SecOps Toolkit MCP

A small, dependency-light Model Context Protocol server that gives an AI assistant a set of defensive security helpers for working with logs, threat-intel notes, and network data — all running locally, with no API keys and no outbound network calls.

Built with FastMCP.

Tools

These are defensive / analysis utilities — parsing, hashing, and network math. They don't scan, attack, or reach out to any host.

Related MCP server: agent-utils-mcp

Install & run

Requires Python 3.11+ and uv.

git clone https://github.com/glatinone/secops-toolkit-mcp.git
cd secops-toolkit-mcp
uv sync
uv run secops-toolkit-mcp   # starts the server over stdio

Use it from an MCP client

Add this to your client's MCP config (e.g. Claude Desktop's claude_desktop_config.json). Point --directory at where you cloned the repo:

{
  "mcpServers": {
    "secops-toolkit": {
      "command": "uv",
      "args": ["run", "--directory", "/absolute/path/to/secops-toolkit-mcp", "secops-toolkit-mcp"]
    }
  }
}

Then ask your assistant things like "extract the IOCs from this alert" or "is 10.0.4.20 inside 10.0.0.0/16?" and it will call these tools.

Development

uv sync          # install deps (incl. dev)
uv run pytest    # run the test suite

The logic lives in core.py as plain, testable functions; server.py is a thin layer that exposes them as MCP tools.

License

MIT — see LICENSE.