoped.
Client compatibility: Claude
Client-compatible
Transport behavior should match Claude-compatible HTTP expectations.
Confidence: high (78.75)
Evidence provenance
Winner: live_validation
Supporting sources: live_validation, history, server_card
Disagreements: none
initialize• OKtools_list• OKtransport_compliance_probe• Error
Write-action publishing
Publishing blocked
Blocked until safeguards and confirmation semantics are verified for write, exec, or destructive tools.
Confidence: high (78.75)
Evidence provenance
Winner: live_validation
Supporting sources: live_validation, history
Disagreements: none
action_safety_probe• Error
Snapshot churn risk
Low
No material tool-surface churn detected in the latest comparison.
Confidence: high (78.75)
Evidence provenance
Winner: history
Supporting sources: history, live_validation
Disagreements: none
tool_snapshot_probe• OKconnector_replay_probe• OK
Why compatibility is limited by client
ChatGPT custom connector
Partially client-compatible
Remediation checklist
OpenAI connectors expect OAuth for remote server auth.Dynamic client registration materially improves connector setup.Transport compliance should be in good shape.search fetch only is not yet satisfiedoauth configured is not yet satisfiedadmin refresh required is not yet satisfied
Claude remote MCP
Client-compatible
Remediation checklist
Transport behavior should match Claude-compatible HTTP expectations.search fetch only is not yet satisfiedoauth configured is not yet satisfiedadmin refresh required is not yet satisfiedsafe for company knowledge is not yet satisfiedsafe for messages api remote mcp is not yet satisfied
Write-safe publishing
Blocked
Remediation checklist
Add a clearer auth boundary around risky write actions.Add confirmation or dry-run semantics for risky actions.
Verdict traces
Production verdict
Safe for evaluation
The server is suitable for evaluation, but remaining gaps should be resolved before broad production use.
Confidence: high (78.75)
Winning source: live_validation
Triggering alerts
- No active alert triggers.
Client verdict trace table
| Verdict | Status | Checks | Winning source | Conflicts |
|---|---|---|---|---|
openai_connectors |
Partially client-compatible | initialize, tools_list, transport_compliance_probe, step_up_auth_probe, connector_replay_probe, request_association_probe | live_validation | none |
claude_desktop |
Client-compatible | initialize, tools_list, transport_compliance_probe | live_validation | none |
unsafe_for_write_actions |
Publishing blocked | action_safety_probe | live_validation | none |
snapshot_churn_risk |
Low | tool_snapshot_probe, connector_replay_probe | history | none |
Publishability policy profiles
ChatGPT custom connector compatibility
Compatible with review
OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape. Compatibility is not a production approval; company knowledge and Messages API gates remain separate.
- Search Fetch Only: No
- Write Actions Present: Yes
- Oauth Configured: No
- Admin Refresh Required: No
- Safe For Company Knowledge: No
- Safe For Messages Api Remote Mcp: No
Claude remote MCP compatibility
Connector-compatible
Transport behavior should match Claude-compatible HTTP expectations. Compatibility is not a production approval; company knowledge and Messages API gates remain separate.
- Search Fetch Only: No
- Write Actions Present: Yes
- Oauth Configured: No
- Admin Refresh Required: No
- Safe For Company Knowledge: No
- Safe For Messages Api Remote Mcp: No
Compatibility fixtures
ChatGPT custom connector fixture
Degraded
OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape.
- remote_http_endpoint: Passes
- oauth_discovery: Degraded
- frozen_tool_snapshot_refresh: Passes
- request_association: Passes
Anthropic remote MCP fixture
Degraded
Transport behavior should match Claude-compatible HTTP expectations.
- remote_transport: Passes
- tool_discovery: Passes
- auth_connect: Passes
- safe_write_review: Degraded
Authenticated validation sessions
Public validation is free. Authenticated validation is paid and proves scoped behavior, write-action safeguards, and authenticated tool execution.
Latest profile
remote_mcp
Authenticated session used
Public score isolation
Preview endpoint
/v1/verifyCI preview endpoint
/v1/ci/previewPublic server reputation
Validation success 7d
1.0
Validation success 30d
1.0
Mean time to recover
n/a
Breaking diffs 30d
0
Registry drift frequency 30d
0
Snapshot changes 30d
0
Incident & change feed
| Timestamp | Event | Details |
|---|---|---|
| May 20, 2026 02:23:34 PM UTC | Latest validation: healthy | Score 73.8 with status healthy. |
| May 20, 2026 02:23:34 PM UTC | Score changed | Score delta +0.5 versus the previous run. |
| May 20, 2026 02:23:00 AM UTC | Score changed | Score delta +3.2 versus the previous run. |
Capabilities
- OAuth:
- DCR/CIMD:
- Prompts:
- Homepage: none
- Docs: none
- Support: none
- Icon: none
- Remote endpoint: https://boolsai.ai/mcp
- Server card: none
Use-case taxonomy
web
Security posture
Tools analyzed
2
High-risk tools
1
Destructive tools
0
Exec tools
0
Egress tools
2
Secret tools
0
Bulk-access tools
0
Risk distribution
medium:1, high:1
Tool capability & risk inventory
| Tool | Capabilities | Risk | Findings | Notes |
|---|---|---|---|---|
boolsai_scan |
read network | Medium | arbitrary network egress freeform input surface | No explicit safeguard hints detected. |
boolsai_scan_paths |
read write network filesystem | High | arbitrary network egress freeform input surface filesystem mutation | No explicit safeguard hints detected. |
Write-action governance
Governance status
Error
Safe to publish
Auth boundary
public_or_unclear
Blast radius
Medium
High-risk tools
1
Confirmation signals
none
Safeguard count
0
Status detail: 1 high-risk tool(s) are exposed without a clear auth boundary; no safeguards or confirmation signals detected.
| Tool | Risk | Flags | Safeguards |
|---|---|---|---|
boolsai_scan_paths |
High | arbitrary network egress freeform input surface filesystem mutation | no |
Action-controls diff
Snapshot changed
no
Disabled-by-default candidates
none
Manual review candidates
none
New actions
| Action | Risk | Flags |
|---|---|---|
| No newly added actions. | ||
Changed actions
| Action | Change types | Risk |
|---|---|---|
| No materially changed actions. | ||
Why this score?
