DataNexus MCP
dev-7bd0/mcp-server55 tools. Verified public data — CVE/SBOM security audits, licence compliance, frontend security scanning, nonprofit 990 filings, federal contracts, NPI lookups, patents, and domain intelligence
Tools · 55
Report a data quality issue or agent intent gap for a DataNexus tool response. tool_id: e.g. "T10" or "security_fetch_cve_detail". query_hash: From the query_hash field of the response. signal: incor…
Check MCPize subscription status for a DataNexus tool. tool_id: DataNexus tool identifier e.g. "T10". Pass the tool the user is asking about. Returns: status ("free" | "subscription_required" | "not…
Validate a DataNexus tool response for data quality issues using two-layer validation: deterministic rules first, then AI review for ambiguous cases. Read-only. Never blocks. tool_id: DataNexus tool i…
Find the right DataNexus tool by describing your task in plain English. Read-only. No side effects. Call this before any other DataNexus tool to reduce context load from 40000 to 800 tokens. query: Pl…
Fetch IRS 990 filing data for any US nonprofit by EIN. Read-only. No side effects. Idempotent. US only. ein: 9-digit Employer ID with or without dash, e.g. 46-5734087 or 465734087. Required. Returns n…
Search US nonprofits by name with optional state filter. Read-only. No side effects. Idempotent. US only. Returns up to 25 matches. name: Full or partial organisation name. Required. state: Two-letter…
Fetch UK registered charity details by charity number or organisation name. Read-only. No side effects. Idempotent. UK only. charity_number_or_name: UK registered charity number (7 digits, e.g. 123456…
Fetch all known CVEs for an open source package version or a batch of packages. Read-only. No side effects. Idempotent. Single-package mode: package (e.g. requests), version (e.g. 2.28.0), ecosystem (…
Fetch the full dependency tree for a package version including transitive dependencies. Read-only. No side effects. Idempotent. Hard 8-second timeout — large dependency trees may return partial result…
Fetch full detail for a specific CVE by ID. Read-only. No side effects. Idempotent. cve_id: CVE identifier in format CVE-YYYY-NNNNN e.g. CVE-2021-44228. Required. Returns description, CVSS base score,…
Audit a Software Bill of Materials for known vulnerabilities across all listed packages. Read-only. No side effects. Idempotent. sbom_json: CycloneDX or SPDX SBOM as a JSON string. Required. Large SBO…
Fetch the SPDX licence identifier for an open source package version. Read-only. No side effects. Idempotent. package: Package name e.g. flask. Required. version: Exact version string e.g. 2.3.0. Requ…
Check whether a CVE is in the CISA Known Exploited Vulnerabilities (KEV) catalog. Read-only. No side effects. Idempotent. cve_id: CVE identifier in format CVE-YYYY-NNNNN e.g. CVE-2021-44228. Required.…
EPSS exploit probability score for a CVE — predicts likelihood of exploitation in the next 30 days. cve_id: CVE identifier e.g. "CVE-2021-44228". Returns: epss (float 0.0–1.0) and percentile (float …
Fetch NPI registration details for a US healthcare provider by NPI number. Read-only. No side effects. Idempotent. US only. npi_number: 10-digit NPI number e.g. 1003000126. Required. Do not include da…
Search the NPPES NPI Registry by provider name with optional state and speciality filters. Read-only. No side effects. Idempotent. US only. Returns up to 10 matches. name: Full or partial provider nam…
Fetch FINRA BrokerCheck registration for a US broker or investment adviser by CRD number. Read-only. No side effects. Idempotent. US only. crd_number: Central Registration Depository number as a strin…
Check whether an entity is on the US federal exclusions list (debarred from government contracts). Read-only. No side effects. Idempotent. US only. name_or_ein: Entity name or 9-digit EIN with or with…
Fetch domain registration details via IANA RDAP (the modern structured replacement for WHOIS). Read-only. No side effects. Idempotent. domain: Domain name without protocol e.g. example.com not https:/…
Fetch SSL certificate history for a domain from Certificate Transparency logs. Read-only. No side effects. Idempotent. domain: Domain name without protocol e.g. github.com. Required. Does not support …
Fetch current DNS records for a domain via Cloudflare DNS over HTTPS. Read-only. No side effects. Idempotent. domain: Domain name without protocol e.g. cloudflare.com. Required. record_types: List of …
Fetch historical SSL certificate issuance for a domain from Certificate Transparency logs. Read-only. No side effects. Idempotent. domain: Domain name without protocol e.g. example.com. Required. Retu…
Enumerate subdomains for a domain via Certificate Transparency logs. Read-only. No side effects. Idempotent. domain: Domain name without protocol e.g. anthropic.com. Required. Returns deduplicated lis…
Check SPF, DMARC, and DKIM email authentication for a domain. domain: Domain without protocol e.g. "google.com". Returns: overall_grade (A–F), spf_score, dmarc_score, dkim_score (each 0–10), spf_rec…
Find domains co-hosted on the same IP address (reverse IP lookup). Read-only. No side effects. Idempotent. domain_or_ip: Domain name (e.g. shared.dreamhost.com) or IPv4 address (e.g. 1.2.3.4). Require…
Fetch full patent details by patent number and jurisdiction. Read-only. No side effects. Idempotent. patent_number: Patent number in EPODOC format e.g. EP1000000 for European, CN120586032 for Chinese,…
Search patents by keyword across EPO, USPTO, or WIPO. Read-only. No side effects. Idempotent. Returns up to 10 matches. keywords: Search terms describing the invention e.g. neural network image classi…
