Proofpoint MCP

Name: Proofpoint MCP
Author: servosity

servosity/msp-skills

Pull Proofpoint TAP threats, very attacked persons, clickers, and IOCs into your agent with a local threat store for faster triage.

Overview

Proofpoint MCP is an MCP server for the Operate phase that surfaces Proofpoint TAP threats, VAPs, clickers, and IOCs from the terminal with a local threat store.

What is this MCP server?

Proofpoint Targeted Attack Protection (TAP) threat data accessible from terminal-oriented MCP and CLI workflows
Local threat store for retaining and querying IOCs without re-fetching every thread
Coverage themes: threats, VAPs (very attacked persons), clickers, and indicators
stdio mcpb v0.1.0 with PROOFPOINT_API_SECRET and PROOFPOINT_SERVICE_PRINCIPAL credentials
Published from Servosity msp-skills with pinned release artifact SHA256
Server version 0.1.0
Two required secret env vars: PROOFPOINT_API_SECRET, PROOFPOINT_SERVICE_PRINCIPAL
Transport: stdio mcpb package

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 1 GitHub stars.

What problem does it solve?

Proofpoint alert context lives in vendor UIs and ad-hoc API scripts, so it is slow to correlate TAP events and IOCs while you are debugging or responding from your dev environment.

Who is it for?

Small teams with Proofpoint TAP who want CLI and MCP-native threat lookups while building internal security automations.

Skip if: Organizations without Proofpoint licensing, or builders who only need generic phishing awareness content with no live TAP API.

What do I get? / Deliverables

Your agent can query Proofpoint threat data and reuse a local threat store so follow-up triage questions stay in one conversational thread.

Agent tools for Proofpoint TAP threat, VAP, clicker, and IOC queries
Local threat store backing repeat triage without redundant API round-trips

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

OperateMonitoring & observability

Email-threat visibility is production security operations—something you run continuously after you ship, not a one-time launch checklist item. TAP feeds, VAPs, and IOC correlation are ongoing monitoring tasks aligned with watching attacker behavior against your domain.

How it compares

Vendor-specific security MCP bridge, not a generic phishing-detection coding skill.

Common Questions / FAQ

Who is Proofpoint MCP for?

It is for technical founders, MSPs, and developers who operate Proofpoint TAP and want IOC and clicker intelligence inside Claude Code or another MCP client.

When should I use Proofpoint MCP?

Use it during incident triage, weekly threat reviews, or when correlating VAP and clicker activity before updating detection rules or customer communications.

How do I add Proofpoint MCP to my agent?

Add the proofpoint-mcp mcpb stdio server to your MCP configuration and set PROOFPOINT_API_SECRET and PROOFPOINT_SERVICE_PRINCIPAL as required secrets on the host.

Proofpoint MCP

servosity/msp-skills

Pull Proofpoint TAP threats, very attacked persons, clickers, and IOCs into your agent with a local threat store for faster triage.

Overview

Proofpoint MCP is an MCP server for the Operate phase that surfaces Proofpoint TAP threats, VAPs, clickers, and IOCs from the terminal with a local threat store.

What is this MCP server?

Proofpoint Targeted Attack Protection (TAP) threat data accessible from terminal-oriented MCP and CLI workflows
Local threat store for retaining and querying IOCs without re-fetching every thread
Coverage themes: threats, VAPs (very attacked persons), clickers, and indicators
stdio mcpb v0.1.0 with PROOFPOINT_API_SECRET and PROOFPOINT_SERVICE_PRINCIPAL credentials
Published from Servosity msp-skills with pinned release artifact SHA256
Server version 0.1.0
Two required secret env vars: PROOFPOINT_API_SECRET, PROOFPOINT_SERVICE_PRINCIPAL
Transport: stdio mcpb package

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 1 GitHub stars.

What problem does it solve?

Proofpoint alert context lives in vendor UIs and ad-hoc API scripts, so it is slow to correlate TAP events and IOCs while you are debugging or responding from your dev environment.

Who is it for?

Small teams with Proofpoint TAP who want CLI and MCP-native threat lookups while building internal security automations.

Skip if: Organizations without Proofpoint licensing, or builders who only need generic phishing awareness content with no live TAP API.

What do I get? / Deliverables

Your agent can query Proofpoint threat data and reuse a local threat store so follow-up triage questions stay in one conversational thread.

Agent tools for Proofpoint TAP threat, VAP, clicker, and IOC queries
Local threat store backing repeat triage without redundant API round-trips

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

OperateMonitoring & observability

How it compares

Vendor-specific security MCP bridge, not a generic phishing-detection coding skill.

Common Questions / FAQ

Who is Proofpoint MCP for?

It is for technical founders, MSPs, and developers who operate Proofpoint TAP and want IOC and clicker intelligence inside Claude Code or another MCP client.

When should I use Proofpoint MCP?

Use it during incident triage, weekly threat reviews, or when correlating VAP and clicker activity before updating detection rules or customer communications.

How do I add Proofpoint MCP to my agent?

Add the proofpoint-mcp mcpb stdio server to your MCP configuration and set PROOFPOINT_API_SECRET and PROOFPOINT_SERVICE_PRINCIPAL as required secrets on the host.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Proofpoint MCP for?

When should I use Proofpoint MCP?

How do I add Proofpoint MCP to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Proofpoint MCP for?

When should I use Proofpoint MCP?

How do I add Proofpoint MCP to my agent?