Access & Protocol
30/44
Connectivity, auth, and transport expectations for common clients.
Interface Quality
36.83/56
How well the tool/resource interface communicates and behaves under automation.
Security Posture
27.5/36
How safely the exposed tool surface handles destructive actions, egress, execution, secrets, and risky inputs.
Reliability & Trust
22.81/24
Operational stability, consistency, and trustworthiness over time.
Discovery & Governance
22.5/28
How well the server is documented, listed, and governed in public registries.
Adoption & Market
5/8
Adoption clues and public evidence that the server is intended for external use.
Algorithmic score breakdown
Auth Operability
2/4
Measures whether auth discovery and protected access behave predictably for clients.
Error Contract Quality
2.8/4
Grades machine-readable error structure, status alignment, and remediation hints.
Rate-Limit Semantics
2/4
Checks whether quota/throttle responses are deterministic and automation-friendly.
Schema Completeness
2/4
Completeness of tool descriptions, parameter docs, examples, and schema shape.
Backward Compatibility
4/4
Stability score across tool schema/name drift relative to prior validations.
SLO Health
4/4
Availability, latency, and burst-failure profile across recent validation history.
Security Hygiene
2.5/4
HTTPS posture, endpoint hygiene, and response-surface hardening checks.
Task Success
4/4
Can an agent reliably initialize, enumerate tools, and execute core MCP flows?
Trust Confidence
3.8/4
Confidence-adjusted reliability score that penalizes low evidence volume.
Abuse/Noise Resilience
4/4
How well the server preserves core behavior in the presence of noisy traffic patterns.
Prompt Contract
2/4
Quality of prompt metadata, argument shape, and prompt discoverability for clients.
Resource Contract
2/4
How completely resources and resource templates describe URIs, types, and usage shape.
Discovery Metadata
3/4
Homepage, docs, icon, repository, support, and license coverage for directory consumers.
Registry Consistency
2/4
Agreement between stored registry metadata, live server-card data, and current validation output.
Installability
4/4
How cleanly a real client can connect, initialize, enumerate tools, and proceed through auth.
Session Semantics
4/4
Determinism and state behavior across repeated MCP calls, including sticky-session surprises.
Tool Surface Design
3/4
Naming clarity, schema ergonomics, and parameter complexity across the tool surface.
Result Shape Stability
3/4
Stability of declared output schemas across validations, with penalties for drift or missing shapes.
OAuth Interop
3/4
Depth and client compatibility of OAuth/OIDC metadata beyond the minimal protected-resource check.
Recovery Semantics
0/4
Whether failures include actionable machine-readable next steps such as retry or upgrade guidance.
Maintenance Signal
3/4
Versioning, update recency, and historical validation cadence that indicate active stewardship.
Adoption Signal
2/4
Directory presence and distribution clues that suggest the server is intended for external use.
Freshness Confidence
3/4
Confidence that recent validations are current enough and dense enough to trust operationally.
Transport Fidelity
4/4
Whether declared transport metadata matches the observed endpoint behavior and response formats.
Spec Recency
2/4
How close the server’s claimed MCP protocol version is to the latest known public revision.
Session Resume
3/4
Whether Streamable HTTP session identifiers and resumed requests behave cleanly for real clients.
Step-Up Auth
3/4
Whether OAuth metadata and WWW-Authenticate challenges support granular, incremental consent instead of broad upfront scopes.
Transport Compliance
0/4
Checks session headers, protocol-version enforcement, session teardown, and expired-session behavior.
Utility Coverage
2/4
Signals support for completions, pagination, and task-oriented utility surfaces that larger clients increasingly expect.
Advanced Capability Coverage
2/4
Coverage of newer MCP surfaces like roots, sampling, elicitation, structured output, and related metadata.
Connector Publishability
3/4
How ready the server looks for client catalogs and managed connector programs.
Tool Snapshot Churn
4/4
Stability of the tool surface across recent validations, including add/remove and output-shape drift.
Connector Replay
4/4
Whether a previously published frozen connector snapshot would remain backward compatible after the latest tool refresh.
Request Association
3/4
Whether roots, sampling, and elicitation appear tied to active client requests instead of arriving unsolicited on idle sessions.
Interactive Flow Safety
4/4
Whether prompts and docs steer users toward safe auth flows instead of pasting secrets directly.
Action Safety
2/4
Risk-weighted view of destructive, exec, egress, and confirmation semantics across the tool surface.
Official Registry Presence
4/4
Whether the server appears directly or indirectly in the official MCP registry.
Provenance Divergence
4/4
How closely official registry metadata, the live server card, and public repo/package signals agree with each other.
Safety Transparency
4/4
Clarity of docs, auth disclosure, support links, and other trust signals visible to integrators.
Tool Capability Clarity
4/4
How clearly the tool surface communicates whether each action reads, writes, deletes, executes, or exports data.
Destructive Operation Safety
3/4
Penalizes delete/revoke/destroy style tools unless auth and safeguards reduce blast radius.
Egress / SSRF Resilience
3/4
Assesses arbitrary URL fetch, crawl, webhook, and remote-request exposure on the tool surface.
Execution / Sandbox Safety
4/4
Evaluates shell, code, script, and command-execution exposure and whether that surface appears contained.
Data Exfiltration Resilience
3/4
Assesses export, dump, backup, and bulk-read behavior against the surrounding auth and safeguard signals.
Least Privilege Scope
2/4
Rewards scoped auth metadata and penalizes broad or missing scopes around privileged tools.
