Abnormal Security MCP

Name: Abnormal Security MCP
Author: servosity

servosity/msp-skills

Pull Abnormal Security email threat cases and reporting into the terminal or agent session while triaging phishing or BEC incidents.

Overview

abnormal-mcp is an Operate-phase MCP server that surfaces Abnormal Security email threats, cases, and reporting to terminals and AI agents.

What is this MCP server?

Abnormal Security email threats, cases, and reporting exposed as MCP tools
stdio MCPB package abnormal-mcp v0.1.0 with required ABNORMAL_API_TOKEN
Servosity msp-skills release artifact with pinned fileSha256 in the registry manifest
Works in terminal-oriented and AI-agent workflows for MSP-style email security ops
Package version 0.1.0
1 required secret env var: ABNORMAL_API_TOKEN
Transport: stdio via mcpb registryType package

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 1 GitHub stars.

What problem does it solve?

Investigating Abnormal email cases still means jumping out of your agent session into separate security consoles and copy-pasting context.

Who is it for?

Solo consultants and tiny MSP teams standardized on Abnormal Security who want agent-assisted triage and reporting drafts.

Skip if: Builders without an Abnormal tenant, greenfield email products, or anyone treating agent output as authoritative incident closure without human review.

What do I get? / Deliverables

After you configure ABNORMAL_API_TOKEN and register the MCPB package, agents can query threat and case data where you already write automation.

Local stdio MCP server wired to Abnormal Security APIs
Agent-accessible threat, case, and reporting tool surface
Repeatable terminal workflow for security investigations without full UI context switches

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning.2 stars

1passwordCakeRepository/1Password-MCP

MCP server for 1Password service accounts — tools and resources for vaults and credentials16 stars

402sentinel Mcpkaditang/402sentinel-mcp

Assess an x402 counterparty's risk BEFORE paying: allow/review/block, scored on-chain (Base).1 stars

A2a Governance Bridge Mcp

A2A Governance Bridge MCP server. Tools: verify agent compliance, authorize a2a transaction, get tru

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

Remote MCP for A2A dependency inspector MCP, structured receipts, audit logs, and reviewer-ready evi

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

Remote MCP for A2A caller identity, scope policy, verdict receipts, and audit history.

Journey fit

Primary fit

OperateMonitoring & observability

Threat case review and email-security reporting are ongoing production concerns, so the canonical shelf is Operate rather than one-off Build wiring. monitoring fits continuous visibility into abnormal email threats, cases, and security reports from an existing Abnormal tenant.

How it compares

Abnormal Security API bridge via MCP, not a generic phishing-detection skill or SOAR replacement.

Common Questions / FAQ

Who is abnormal-mcp for?

Operators and indie security practitioners with Abnormal Security access who want MCP-driven threat, case, and report lookups from Claude Code or similar clients.

When should I use abnormal-mcp?

Use it during Operate when monitoring email threats, summarizing cases for clients, or scripting repeatable Abnormal reporting from the terminal.

How do I add abnormal-mcp to my agent?

Install the published mcpb release, set ABNORMAL_API_TOKEN in your MCP server environment, and register the stdio server entry in your agent’s MCP configuration.

Abnormal Security MCP

servosity/msp-skills

Pull Abnormal Security email threat cases and reporting into the terminal or agent session while triaging phishing or BEC incidents.

Overview

abnormal-mcp is an Operate-phase MCP server that surfaces Abnormal Security email threats, cases, and reporting to terminals and AI agents.

What is this MCP server?

Abnormal Security email threats, cases, and reporting exposed as MCP tools
stdio MCPB package abnormal-mcp v0.1.0 with required ABNORMAL_API_TOKEN
Servosity msp-skills release artifact with pinned fileSha256 in the registry manifest
Works in terminal-oriented and AI-agent workflows for MSP-style email security ops
Package version 0.1.0
1 required secret env var: ABNORMAL_API_TOKEN
Transport: stdio via mcpb registryType package

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 1 GitHub stars.

What problem does it solve?

Investigating Abnormal email cases still means jumping out of your agent session into separate security consoles and copy-pasting context.

Who is it for?

Solo consultants and tiny MSP teams standardized on Abnormal Security who want agent-assisted triage and reporting drafts.

Skip if: Builders without an Abnormal tenant, greenfield email products, or anyone treating agent output as authoritative incident closure without human review.

What do I get? / Deliverables

After you configure ABNORMAL_API_TOKEN and register the MCPB package, agents can query threat and case data where you already write automation.

Local stdio MCP server wired to Abnormal Security APIs
Agent-accessible threat, case, and reporting tool surface
Repeatable terminal workflow for security investigations without full UI context switches

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning.2 stars

1passwordCakeRepository/1Password-MCP

MCP server for 1Password service accounts — tools and resources for vaults and credentials16 stars

402sentinel Mcpkaditang/402sentinel-mcp

Assess an x402 counterparty's risk BEFORE paying: allow/review/block, scored on-chain (Base).1 stars

A2a Governance Bridge Mcp

A2A Governance Bridge MCP server. Tools: verify agent compliance, authorize a2a transaction, get tru

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

Remote MCP for A2A dependency inspector MCP, structured receipts, audit logs, and reviewer-ready evi

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

Remote MCP for A2A caller identity, scope policy, verdict receipts, and audit history.

Journey fit

Primary fit

OperateMonitoring & observability

How it compares

Abnormal Security API bridge via MCP, not a generic phishing-detection skill or SOAR replacement.

Common Questions / FAQ

Who is abnormal-mcp for?

Operators and indie security practitioners with Abnormal Security access who want MCP-driven threat, case, and report lookups from Claude Code or similar clients.

When should I use abnormal-mcp?

Use it during Operate when monitoring email threats, summarizing cases for clients, or scripting repeatable Abnormal reporting from the terminal.

How do I add abnormal-mcp to my agent?

Install the published mcpb release, set ABNORMAL_API_TOKEN in your MCP server environment, and register the stdio server entry in your agent’s MCP configuration.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is abnormal-mcp for?

When should I use abnormal-mcp?

How do I add abnormal-mcp to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is abnormal-mcp for?

When should I use abnormal-mcp?

How do I add abnormal-mcp to my agent?