Enrichment MCP Server

Overview Schema Related Servers Score Discussions

lookup-observable

Analyze security observables like IPs, domains, URLs, or emails by routing them to appropriate enrichment services such as VirusTotal or Shodan for threat intelligence.

Instructions

A generic tool which takes any observable and passes it the correct tool.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`value`	Yes

Implementation Reference

server.py:55-62 (handler)
The main handler function for the 'lookup-observable' tool. It lazily initializes a security_cli Action and calls its enrich method on the input value (observable).
async def lookup(value: str) -> str: from security_cli.action import Action if not enrichmentmcp: enrichmentmcp = Action() return enrichmentmcp.enrich(value)
server.py:65-69 (registration)
Registers the 'lookup' function as the MCP tool named 'lookup-observable' with a description.
mcp.add_tool( lookup, name="lookup-observable", description="A generic tool which takes any observable and passes it the correct tool.", )
server.py:38-51 (registration)
Registers a prompt named 'lookup-observable' with argument schema for 'observable' and a default prompt generator function.
mcp.add_prompt( Prompt( name="lookup-observable", description="A simple security prompt for observable lookup", arguments=[ PromptArgument( name="observable", description="A observable to enrich", required=True, ) ], fn=get_default_prompt ) )
server.py:23-34 (helper)
Helper function that generates a default prompt for observable enrichment analysis, used by the registered prompt.
def get_default_prompt(observable: str) -> str: return f""" As a security analyst, detection engineer and network security engineer you are responsible for making a risk level determination of one or more provided observables. Using your knowledge from these diverse fields, networking constructs, detection (security) reasoning, and responses from third-party enrichment services. Carefully consider the output from these services along with historical knowledge both internal and external from an organization to make a determination of the risk of a provided observable. Make a determination based on all these factors on whether the observable is benign, suspicious, malicious, unknown. If unknown provide suggestions for other relative context that may be needed in order to make the determination. Your objective is to assist with the threat determination of a given observable. The observable is {observable} """

Install Server

Other Tools

lookup-observable

Latest Blog Posts

MCP isn't dead–it's maturing
By punkpeye on January 20, 2026.
mcp
Google's AI Overview Has Been Sending Me the Wrong Customers for 6 Months
By punkpeye on January 20, 2026.
google
ai
startups
Expose Your Local MCP Server to the Internet
By punkpeye on January 19, 2026.
MCP Inspector
mcp
tutorial

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MSAdministrator/enrichment-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server