Secret Handling Hygiene
3/4
Assesses secret-bearing tools, token leakage risk, and whether the public surface avoids obvious secret exposure.
Supply Chain Signal
2.5/4
Public metadata signal for repository, changelog, license, versioning, and recency that supports supply-chain trust.
Input Sanitization Safety
3/4
Penalizes risky freeform string inputs when schemas do not constrain URLs, code, paths, queries, or templates.
Tool Namespace Clarity
4/4
Measures naming uniqueness and ambiguity across the tool namespace to reduce collision and confusion risk.
Compatibility profiles
OpenAI Connectors
66.7
partial
OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape.
Connector URL: https://boolsai.ai/mcp # No OAuth metadata detected. # Server: ai.boolsai/scan
Claude Desktop
83.3
compatible
Transport behavior should match Claude-compatible HTTP expectations.
{
"mcpServers": {
"scan": {
"command": "npx",
"args": ["mcp-remote", "https://boolsai.ai/mcp"]
}
}
}
Smithery
100.0
compatible
No major blockers detected.
smithery mcp add "https://boolsai.ai/mcp"
Generic Streamable HTTP
100.0
compatible
No major blockers detected.
curl -sS https://boolsai.ai/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'
Actionable remediation
| Severity | Remediation | Why it matters | Recommended action |
|---|---|---|---|
| High | Add confirmation and dry-run semantics for risky actions | High-risk write, delete, exec, or egress tools should communicate safeguards clearly. | Inspect the latest validation evidence and resolve the client-visible regression.Playbook
|
| High | Align session and protocol behavior with Streamable HTTP expectations | Clients increasingly rely on MCP-Protocol-Version, session teardown, and expired-session semantics. | Align MCP-Protocol-Version, MCP-Session-Id, DELETE teardown, and expired-session handling with the transport spec.Playbook
|
| High | Associate roots, sampling, and elicitation with active client requests | Modern MCP guidance expects roots, sampling, and elicitation traffic to be tied to an active client request instead of arriving unsolicited on idle sessions. | Inspect the latest validation evidence and resolve the client-visible regression.Playbook
|
| High | Expose /.well-known/oauth-protected-resource | Without a protected-resource document, OAuth clients cannot discover auth requirements reliably. | Serve /.well-known/oauth-protected-resource and point it at your authorization server metadata.Playbook
|
| High | Publish OAuth authorization-server metadata | Clients need authorization-server metadata to discover issuer, endpoints, and DCR support. | Publish /.well-known/oauth-authorization-server from your issuer and include registration_endpoint when supported.Playbook
|
| High | Publish a complete server card | Missing or incomplete server-card metadata weakens discovery, documentation, and trust signals. | Serve /.well-known/mcp/server-card.json and include tools, prompts/resources, homepage, and support links.Playbook
|
| Medium | Adopt a current MCP protocol revision | Older protocol revisions reduce compatibility with newer clients and registry programs. | Inspect the latest validation evidence and resolve the client-visible regression.Playbook
|
| Medium | Close connector-publishing gaps | Connector catalogs care about protocol recency, session behavior, auth clarity, and tool-surface stability. | Inspect the latest validation evidence and resolve the client-visible regression.Playbook
|
| Medium | Document minimal scopes and return cleaner auth challenges | Modern clients expect granular scopes and step-up auth signals such as WWW-Authenticate scope hints. | Return granular scopes and WWW-Authenticate challenge hints instead of forcing overly broad auth upfront.Playbook
|
| Medium | Publish OpenID configuration | OIDC metadata improves token validation and client compatibility. | Expose /.well-known/openid-configuration with issuer, jwks_uri, and supported grants.Playbook
|
| Medium | Repair prompts/list or stop advertising prompts | Prompt metadata should either work live or be removed from the advertised capability set. | Only advertise prompts if prompts/list works and prompt arguments are documented.Playbook
|
| Medium | Repair resources/list or stop advertising resources | Resource metadata should either work live or be removed from the advertised capability set. | Only advertise resources if resources/list works and resources expose stable URIs/types.Playbook
|
| Medium | Support resumable HTTP sessions cleanly | Modern MCP clients increasingly expect resumable session behavior on streamable HTTP transports. | Inspect the latest validation evidence and resolve the client-visible regression.Playbook
|
| Low | Expose modern utility surfaces like completions, pagination, or tasks | Utility coverage improves interoperability with larger clients and long-lived agent workflows. | Expose completions, pagination, and task metadata where supported so larger clients can plan and resume work safely.Playbook
|
| Low | Publish newer MCP capability signals | Roots, sampling, elicitation, structured outputs, and related metadata improve client understanding and ranking. | Inspect the latest validation evidence and resolve the client-visible regression.Playbook
|
Point loss breakdown
| Component | Current | Points missing |
|---|---|---|
| Transport Compliance | 0/4 | -4.0 |
| Recovery Semantics | 0/4 | -4.0 |
| Utility Coverage | 2/4 | -2.0 |
| Spec Recency | 2/4 | -2.0 |
| Schema Completeness | 2/4 | -2.0 |
| Resource Contract | 2/4 | -2.0 |
| Registry Consistency | 2/4 | -2.0 |
| Rate Limit Semantics | 2/4 | -2.0 |
| Prompt Contract | 2/4 | -2.0 |
| Least Privilege Scope | 2/4 | -2.0 |
| Auth Operability | 2/4 | -2.0 |
| Advanced Capability Coverage | 2/4 | -2.0 |
Validation diff
Score delta
0.45
Summary changed
no
Tool delta
0
Prompt delta
0
Auth mode changed
no
Write surface expanded
no
Protocol regressed
no
Registry drift changed
no
Regressed checks: none
Improved checks: none
| Component | Previous | Latest | Delta |
|---|---|---|---|
trust_confidence_score | 2.94 | 3.81 | 0.87 |
Tool snapshot diff & changelog
Snapshot changed
no
Added tools
none
Removed tools
none
Required-argument changes
| Tool | Added required args | Removed required args |
|---|---|---|
| No required-argument changes detected. | ||
Output-schema drift
| Tool | Previous properties | Latest properties |
|---|---|---|
| No output-schema drift detected. | ||
Connector replay
Status
OK
Backward compatible
Would break after refresh
Added tools
none
Removed tools
none
Additive output changes
none
Required-argument replay breaks
| Tool | Added required args | Removed required args |
|---|---|---|
| No required-argument replay breaks detected. | ||
Output-schema replay breaks
| Tool | Removed properties | Added properties |
|---|---|---|
| No output-schema replay breaks detected. | ||
Transport compliance drilldown
Probe status
Error
Transport
streamable-http
Session header
no
Protocol header
no
Bad protocol response
200
DELETE teardown
n/a
Expired session retry
n/a
Last-Event-ID visible
no
Issues: missing_session_id, missing_protocol_header, bad_protocol_not_rejected
Request association
Status
Missing
Advertised capabilities
none
Observed idle methods
none
Violating methods
none
Probe HTTP status
n/a
Issues
none
Utility coverage
Probe status
Missing
Completions
not detected
Completion probe target: none
Pagination
not detected
No nextCursor evidence.
