What can you do with this server?

The Mallory MCP Server provides AI assistants with access to a comprehensive cyber threat intelligence database, enabling real-time queries for vulnerabilities, threat actors, malware, exploits, and related security intelligence. Core Capabilities: Vulnerability Intelligence - Find specific CVEs with detailed information including CVSS scores, EPSS predictions, and CISA KEV status; search vulnerabilities with filtering by CVE, UUID, or keywords; retrieve detection signatures, exploitation records, and vulnerable configurations (CPE data) to identify affected products and versions. Threat Actor Intelligence - Get detailed threat actor profiles by UUID or name, including TTPs, target sectors, and intelligence mentions; list and search threat actors with filtering and sorting; monitor recent threat actor mentions from intelligence sources to track emerging threats and active campaigns. Exploitation Tracking - Get specific exploitation records by UUID with details on when/how vulnerabilities were exploited; list exploitation data with filtering to identify actively exploited vulnerabilities and detection methods. Additional Capabilities - Access malware research, MITRE ATT\&CK patterns, breach intelligence, organization security profiles, product security information, advisories, threat intelligence stories, mention monitoring across entities, and search across all entity types. Key Use Cases - Risk assessment and vulnerability prioritization based on active exploitation; threat intelligence gathering for security briefings; building detection rules from published signatures; asset vulnerability mapping using CPE data; monitoring the threat landscape; incident response investigation and attribution.

Which integrations are available for this server?

Enables configuration of the MCP server using environment variables stored in a .env file, supporting settings like API keys and environment selection. Allows for installation of the MCP server directly from the GitHub repository, providing access to the full codebase and development resources.

How do I use Mallory MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Mallory MCP Server get details on the latest critical vulnerability affecting Apache servers" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Mallory MCP Server

PyPI Python 3.11+ License: Apache 2.0

Mallory provides a robust source of cyber and threat intelligence. This MCP server exposes the Mallory API to AI agents via the malloryapi Python client, with tools for vulnerabilities, threat actors, malware, exploits, organizations, attack patterns, breaches, products, advisories, stories, mentions, search, and sources.

Once connected, your AI assistant (Cursor, Claude Desktop, or another MCP client) can look up CVEs, threat actors, malware, and more directly from Mallory — no copy-pasting from the dashboard.

Prerequisites

Python 3.11 or higher
A Mallory API key (mallory.ai)

Related MCP server: IR Toolshed MCP Server

Quick Start

1. Set your API key

Get an API key at mallory.ai and add it to your shell profile (~/.zshrc, ~/.bashrc, etc.):

export MALLORY_API_KEY=your_api_key_here

Reload your shell (or run source ~/.zshrc) so the variable is available.

2. Add to your AI client

Add the server to your MCP client config. Pick one of the options below.

Cursor — add to ~/.cursor/mcp.json:

{ "mcpServers": { "Mallory": { "command": "uvx", "args": ["mallorymcp"] } } }

Claude Desktop — add to claude_desktop_config.json:

{ "mcpServers": { "Mallory": { "command": "uvx", "args": ["mallorymcp"] } } }

Claude Code — run this command:

claude mcp add --transport stdio Mallory -- uvx mallorymcp

This stores the config in ~/.claude.json (local scope, current project). To share it with your team, use project scope instead:

claude mcp add --transport stdio --scope project Mallory -- uvx mallorymcp

This writes to .mcp.json in the project root, which can be committed to git.

uvx downloads and runs the package automatically — no install step needed. If you prefer to install it yourself, see Alternative: pip install below.

3. Restart your AI client and start using it

Ask your assistant to query Mallory:

"Look up CVE-2024-1234 and summarize the risk."
"List threat actors trending in the last 7 days."
"Find vulnerabilities that are known to be exploited."
"Search for intelligence on APT28."
"What malware is associated with technique T1566?"

The assistant calls the MCP tools automatically — you don't need to invoke tool names yourself.

Note: mallorymcp is an MCP server that communicates via JSON-RPC over stdio. It's designed to be launched by your AI client, not run interactively from a terminal.

Alternative: pip install

If you prefer installing the package rather than using uvx:

pip install mallorymcp

Then reference the command directly in your config:

{ "mcpServers": { "Mallory": { "command": "mallorymcp" } } }

Configuration

Environment Variable	Required	Description	Default
`MALLORY_API_KEY`	Yes	Your Mallory API key	—
`MALLORY_BASE_URL`	No	Override the API base URL	`https://api.mallory.ai/v1`

Tools

The server exposes the following tools, backed by the Mallory API.

