fizzgig__fetch_url_scanner
detects third-party apis called via fetch() urls (no installed sdk). emits architecture_facts for stack-map.
the AI calls a third-party API via raw fetch() with no SDK installed. your stack-map shows packaged dependencies; the integrated services stay invisible. when the API breaks, rate-limits, or rotates keys, you're flying blind.
scans concatenated source for fetch() URLs and bare hostnames cited in fetch / axios / SDK base_url config, classifies against a registry of 70+ platforms across 12 categories (auth, payments, AI, cloud, comms, observability, data + search, maps + geo, code hosting, UK public data, web tools + scrapers, commerce + property), emits architecture_facts in the exact shape stack-map ingests.
the integrated stack lights up on the map after you run this. catches the integrations dep-audit + stack-map alone can't see — exactly the ones most likely to break.
caught a policy that would have leaked every user's comments. shipped a fix in 4 minutes.
first tool i installed. it's the one that pays for itself.
works great. one false positive on a join table — easy to ignore.
{
"fizzgig": {
"url": "https://mcp.fizzgig.ai",
"tools": ["fetch_url_scanner"]
}
}