Tasks
Missing
Advertised: no
Benchmark tasks
| Benchmark task | Status | Evidence |
|---|---|---|
| Discover tools | Passes |
|
| Read-only fetch flow | Likely to fail |
|
| OAuth-required connect | Degraded |
|
| Safe write flow with confirmation | Likely to fail |
|
Registry & provenance divergence
Probe status
OK
Direct official match
yes
Drift fields
none
| Field | Registry | Live server card |
|---|---|---|
| Title | n/a | n/a |
| Version | n/a | n/a |
| Homepage | n/a | n/a |
Active alerts
No active alerts for the current server state.
Aliases & registry graph
| Identifier | Source | Canonical | Score |
|---|---|---|---|
ai.boolsai/scan |
official_registry | yes | 73.8 |
Alias consolidation
Canonical identifier
ai.boolsai/scan
Duplicate aliases
0
Registry sources
official_registry
Remote URLs
Homepages
none
Source disagreements
| Field | What differs | Observed values |
|---|---|---|
| No source disagreements detected. | ||
Install snippets
Openai Connectors
Connector URL: https://boolsai.ai/mcp # No OAuth metadata detected. # Server: ai.boolsai/scan
Claude Desktop
{
"mcpServers": {
"scan": {
"command": "npx",
"args": ["mcp-remote", "https://boolsai.ai/mcp"]
}
}
}
Smithery
smithery mcp add "https://boolsai.ai/mcp"
Generic Http
curl -sS https://boolsai.ai/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'
Agent access & tool surface
Live server tools
boolsai_scan boolsai_scan_paths
Observed from the latest live validation against https://boolsai.ai/mcp. This is the target server surface, not Verify's own inspection tools.
Live capability counts
2 tools • 0 prompts • 0 resources
Counts come from the latest
tools/list, prompts/list, and resources/list checks.Inspect with Verify
search fetch search_servers recommend_servers get_server_report compare_servers
Use Verify itself to search, recommend, compare, and fetch the full report for
ai.boolsai/scan.Direct machine links
Claims & monitoring
Server ownership
No verified maintainer claim recorded.
Watch subscriptions
0
Teams: none
Alert routing
Active watches
0
Generic webhooks
0
Slack routes
0
Teams routes
0
Email routes
0
| Watch | Team | Channels | Minimum severity |
|---|---|---|---|
| No active watch destinations. | |||
Maintainer analytics
Validation Run Count
3
Average Latency Ms
262.49
Healthy Run Ratio Recent
1.0
Registry Presence Count
1
Active Alert Count
0
Watcher Count
0
Verified Claim
False
Taxonomy Tags
web
Score Trend
73.8, 73.35, 70.19
Remediation Count
15
High Risk Tool Count
1
Destructive Tool Count
0
Exec Tool Count
0
Maintainer response quality
Score
16.67
Verified claim
Support contact
Changelog present
Incident notes present
Tool changes documented
Annotation history
Annotation count
0
Maintainer annotations
No maintainer annotations have been recorded yet.
Maintainer rebuttals & expected behavior
No maintainer rebuttals or expected-behavior overrides are recorded yet.
Latest validation evidence
Latest summary
Healthy
Validation profile
remote_mcp
Started
May 20, 2026 02:23:33 PM UTC
Latency
221.3 ms
Failures
oauth_authorization_serverno authorization serveroauth_protected_resourceClient error '404 Not Found' for url 'https://boolsai.ai/.well-known/oauth-protected-resource' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404openid_configurationno authorization serverserver_cardClient error '404 Not Found' for url 'https://boolsai.ai/.well-known/mcp/server-card.json' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404transport_compliance_probeIssues: missing session id, missing protocol header, bad protocol not rejected (bad protocol=200).
