Mallory MCP Server

Instructions

Implementation Reference

• malloryai/mcp/tools/vulnerabilities.py:45-104 (handler)

  The handler function for the 'get_vulnerabilities' tool. It is decorated with @mcp.tool() for registration and @handle_api_errors for error handling. The function fetches a list of vulnerabilities using the malloryai_client, supporting filtering, pagination, sorting, and ordering parameters. The extensive docstring provides the input schema and output description.
  @mcp.tool() @handle_api_errors async def get_vulnerabilities( filter: str = "", offset: int = 0, limit: int = 10, sort: str = "created_at", order: str = "desc", ) -> Dict[str, Any]: """Get vulnerabilities Use this tool when you need to search or browse multiple vulnerabilities, such as when: - Discovering recently added vulnerabilities in the database - Searching for vulnerabilities by keywords in their descriptions - Finding all vulnerabilities related to a specific technology - Creating reports on vulnerability trends or statistics - Looking for high-severity vulnerabilities based on CVSS or EPSS scores Args: filter (str, optional): A string used to filter vulnerabilities. It can start with specific prefixes: * `cve:`: Filter by CVE ID. * `uuid:`: Filter by UUID. * `desc:`: Filter by description. * If the filter string matches the pattern `CVE-` or a UUID pattern, it will be treated as a specific filter. * If no prefix is provided, it defaults to a description filter. Defaults to "". offset (int, optional): The number of items to skip before starting to collect the result set. Defaults to 0. limit (int, optional): The maximum number of items to return. Minimum value is 1. Defaults to 10 (API default is 100). sort (str, optional): Field to sort by - either 'cve_id', 'created_at', 'updated_at', 'cvss_3_base_score', 'epss_score', or 'epss_percentile'. Defaults to 'created_at'. order (str, optional): Sort order - either 'asc' or 'desc'. Defaults to 'desc'. Returns: Dict[str, Any]: Dictionary containing: - total: Total number of vulnerabilities matching the filter criteria - offset: Current pagination offset - limit: Number of items returned per page - message: Status message (usually null when successful) - data: List of vulnerability records, each containing: - uuid: Unique identifier for the vulnerability - cve_id: The CVE identifier - description: Detailed description of the vulnerability - created_at/updated_at: Timestamps for record creation and updates - cvss_base_score: Severity score (if available) - cvss_version: Version of the CVSS scoring system used - cvss_vector: Detailed scoring vector - cvss_data: Additional CVSS scoring information - epss_score: Exploit Prediction Scoring System score - epss_percentile: Percentile ranking of the EPSS score - cisa_kev_added_at: Date added to CISA's Known Exploited Vulnerabilities catalog - gen_description/gen_name: Generated content (if available) """ return await malloryai_client.vulnerabilities.list_vulnerabilities( filter=filter, offset=offset, limit=limit, sort=sort, order=order )
• malloryai/mcp/tools/vulnerabilities.py:45-45 (registration)

  The @mcp.tool() decorator registers the get_vulnerabilities function as an MCP tool.
  @mcp.tool()
• malloryai/mcp/tools/vulnerabilities.py:54-100 (schema)

  The docstring of the function defines the input parameters (schema) and expected output structure for the get_vulnerabilities tool.
  """Get vulnerabilities Use this tool when you need to search or browse multiple vulnerabilities, such as when: - Discovering recently added vulnerabilities in the database - Searching for vulnerabilities by keywords in their descriptions - Finding all vulnerabilities related to a specific technology - Creating reports on vulnerability trends or statistics - Looking for high-severity vulnerabilities based on CVSS or EPSS scores Args: filter (str, optional): A string used to filter vulnerabilities. It can start with specific prefixes: * `cve:`: Filter by CVE ID. * `uuid:`: Filter by UUID. * `desc:`: Filter by description. * If the filter string matches the pattern `CVE-` or a UUID pattern, it will be treated as a specific filter. * If no prefix is provided, it defaults to a description filter. Defaults to "". offset (int, optional): The number of items to skip before starting to collect the result set. Defaults to 0. limit (int, optional): The maximum number of items to return. Minimum value is 1. Defaults to 10 (API default is 100). sort (str, optional): Field to sort by - either 'cve_id', 'created_at', 'updated_at', 'cvss_3_base_score', 'epss_score', or 'epss_percentile'. Defaults to 'created_at'. order (str, optional): Sort order - either 'asc' or 'desc'. Defaults to 'desc'. Returns: Dict[str, Any]: Dictionary containing: - total: Total number of vulnerabilities matching the filter criteria - offset: Current pagination offset - limit: Number of items returned per page - message: Status message (usually null when successful) - data: List of vulnerability records, each containing: - uuid: Unique identifier for the vulnerability - cve_id: The CVE identifier - description: Detailed description of the vulnerability - created_at/updated_at: Timestamps for record creation and updates - cvss_base_score: Severity score (if available) - cvss_version: Version of the CVSS scoring system used - cvss_vector: Detailed scoring vector - cvss_data: Additional CVSS scoring information - epss_score: Exploit Prediction Scoring System score - epss_percentile: Percentile ranking of the EPSS score - cisa_kev_added_at: Date added to CISA's Known Exploited Vulnerabilities catalog - gen_description/gen_name: Generated content (if available) """
• malloryai/mcp/tools/vulnerabilities.py:46-46 (helper)

  The @handle_api_errors decorator provides error handling for the tool.
  @handle_api_errors