Mcp Threatintel

Name: Mcp Threatintel
Author: aplaceforallmystuff

aplaceforallmystuff/mcp-threatintel

Enrich IPs, domains, and malware indicators from one MCP server pulling OTX, AbuseIPDB, GreyNoise, abuse.ch, and Feodo Tracker.

Overview

mcp-threatintel is an MCP server for the Ship phase that unifies lookups across OTX, AbuseIPDB, GreyNoise, abuse.ch, and Feodo Tracker for agent-driven threat investigation.

What is this MCP server?

Aggregates 5 named intel sources: OTX, AbuseIPDB, GreyNoise, abuse.ch, Feodo Tracker
Optional API keys: OTX, AbuseIPDB, GreyNoise, ABUSECH_AUTH_KEY
stdio npm package mcp-threatintel-server v1.0.1
Free-tier keys documented per provider in server metadata
GitHub: aplaceforallmystuff/mcp-threatintel
5 integrated source families named in catalog description
Up to 4 optional secret env vars for provider APIs
Package version 1.0.1, stdio transport

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 6 GitHub stars.

What problem does it solve?

Checking an IP or hash means hopping across five different intel sites while you are trying to ship or respond to abuse.

Who is it for?

Indie builders and small teams doing security review, abuse triage, or incident scratch investigations from the agent.

Skip if: Enterprises that already mandate a single commercial TIP with compliance workflows and no ad-hoc agent queries.

What do I get? / Deliverables

One MCP registration lets your agent query configured feeds from the editor with optional per-provider API keys.

Single MCP entry covering multiple intel providers
Agent-callable enrichment for IPs, domains, and malware context
Faster triage without manual tab switching

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Threat lookups support pre-ship and incident response hardening when you validate exposure and malicious artifacts. Unified intel feeds map directly to security review and abuse investigation, not growth or IDE feature work.

How it compares

Multi-feed threat intel MCP, not a vulnerability scanner skill or WAF product.

Common Questions / FAQ

Who is mcp-threatintel for?

Builders and solo security-minded developers who want one MCP server to query several threat feeds while shipping or investigating abuse.

When should I use mcp-threatintel?

Use it during Ship security or Operate incidents when you need quick corroboration on IPs, domains, or malware indicators before blocking or deploying fixes.

How do I add mcp-threatintel to my agent?

Install mcp-threatintel-server via npm for stdio MCP, add whichever API keys you have (OTX, AbuseIPDB, GreyNoise, abuse.ch Auth Key), and register the server in Claude Code or Cursor.

Mcp Threatintel

aplaceforallmystuff/mcp-threatintel

Enrich IPs, domains, and malware indicators from one MCP server pulling OTX, AbuseIPDB, GreyNoise, abuse.ch, and Feodo Tracker.

Overview

mcp-threatintel is an MCP server for the Ship phase that unifies lookups across OTX, AbuseIPDB, GreyNoise, abuse.ch, and Feodo Tracker for agent-driven threat investigation.

What is this MCP server?

Aggregates 5 named intel sources: OTX, AbuseIPDB, GreyNoise, abuse.ch, Feodo Tracker
Optional API keys: OTX, AbuseIPDB, GreyNoise, ABUSECH_AUTH_KEY
stdio npm package mcp-threatintel-server v1.0.1
Free-tier keys documented per provider in server metadata
GitHub: aplaceforallmystuff/mcp-threatintel
5 integrated source families named in catalog description
Up to 4 optional secret env vars for provider APIs
Package version 1.0.1, stdio transport

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 6 GitHub stars.

What problem does it solve?

Checking an IP or hash means hopping across five different intel sites while you are trying to ship or respond to abuse.

Who is it for?

Indie builders and small teams doing security review, abuse triage, or incident scratch investigations from the agent.

Skip if: Enterprises that already mandate a single commercial TIP with compliance workflows and no ad-hoc agent queries.

What do I get? / Deliverables

One MCP registration lets your agent query configured feeds from the editor with optional per-provider API keys.

Single MCP entry covering multiple intel providers
Agent-callable enrichment for IPs, domains, and malware context
Faster triage without manual tab switching

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Multi-feed threat intel MCP, not a vulnerability scanner skill or WAF product.

Common Questions / FAQ

Who is mcp-threatintel for?

Builders and solo security-minded developers who want one MCP server to query several threat feeds while shipping or investigating abuse.

When should I use mcp-threatintel?

Use it during Ship security or Operate incidents when you need quick corroboration on IPs, domains, or malware indicators before blocking or deploying fixes.

How do I add mcp-threatintel to my agent?

Install mcp-threatintel-server via npm for stdio MCP, add whichever API keys you have (OTX, AbuseIPDB, GreyNoise, abuse.ch Auth Key), and register the server in Claude Code or Cursor.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mcp-threatintel for?

When should I use mcp-threatintel?

How do I add mcp-threatintel to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mcp-threatintel for?

When should I use mcp-threatintel?

How do I add mcp-threatintel to my agent?