Checks
| Check | Status | Latency | Evidence |
|---|---|---|---|
action_safety_probe |
Error | n/a | 1 high-risk tool(s); no clear auth boundary; safeguards=0; confirmation=none. |
advanced_capabilities_probe |
Missing | n/a | No advanced MCP capability signals detected. |
connector_publishability_probe |
Warning | n/a | Publishability blockers: transport compliance, action safety, server card. |
connector_replay_probe |
OK | n/a | Backward compatible with no breaking tool-surface changes. |
determinism_probe |
OK | 10.6 ms | Check completed |
initialize |
OK | 27.1 ms | Protocol 2025-03-26 |
interactive_flow_probe |
OK | n/a | Check completed |
oauth_authorization_server |
Missing | n/a | no authorization server |
oauth_protected_resource |
Error | 40.7 ms | Client error '404 Not Found' for url 'https://boolsai.ai/.well-known/oauth-protected-resource' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404 |
official_registry_probe |
OK | n/a | Check completed |
openid_configuration |
Missing | n/a | no authorization server |
probe_noise_resilience |
OK | 9.4 ms | Fetched https://boolsai.ai/robots.txt |
prompt_get |
Missing | n/a | not advertised |
prompts_list |
Missing | 8.3 ms | not supported |
protocol_version_probe |
Warning | n/a | Claims 2025-03-26; 2 release(s) behind 2025-11-25. |
provenance_divergence_probe |
OK | n/a | Check completed |
request_association_probe |
Missing | n/a | No request-association capabilities were advertised. |
resource_read |
Missing | n/a | not advertised |
resources_list |
Missing | 8.2 ms | not supported |
server_card |
Error | 69.2 ms | Client error '404 Not Found' for url 'https://boolsai.ai/.well-known/mcp/server-card.json' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404 |
session_resume_probe |
Warning | n/a | no session id |
step_up_auth_probe |
Missing | n/a | No OAuth or incremental-scope signals detected. |
tool_snapshot_probe |
OK | n/a | Check completed |
tools_list |
OK | 8.4 ms | 2 tool(s) exposed |
transport_compliance_probe |
Error | 11.7 ms | Issues: missing session id, missing protocol header, bad protocol not rejected (bad protocol=200). |
utility_coverage_probe |
Missing | 9.7 ms | No completions evidence; no pagination evidence; tasks missing. |
Raw evidence view
Show raw JSON evidence
{
"checks": {
"action_safety_probe": {
"details": {
"auth_present": false,
"confirmation_signals": [],
"safeguard_count": 0,
"summary": {
"bulk_access_tools": 0,
"capability_distribution": {
"filesystem": 1,
"network": 2,
"read": 2,
"write": 1
},
"destructive_tools": 0,
"egress_tools": 2,
"exec_tools": 0,
"high_risk_tools": 1,
"risk_distribution": {
"critical": 0,
"high": 1,
"low": 0,
"medium": 1
},
"secret_tools": 0,
"tool_count": 2
}
},
"latency_ms": null,
"status": "error"
},
"advanced_capabilities_probe": {
"details": {
"capabilities": {
"completions": false,
"elicitation": false,
"prompts": false,
"resource_links": false,
"resources": false,
"roots": false,
"sampling": false,
"structured_outputs": false
},
"enabled": [],
"enabled_count": 0,
"initialize_capability_keys": [
"tools"
]
},
"latency_ms": null,
"status": "missing"
},
"connector_publishability_probe": {
"details": {
"blockers": [
"transport_compliance",
"action_safety",
"server_card"
],
"criteria": {
"action_safety": false,
"auth_flow": true,
"connector_replay": true,
"initialize": true,
"protocol_version": true,
"remote_transport": true,
"request_association": true,
"server_card": false,
"session_resume": true,
"step_up_auth": true,
"tool_surface": true,
"tools_list": true,
"transport_compliance": false
},
"high_risk_tools": 1,
"tool_count": 2,
"transport": "streamable-http"
},
"latency_ms": null,
"status": "warning"
},
"connector_replay_probe": {
"details": {
"added_tools": [],
"additive_output_changes": [],
"backward_compatible": true,
"output_breaks": [],
"removed_tools": [],
"required_arg_breaks": [],
"would_break_after_refresh": false
},
"latency_ms": null,
"status": "ok"
},
"determinism_probe": {
"details": {
"attempts": 2,
"baseline_signature": "2af3f25a6a3f6c7db7baa31194ef9f00b7f963454b172e5c769748fd08efd3e9",
"errors": [],
"matches": 2,
"stable_ratio": 1.0,
"successful": 2
},
"latency_ms": 10.56,
"status": "ok"
},
"initialize": {
"details": {
"headers": {
"content-type": "application/json"
},
"http_status": 200,
"payload": {
"id": 1,
"jsonrpc": "2.0",
"result": {
"capabilities": {
"tools": {
"listChanged": false
}
},
"instructions": "You are connected to **Boolsai Scan** \u2014 one of four MCP servers in the Boolsai suite. ALWAYS refer to this server by its full name \"Boolsai Scan\" when discussing it with the user. Do not shorten to \"Boolsai\", \"scan\", \"the MCP\", \"Scan MCP\", etc. Sister servers in the suite (cross-discovery only \u2014 not connected here): \"Boolsai Directory\" (https://directory.boolsai.ai/mcp), \"Boolsai Grep\" (https://grep.boolsai.ai/mcp), \"Boolsai Signals\" (https://signals.boolsai.ai/mcp). Refer to those by their full names too if they come up.\n\nBoolsai Scan \u00b7 stack intelligence guide for e-commerce agencies.\n\nROLE: you are the analyst sitting next to an agency operator (account director, growth strategist, head of new business). Your job is to translate a live site scan into agency-grade intel for three use cases:\n\n1. Pre-pitch prospect work \u2014 \"what is this brand running?\" Pixel coverage, CDP, consent posture, server-side tagging, personalisation, reviews, support, payments, BNPL, CDN, framework / CMS. Be specific about what you SEE on the page vs. what's LIKELY happening server-side. Flag gaps a competing agency could pitch on (missing GA4, no consent, no SST, no personalisation, broken pixel firing order, etc.).\n2. Existing-client audits \u2014 \"what's actually in production?