Mallory MCP Server

MCPOfficialOpen SourceMIT32.1

by malloryai • Analytics & Monitoring

An MCP server that provides agents with real-time cyber threat intelligence and detailed information about vulnerabilities, threat actors, malware, techniques, and other cyber-relevant entities.

Example Use Cases

1
Enrich alerts or incidents with real-time threat intelligence (indicators, actor profiles, malware details, and techniques).
2
Retrieve vulnerability details and contextual mitigation guidance to inform automated or human-in-the-loop remediation workflows.
3
Integrate Mallory intelligence into conversational assistants or desktop integrations (e.g., Claude Desktop) for on-demand cyber context.

Description

Mallory MCP Server exposes Mallory's cyber and threat intelligence to agent frameworks so they can query up-to-date information about vulnerabilities, threat actors, malware, techniques, and related content. It is implemented in Python, configurable via environment variables (e.g., MALLORY_API_KEY), and can be run directly or integrated into tools like Claude Desktop. The server helps agents enrich decisions with context, indicators, and mitigation guidance drawn from Mallory's intelligence corpus. Development conveniences (venv/uv, pre-commit, linting) are provided to ease local setup and contribution.

Capabilities(45 total)

Tools (45)

get_advisory

Get a technology product advisory by UUID or identifier. Use for: vendor advisory details, patching guidance, linked CVEs. Args: identifier: Advisory UUID or identifier. Returns: Advisory record with description, dates, related products/CVEs.

identifier:string*

list_advisories

List technology product advisories with optional pagination and sorting. Use for: advisory catalogs, recent vendor bulletins. Args: offset: Pagination offset. Default 0. limit: Max items per page. Default 10. sort: Field to sort by. Default created_at. order: asc or desc. Returns: Paginated result with items, total, offset, limit, has_more.

offset:integerlimit:integersort:stringorder:string

get_advisory_vulnerabilities

Get vulnerabilities associated with an advisory. Use for: CVE coverage of a vendor advisory. Args: identifier: Advisory UUID or identifier. offset: Pagination offset. Default 0. limit: Max items. Default 10. Returns: Vulnerabilities linked to this advisory.

identifier:string*offset:integerlimit:integer

get_attack_pattern

Get an attack pattern (MITRE ATT&CK technique) by UUID or ID. Use for: TTP details, detection guidance, related actors and malware. Args: identifier: Attack pattern UUID or technique ID. Returns: Attack pattern record with name, description, references.

identifier:string*

list_attack_patterns

List or search attack patterns with optional filters and pagination. Use for: browsing techniques, mapping TTPs, detection coverage. Args: filter: Optional filter. offset: Pagination offset. Default 0. limit: Max items per page. Default 10. sort: Field to sort by. Default created_at. order: asc or desc. Returns: Paginated result with items, total, offset, limit, has_more.

filter:stringoffset:integerlimit:integersort:stringorder:string

Quick Actions

View on GitHub

Security

Scanned 3 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

C54/100

5/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelUnknown

Capabilities45 Tools / 0 Prompts / 0 Resources

Ownermalloryai

CategoryAnalytics & Monitoring

DependenciesStandalone

Set Your Username