Skip to main content
Glama

ContrastAPI — 55 Security Tools + 7 MCP Resources for AI Agents

MCP Install in Claude Desktop contrastapi MCP server License: MIT

Security intelligence, built for AI agents. Give your agent grounded answers about vulnerabilities, threats, and attack surface — backed by authoritative sources (NVD, CISA KEV, FIRST EPSS, MITRE ATLAS & D3FEND), never guesswork. CVE/KEV/CWE lookup with EPSS exploit-probability and composite risk scoring, domain & IP investigation, IOC enrichment, code-security checks, and live web intelligence. 55 tools, 7 Resources, and 3 Prompts — free, no API key, no signup.

中文 · Live: api.contrastcyber.com


Documentation

  • API Documentation — REST reference: 60+ endpoints, authentication, rate limits, token costs, and response envelope.

  • MCP Documentation — MCP tool-selection guide, 7 Resources, 3 Prompts, and copy-paste agent prompts.

Related MCP server: VirusTotal MCP Server

Setup (MCP)

Any MCP client

{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

Restart your agent. Other clients (Python SDK, Node SDK, cURL, VS Code): mcp-setup · quickstart

Claude Desktop — one-click extension

Grab the .mcpb file from the latest release and double-click it (or Claude Desktop → Settings → Extensions → Install Extension…). No signup, no API key — all 55 tools ready immediately.

SDKs

pip install contrastapi      # Python 3.10+ — sync + async, typed responses, shortcut helpers
npm install contrastapi      # Node 14+ — concrete TypeScript types, 14 namespaces

Both SDKs cover every HTTP endpoint and MCP tool — CVE/KEV/CWE, ATLAS, D3FEND, Sigma rules, email security posture, domain, IP, IOC, code security, and web intelligence — with wire-exact response shapes and a typed exception hierarchy that mirrors the API error envelope. They also expose MCP Resources for browsing the ATLAS, D3FEND, and CWE catalogs (see docs/MCP_Documentation.md) and a conditional triage Prompt (see docs/MCP_Documentation.md#contrast-triage). Web-intelligence tools — robots_txt, redirect_chain, email_verify, brand_assets, seo_audit, geo_audit — ship with an explicit ethical floor: per-target throttling, robots.txt respected, no SMTP probing.

OpenAPI: openapi.json

Smithery · npm · VS Code Marketplace · Awesome OSINT MCP · RapidAPI

Responses include a verdict block — deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.

CVE responses also embed next_calls: list[PivotHint]{tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.

MIT

Install Server
A
license - permissive license
A
quality
A
maintenance

Maintenance

Maintainers
3hResponse time
1dRelease cycle
86Releases (12mo)
Commit activity
Issues opened vs closed

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/UPinar/contrastapi'

If you have feedback or need assistance with the MCP directory API, please join our Discord server