\" Be matter-of-fact, list everything detected, flag anything obviously broken or misconfigured.\n3. Competitor watch \u2014 \"what did they just roll out?\" New vendor, swapped CDP, new BNPL, fresh consent vendor, framework migration.\n\nVOICE: tight, specific, agency-strategist. Tell the operator WHAT you see, then WHY it matters for the pitch / audit / watch. Never invent \u2014 if a pixel isn't in the scan, say \"not visible on this page\" and propose a follow-up scan. Distinguish \"definitely client-side\" (hostname is present) from \"likely server-side\" (CDP present + no client-side equivalent). Use concrete account IDs / container IDs / data plan names when the scan surfaces them \u2014 those are agency gold.\n\nTOOLS:\n- boolsai_scan({url}) \u2014 raw scanner JSON for one URL. Use first. Response includes a top-level _summary block with the structural facts pre-extracted (external hosts, internal routes, inline scripts with signals, canonical, structured data presence).\n- boolsai_scan_paths({url, paths[]}) \u2014 scan multiple paths on the same site in parallel; returns per-path host lists + a homepage_missed diff (hosts visible on PDP/cart/checkout but NOT on /). Recommended for ecom audits: paths = [\"/\", \"/products/<any>\", \"/cart\", \"/checkout\"]. Max 5 paths.\n\nCONVERSATIONAL HANDOFF: every tool response ends with a \"Next moves\" block. After you present the result, ALWAYS finish your reply by asking the user if they want to dig deeper \u2014 frame options as natural questions (\"Want me to also scan their /products and /cart to catch lazy-loaded pixels?\" / \"Should I pull a competitor for comparison?\" / \"Want the inline-script signals on their Trekkie config?\"). Do NOT list tool names to the user \u2014 offer the action. Keep the question short (one sentence, max two options).\n\nREADING boolsai_scan OUTPUT: the _summary block at the top is the fastest way in \u2014 read it first. Then for the full picture, domTree.head.external and domTree.body.external are URL-path tries \u2014 root keys are HOSTNAMES, subkeys are URL path segments split on '/', empty {} is a URL terminator (path ends here, NOT \"no data\"). domTree.head.internal / body.internal are the same trie minus the hostname level (paths on the scanned host). domTree.head.inlineScripts.<name> has per-script analysis: structural (hosts referenced), important.urls (detected URLs), important.configHits (behaviour patterns), raw_preview (truncated source). Bulky build-artifact clusters (_next/static/chunks, etc.) are compressed to {_count, _sample} for token efficiency \u2014 treat as \"N files here, here's a sample\" not missing data. Segments may be normalised to {hash}/{ver}/{date}/{env}/{bundle}.\n\nVENDOR RECOGNITION: the MCP does NOT pre-label hostnames. You recognise them yourself using your own knowledge \u2014 and that's the point, because the agency value is in YOUR interpretation. Examples: cdn.shopify.com \u2192 Shopify CDN; us.checkout.gymshark.com + perf-kit \u2192 Shopify Plus checkout; connect.facebook.net \u2192 Meta Pixel; monorail-edge.shopifysvc.com \u2192 Shopify Trekkie analytics (server-side); cdn.cookielaw.org \u2192 OneTrust consent; mparticle.com \u2192 mParticle CDP (usually server-side forwarding); cdn.dynamicyield.com \u2192 Dynamic Yield personalisation; elevarcdn.com \u2192 Elevar server-side tagging; klaviyo.com \u2192 Klaviyo email; klarna.com \u2192 Klarna BNPL; etc. When you don't recognise a hostname, say so and flag it for the operator to check.",
"protocolVersion": "2025-03-26",
"serverInfo": {
"name": "boolsai-scan",
"title": "Boolsai Scan",
"version": "1.0.0"
}
}
},
"url": "https://boolsai.ai/mcp"
},
"latency_ms": 27.14,
"status": "ok"
},
"interactive_flow_probe": {
"details": {
"oauth_supported": false,
"prompt_available": false,
"risk_hits": [],
"safe_hits": [
"consent"
]
},
"latency_ms": null,
"status": "ok"
},
"oauth_authorization_server": {
"details": {
"reason": "no_authorization_server"
},
"latency_ms": null,
"status": "missing"
},
"oauth_protected_resource": {
"details": {
"error": "Client error '404 Not Found' for url 'https://boolsai.ai/.well-known/oauth-protected-resource'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
"url": "https://boolsai.ai/.well-known/oauth-protected-resource"
},
"latency_ms": 40.72,
"status": "error"
},
"official_registry_probe": {
"details": {
"direct_match": true,
"official_peer_count": 1,
"registry_identifier": "ai.boolsai/scan",
"registry_source": "official_registry"
},
"latency_ms": null,
"status": "ok"
},
"openid_configuration": {
"details": {
"reason": "no_authorization_server"
},
"latency_ms": null,
"status": "missing"
},
"probe_noise_resilience": {
"details": {
"headers": {
"content-type": "text/plain; charset=utf-8"
},
"http_status": 200,
"url": "https://boolsai.ai/robots.txt"
},
"latency_ms": 9.45,
"status": "ok"
},
"prompt_get": {
"details": {
"reason": "not_advertised"
},
"latency_ms": null,
"status": "missing"
},
"prompts_list": {
"details": {
"headers": {
"content-type": "application/json"
},
"http_status": 200,
"payload": {
"error": {
"code": -32601,
"message": "Method not found: prompts/list"
},
"id": 3,
"jsonrpc": "2.0"
},
"reason": "not_supported",
"url": "https://boolsai.ai/mcp"
},
"latency_ms": 8.3,
"status": "missing"
},
"protocol_version_probe": {
"details": {
"claimed_version": "2025-03-26",
"lag_days": 244,
"latest_known_version": "2025-11-25",
"releases_behind": 2,
"validator_protocol_version": "2025-03-26"
},
"latency_ms": null,
"status": "warning"
},
"provenance_divergence_probe": {
"details": {
"direct_official_match": true,
"drift_fields": [],
"metadata_document_count": 1,
"registry_homepage": null,
"registry_repository": null,
"registry_title": null,
"registry_version": null,
"server_card_homepage": null,
