Mallory MCP Server

Instructions

Implementation Reference

• malloryai/mcp/tools/vulnerabilities.py:45-46 (registration)

  The @mcp.tool() decorator registers the get_vulnerabilities function as an MCP tool.
  @mcp.tool() @handle_api_errors
• malloryai/mcp/tools/vulnerabilities.py:47-103 (handler)

  The handler function that implements the logic for the get_vulnerabilities MCP tool by calling the malloryai_client to list vulnerabilities with filtering, pagination, sorting, and ordering parameters.
  async def get_vulnerabilities( filter: str = "", offset: int = 0, limit: int = 10, sort: str = "created_at", order: str = "desc", ) -> Dict[str, Any]: """Get vulnerabilities Use this tool when you need to search or browse multiple vulnerabilities, such as when: - Discovering recently added vulnerabilities in the database - Searching for vulnerabilities by keywords in their descriptions - Finding all vulnerabilities related to a specific technology - Creating reports on vulnerability trends or statistics - Looking for high-severity vulnerabilities based on CVSS or EPSS scores Args: filter (str, optional): A string used to filter vulnerabilities. It can start with specific prefixes: * `cve:`: Filter by CVE ID. * `uuid:`: Filter by UUID. * `desc:`: Filter by description. * If the filter string matches the pattern `CVE-` or a UUID pattern, it will be treated as a specific filter. * If no prefix is provided, it defaults to a description filter. Defaults to "". offset (int, optional): The number of items to skip before starting to collect the result set. Defaults to 0. limit (int, optional): The maximum number of items to return. Minimum value is 1. Defaults to 10 (API default is 100). sort (str, optional): Field to sort by - either 'cve_id', 'created_at', 'updated_at', 'cvss_3_base_score', 'epss_score', or 'epss_percentile'. Defaults to 'created_at'. order (str, optional): Sort order - either 'asc' or 'desc'. Defaults to 'desc'. Returns: Dict[str, Any]: Dictionary containing: - total: Total number of vulnerabilities matching the filter criteria - offset: Current pagination offset - limit: Number of items returned per page - message: Status message (usually null when successful) - data: List of vulnerability records, each containing: - uuid: Unique identifier for the vulnerability - cve_id: The CVE identifier - description: Detailed description of the vulnerability - created_at/updated_at: Timestamps for record creation and updates - cvss_base_score: Severity score (if available) - cvss_version: Version of the CVSS scoring system used - cvss_vector: Detailed scoring vector - cvss_data: Additional CVSS scoring information - epss_score: Exploit Prediction Scoring System score - epss_percentile: Percentile ranking of the EPSS score - cisa_kev_added_at: Date added to CISA's Known Exploited Vulnerabilities catalog - gen_description/gen_name: Generated content (if available) """ return await malloryai_client.vulnerabilities.list_vulnerabilities( filter=filter, offset=offset, limit=limit, sort=sort, order=order )
• malloryai/mcp/server/server.py:16-36 (registration)

  Dynamic registration mechanism that imports the tools/vulnerabilities.py module, triggering the @mcp.tool() registration of get_vulnerabilities.
  def load_tools(): """Dynamically load all tool modules in the tools package""" # Get the tools directory tools_dir = Path(__file__).resolve().parent.parent / "tools" # Find all Python modules in the tools directory for _, module_name, _ in pkgutil.iter_modules([str(tools_dir)]): # Skip the __init__ module if module_name != "__init__": # Import the module importlib.import_module(f"malloryai.mcp.tools.{module_name}") debug_log(f"Loaded tool: {module_name}") def initialize_server(): """Initialize the server by loading all tools""" try: debug_log("Starting tool loading...") load_tools() debug_log("Tools loaded successfully") return mcp