Fetch forward and backward citation chains for a specific patent. Read-only. No side effects. Idempotent. patent_number: Patent number in EPODOC format e.g. EP1000000 for European, CN120586032 for Chi…
Fetch the patent portfolio for a named inventor with optional assignee filter. Read-only. No side effects. Idempotent. inventor_name: Inventor surname or full name e.g. Smith or John Smith. Required. …
Search government contract awards by keyword, agency, and date range. keyword: Contract scope e.g. "cybersecurity software". agency: Awarding agency e.g. "Department of Defense". Optional. date_from:…
Fetch the complete federal contract award history for a specific vendor. Read-only. No side effects. Idempotent. vendor_name: Company or organisation name e.g. Booz Allen Hamilton. Required. Fuzzy mat…
Fetch currently open government contract solicitations matching a keyword. Read-only. No side effects. Idempotent. keyword: Description of goods or services sought e.g. cloud computing services. Requi…
Search open rulemakings and public comment periods on Regulations.gov and the Federal Register. Read-only. No side effects. Idempotent. US federal only. keyword: Topic keywords e.g. artificial intelli…
Fetch full details for a specific regulatory docket by ID. Read-only. No side effects. Idempotent. US federal only. docket_id: Docket identifier in agency format e.g. EPA-HQ-OAR-2021-0317 or FTC-2024-…
Fetch recent Federal Register notices and rules for a specific agency. Read-only. No side effects. Idempotent. US federal only. agency: Agency name or abbreviation e.g. SEC, Food and Drug Administrati…
Analyse ownership and release history for an npm or PyPI package to detect supply-chain risk. Uses PyPI JSON API and npm registry — data refreshed on each call, 1-hour cache. Returns maintainer_count,…
Single SHIP/CAUTION/BLOCK verdict for any package. Combines CVEs, licence, maintainer health, and transitive count in one call. Uses OSV.dev, deps.dev, PyPI, and npm registry — data refreshed on each …
Detect typosquatting attacks against a package name. Compares using Damerau-Levenshtein distance ≤ 2 against top-10,000 packages. Returns similar_packages with anomaly scores, and a SUSPICIOUS or CLEA…
Complete nonprofit due diligence in one call. Revenue trends, executive pay, risk flags, and a health score from IRS 990 data. Uses ProPublica Nonprofit Explorer API with IRS e-File fallback. Data ref…
Persistent CVE watchlist. Create once, check anytime for new events since your last visit — patch releases, KEV listings, PoC publications, exploitation detected. Uses Redis for persistence, NVD + CIS…
Persistent SBOM watch. Register once, check anytime for new CVEs affecting your dependency snapshot. Silent permanent watch — CycloneDX and SPDX supported. Uses OSV.dev for vulnerability lookup, Redis…
Understand any software licence in plain English. Returns obligations, permissions, limitations, risk level, and OSI/FSF status for any SPDX licence identifier. Static bundle covers top-50 common lice…
Audit the licence compatibility of your entire dependency list. Input package names (with ecosystem) or SPDX IDs; get a COMPATIBLE/CONFLICT verdict with specific conflicting pairs and recommended acti…
Instant CVE risk verdict. Combines CVSS severity, CISA KEV exploitation status, and EPSS probability in one parallel call. Returns CRITICAL_EXPLOIT, HIGH_RISK, MODERATE, LOW, or UNKNOWN verdict with p…
Search US nonprofits by mission category and state. Returns up to 25 results with revenue, assets, and health scores (0–100). Category maps to NTEE codes: education, healthcare, arts, environment, hum…
5-year financial trend for any US nonprofit. Revenue growth, expense ratios, reserve trajectory, and health score history from IRS Form 990 data via ProPublica. Returns trend_direction (GROWING/STABLE…
Generate a DataNexus API key for the given email address. Anonymous callers get 10 free lookups/week; a registered free key unlocks 100/week. Store the returned key — it is shown only once. Pass it as…
⚠️ DESTRUCTIVE — requires human confirmation before use in automated pipelines. Revoke the current API key and issue a replacement. Returns the new key once — store it immediately. Pass keys as the X-…
⚠️ DESTRUCTIVE — requires human confirmation before use in automated pipelines. Permanently revoke a DataNexus API key. The key will stop working immediately. This action cannot be undone — generate a…
Audit a CycloneDX or SPDX SBOM against an SPDX licence policy and return a PASS/WARN/BLOCK verdict. sbom: Full SBOM as a JSON string — CycloneDX or SPDX format. Required. 500 KB max. policy: Optional …
Check all specified CVE watches for new events since your last poll. Returns only watches with new events, making it efficient to run on a schedule. watch_ids: List of watch IDs to check — same IDs us…
Typosquatting detection optimised for the top 500 frontend packages (React, Vite, Axios, Lodash, etc.). Fewer false positives than a full npm scan. For backend packages, use security_detect_typosquatt…
Audit a frontend package.json for security risks — returns a single SHIP/CAUTION/BLOCK verdict with licence risks and abandonment signals. Different from security_fetch_package_vulnerabilities which a…
Scan GitHub Actions, Vercel, or Netlify CI configs for exposed secrets, missing lockfile enforcement, and unpinned dependencies. Paste your config content — no filesystem access required. config: Raw …
SHIP/CAUTION/BLOCK risk brief for an npm package with frontend-specific context. Wraps security_fetch_package_risk_brief restricted to npm, and adds weekly_downloads and is_ui_component signals. packa…
Similar MCP servers embedding-nearest
How to use
Add to your Claude Desktop / Cursor / Cline MCP config:
{
"mcpServers": {
"datanexus_mcp": {
"url": "https://datanexusmcp.com/mcp",
"transport": "http"
}
}
}