Vulnerabilities (7)

Tool	Description
`get_vulnerability`	Get a vulnerability by CVE ID or UUID
`list_vulnerabilities`	List/search vulnerabilities with filters and pagination
`list_trending_vulnerabilities`	List vulnerabilities trending over 1d/7d/30d
`list_exploited_vulnerabilities`	List vulnerabilities known to be exploited in the wild
`get_vulnerability_detection_signatures`	Detection signatures for a CVE
`get_vulnerability_exploitations`	Exploitation records for a CVE
`get_vulnerability_configurations`	Affected configurations (CPE) for a CVE

Threat Actors (5)

Tool	Description
`get_threat_actor`	Get a threat actor by UUID or name
`list_threat_actors`	List/search threat actors
`list_trending_threat_actors`	List trending threat actors
`list_mentioned_threat_actors`	Recent threat actor mentions from intel sources
`get_threat_actor_attack_patterns`	MITRE ATT&CK patterns for an actor

Malware (5)

Tool	Description
`get_malware`	Get a malware entity by UUID or name
`list_malware`	List/search malware
`list_trending_malware`	List trending malware
`get_malware_vulnerabilities`	Vulnerabilities linked to a malware
`get_malware_attack_patterns`	MITRE ATT&CK patterns for a malware

Exploits (2)

Tool	Description
`get_exploit`	Get an exploit by UUID or identifier
`list_exploits`	List/search exploits

Organizations (4)

Tool	Description
`get_organization`	Get an organization by UUID or name
`list_organizations`	List/search organizations
`list_trending_organizations`	List trending organizations
`get_organization_breaches`	Breaches associated with an organization

Attack Patterns (4)

Tool	Description
`get_attack_pattern`	Get an attack pattern (MITRE ATT&CK technique) by UUID or ID
`list_attack_patterns`	List/search attack patterns
`get_attack_pattern_threat_actors`	Threat actors associated with a technique
`get_attack_pattern_malware`	Malware associated with a technique

Breaches (3)

Tool	Description
`get_breach`	Get a breach by UUID or identifier
`list_breaches`	List breaches
`get_breach_organizations`	Organizations associated with a breach

Products (3)

Tool	Description
`get_product`	Get a technology product by UUID or name
`list_products`	List/search technology products
`get_product_advisories`	Security advisories for a product

Advisories (3)

Tool	Description
`get_advisory`	Get a technology product advisory by UUID or identifier
`list_advisories`	List technology product advisories
`get_advisory_vulnerabilities`	Vulnerabilities associated with an advisory

Stories (3)

Tool	Description
`get_story`	Get an intelligence story by UUID or identifier
`list_stories`	List/search intelligence stories
`list_story_topics`	List available story topics

Mentions (3)

Tool	Description
`list_mentions`	List recent mentions across entity types
`list_mentions_actors`	Recent threat actor mentions
`list_mentions_vulnerabilities`	Recent vulnerability mentions

Search and Sources (2)

Tool	Description
`search`	Search across all entity types by query string
`list_sources`	List intelligence sources in the platform

Development

Install from source

git clone https://github.com/malloryai/mallorymcp.git cd mallorymcp uv sync uv run mallorymcp

Lint

uv sync --extra lint uv run ruff check src/ tests/ uv run ruff format src/ tests/

Project Structure

src/mallorymcp/ ├── __init__.py ├── _version.py # Auto-generated by hatch-vcs from git tags ├── app.py # Entry point (main, stdio transport) ├── config/ # Env-based config (MALLORY_API_KEY, MALLORY_BASE_URL) ├── decorator/ # API error handling for tools ├── server/ # FastMCP server and tool loader ├── tools/ # Tool modules (one per resource area) └── utils/ # Serialization, debug

Releasing

Tag a release: git tag v0.4.0 && git push --tags
Create a GitHub release from the tag
GitHub Actions builds and publishes to PyPI via trusted publisher

License

Apache 2.0.

Install Server

A

security – no known vulnerabilities

A

license - permissive license

A

quality - confirmed to work

How are these scores calculated?

Mallory MCP Server

Mallory MCP Server

Prerequisites

Quick Start

1. Set your API key

2. Add to your AI client

3. Restart your AI client and start using it

Alternative: pip install

Configuration

Tools

Vulnerabilities (7)

Threat Actors (5)

Malware (5)

Exploits (2)

Organizations (4)

Attack Patterns (4)

Breaches (3)

Products (3)

Advisories (3)

Stories (3)

Mentions (3)

Search and Sources (2)

Development

Install from source

Lint

Project Structure

Releasing

License

Resources

Tools

Appeared in Searches

Latest Blog Posts

MCP directory API