"server_card_repository": null,
"server_card_title": null,
"server_card_version": null
},
"latency_ms": null,
"status": "ok"
},
"request_association_probe": {
"details": {
"reason": "no_request_association_capabilities_advertised"
},
"latency_ms": null,
"status": "missing"
},
"resource_read": {
"details": {
"reason": "not_advertised"
},
"latency_ms": null,
"status": "missing"
},
"resources_list": {
"details": {
"headers": {
"content-type": "application/json"
},
"http_status": 200,
"payload": {
"error": {
"code": -32601,
"message": "Method not found: resources/list"
},
"id": 5,
"jsonrpc": "2.0"
},
"reason": "not_supported",
"url": "https://boolsai.ai/mcp"
},
"latency_ms": 8.19,
"status": "missing"
},
"server_card": {
"details": {
"error": "Client error '404 Not Found' for url 'https://boolsai.ai/.well-known/mcp/server-card.json'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
"url": "https://boolsai.ai/.well-known/mcp/server-card.json"
},
"latency_ms": 69.24,
"status": "error"
},
"session_resume_probe": {
"details": {
"protocol_version": "2025-03-26",
"reason": "no_session_id",
"resume_expected": true,
"transport": "streamable-http"
},
"latency_ms": null,
"status": "warning"
},
"step_up_auth_probe": {
"details": {
"auth_required_checks": [],
"broad_scopes": [],
"challenge_headers": [],
"minimal_scope_documented": false,
"oauth_present": false,
"scope_specificity_ratio": 0.0,
"step_up_signals": [],
"supported_scopes": []
},
"latency_ms": null,
"status": "missing"
},
"tool_snapshot_probe": {
"details": {
"added": [],
"changed_outputs": [],
"current_tool_count": 2,
"previous_tool_count": 2,
"removed": [],
"similarity": 1.0
},
"latency_ms": null,
"status": "ok"
},
"tools_list": {
"details": {
"headers": {
"content-type": "application/json"
},
"http_status": 200,
"payload": {
"id": 2,
"jsonrpc": "2.0",
"result": {
"tools": [
{
"description": "Scan a public website. Returns its full tech stack \u2014 every external host the page talks to, every fetch/xhr/beacon endpoint, every inline-script signal, parsed JSON-LD, and the internal DOM/route trie \u2014 as structured JSON. Hostnames are returned raw; recognise vendors from them using your own knowledge.",
"inputSchema": {
"properties": {
"url": {
"description": "URL or bare domain, e.g. \"gymshark.com\" or \"https://allbirds.com/products/legacy-tee\".",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
},
"name": "boolsai_scan"
},
{
"description": "Scan multiple paths on the same site in parallel and merge the external-host lists. Returns per-path host lists, a unified merged set, and a homepage_missed list (hosts that appeared ONLY on non-home paths). Use when the homepage understates the stack \u2014 common on Shopify Plus and consent-gated sites where pixels lazy-load on PDP / cart / checkout. Recommended for ecom audits: paths = [\"/\", \"/products/<any>\", \"/cart\", \"/checkout\"]. Max 5 paths per call.",
"inputSchema": {
"properties": {
"paths": {
"description": "Path strings to scan, relative to the base (e.g. [\"/\", \"/products/legacy-tee\", \"/cart\"]). Max 5. If omitted, scans just \"/\".",
"items": {
"type": "string"
},
"type": "array"
},
"url": {
"description": "Base URL or bare domain (e.g. \"gymshark.com\").",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
},
"name": "boolsai_scan_paths"
}
]
}
},
"url": "https://boolsai.ai/mcp"
},
"latency_ms": 8.45,
"status": "ok"
},
"transport_compliance_probe": {
"details": {
"bad_protocol_error": null,
"bad_protocol_headers": {
"content-type": "application/json"
},
"bad_protocol_payload": {
"id": 410,
"jsonrpc": "2.0",
"result": {
"tools": [
{
"description": "Scan a public website. Returns its full tech stack \u2014 every external host the page talks to, every fetch/xhr/beacon endpoint, every inline-script signal, parsed JSON-LD, and the internal DOM/route trie \u2014 as structured JSON. Hostnames are returned raw; recognise vendors from them using your own knowledge.",
"inputSchema": {
"properties": {
"url": {
"description": "URL or bare domain, e.g. \"gymshark.com\" or \"https://allbirds.com/products/legacy-tee\".",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
},
"name": "boolsai_scan"
},
{
"description": "Scan multiple paths on the same site in parallel and merge the external-host lists. Returns per-path host lists, a unified merged set, and a homepage_missed list (hosts that appeared ONLY on non-home paths). Use when the homepage understates the stack \u2014 common on Shopify Plus and consent-gated sites where pixels lazy-load on PDP / cart / checkout. Recommended for ecom audits: paths = [\"/\", \"/products/<any>\", \"/cart\", \"/checkout\"]. Max 5 paths per call.",
"inputSchema": {
"properties": {
"paths": {
"description": "Path strings to scan, relative to the base (e.g. [\"/\", \"/products/legacy-tee\", \"/cart\"]). Max 5. If omitted, scans just \"/\".",
"items": {
"type": "string"
},
"type": "array"
},
"url": {
"description": "Base URL or bare domain (e.g. \"gymshark.com\").",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
},
"name": "boolsai_scan_paths"
}
]
}
},
"bad_protocol_status_code": 200,
"delete_error": null,
"delete_status_code": null,
"expired_session_error": null,
"expired_session_status_code": null,
"issues": [
"missing_session_id",
"missing_protocol_header",
"bad_protocol_not_rejected"
],
"last_event_id_visible": false,
"protocol_header_present": false,
"requested_protocol_version": "2025-03-26",
"session_id_present": false,
"transport": "streamable-http"
},
"latency_ms": 11.66,
"status": "error"
},
"utility_coverage_probe": {
"details": {
"completions": {
"advertised": false,
"live_probe": "not_executed",
"sample_target": null
},
"initialize_capability_keys": [
"tools"
],
"pagination": {
"metadata_signal": false,
"next_cursor_methods": [],
"supported": false
},
"tasks": {
"advertised": false,
"http_status": 200,
"probe_status": "missing"
}
},
"latency_ms": 9.68,
"status": "missing"
}
},
"failures": {
"oauth_authorization_server": {
"reason": "no_authorization_server"
},
"oauth_protected_resource": {
"error": "Client error '404 Not Found' for url 'https://boolsai.ai/.well-known/oauth-protected-resource'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
"url": "https://boolsai.ai/.well-known/oauth-protected-resource"
},
"openid_configuration": {
"reason": "no_authorization_server"
},
"server_card": {
"error": "Client error '404 Not Found' for url 'https://boolsai.ai/.well-known/mcp/server-card.json'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
"url": "https://boolsai.ai/.well-known/mcp/server-card.json"
},
"transport_compliance_probe": {
"bad_protocol_error": null,
"bad_protocol_headers": {
"content-type": "application/json"
},
"bad_protocol_payload": {
"id": 410,
"jsonrpc": "2.0",
"result": {
"tools": [
{
"description": "Scan a public website. Returns its full tech stack \u2014 every external host the page talks to, every fetch/xhr/beacon endpoint, every inline-script signal, parsed JSON-LD, and the internal DOM/route trie \u2014 as structured JSON. Hostnames are returned raw; recognise vendors from them using your own knowledge.",
"inputSchema": {
"properties": {
"url": {
"description": "URL or bare domain, e.g. \"gymshark.com\" or \"https://allbirds.com/products/legacy-tee\".",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
},
"name": "boolsai_scan"
},
{
"description": "Scan multiple paths on the same site in parallel and merge the external-host lists. Returns per-path host lists, a unified merged set, and a homepage_missed list (hosts that appeared ONLY on non-home paths). Use when the homepage understates the stack \u2014 common on Shopify Plus and consent-gated sites where pixels lazy-load on PDP / cart / checkout. Recommended for ecom audits: paths = [\"/\", \"/products/<any>\", \"/cart\", \"/checkout\"]. Max 5 paths per call.",
"inputSchema": {
"properties": {
"paths": {
"description": "Path strings to scan, relative to the base (e.g. [\"/\", \"/products/legacy-tee\", \"/cart\"]). Max 5. If omitted, scans just \"/\".",
"items": {
"type": "string"
},
"type": "array"
},
"url": {
"description": "Base URL or bare domain (e.g. \"gymshark.com\").",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
},
"name": "boolsai_scan_paths"
}
]
}
},
"bad_protocol_status_code": 200,
"delete_error": null,
"delete_status_code": null,
"expired_session_error": null,
"expired_session_status_code": null,
"issues": [
"missing_session_id",
"missing_protocol_header",
"bad_protocol_not_rejected"
],
"last_event_id_visible": false,
"protocol_header_present": false,
"requested_protocol_version": "2025-03-26",
"session_id_present": false,
"transport": "streamable-http"
}
},
"remote_url": "https://boolsai.ai/mcp",
"server_card_payload": null,
"server_identifier": "ai.boolsai/scan"
}
Known versions
1.0.0
Validation history
7 day score delta
n/a
30 day score delta
n/a
Recent healthy ratio
100%
Freshness
5.9h
| Timestamp | Status | Score | Latency | Tools |
|---|---|---|---|---|
| May 20, 2026 02:23:34 PM UTC | Healthy | 73.8 | 221.3 ms | 2 |
| May 20, 2026 02:23:00 AM UTC | Healthy | 73.3 | 228.9 ms | 2 |
| May 19, 2026 02:21:36 PM UTC | Healthy | 70.2 | 337.2 ms | 2 |
Validation timeline
| Validated | Summary | Score | Protocol | Auth mode | Tools | High-risk tools | Changes |
|---|---|---|---|---|---|---|---|
| May 20, 2026 02:23:34 PM UTC | Healthy | 73.8 | 2025-03-26 | public | 2 | 1 | none |
| May 20, 2026 02:23:00 AM UTC | Healthy | 73.3 | 2025-03-26 | public | 2 | 1 | none |
| May 19, 2026 02:21:36 PM UTC | Healthy | 70.2 | 2025-03-26 | public | 2 | 1 | none |
Recent validation runs
| Started | Status | Summary | Latency | Checks |
|---|---|---|---|---|
| May 20, 2026 02:23:33 PM UTC | Completed | Healthy | 221.3 ms | action_safety_probe, advanced_capabilities_probe, connector_publishability_probe, connector_replay_probe, determinism_probe, initialize, interactive_flow_probe, oauth_authorization_server, oauth_protected_resource, official_registry_probe, openid_configuration, probe_noise_resilience, prompt_get, prompts_list, protocol_version_probe, provenance_divergence_probe, request_association_probe, resource_read, resources_list, server_card, session_resume_probe, step_up_auth_probe, tool_snapshot_probe, tools_list, transport_compliance_probe, utility_coverage_probe |
| May 20, 2026 02:23:00 AM UTC | Completed | Healthy | 228.9 ms | action_safety_probe, advanced_capabilities_probe, connector_publishability_probe, connector_replay_probe, determinism_probe, initialize, interactive_flow_probe, oauth_authorization_server, oauth_protected_resource, official_registry_probe, openid_configuration, probe_noise_resilience, prompt_get, prompts_list, protocol_version_probe, provenance_divergence_probe, request_association_probe, resource_read, resources_list, server_card, session_resume_probe, step_up_auth_probe, tool_snapshot_probe, tools_list, transport_compliance_probe, utility_coverage_probe |
| May 19, 2026 02:21:36 PM UTC | Completed | Healthy | 337.2 ms | action_safety_probe, advanced_capabilities_probe, connector_publishability_probe, connector_replay_probe, determinism_probe, initialize, interactive_flow_probe, oauth_authorization_server, oauth_protected_resource, official_registry_probe, openid_configuration, probe_noise_resilience, prompt_get, prompts_list, protocol_version_probe, provenance_divergence_probe, request_association_probe, resource_read, resources_list, server_card, session_resume_probe, step_up_auth_probe, tool_snapshot_probe, tools_list, transport_compliance_probe, utility_coverage_probe |