Skip to main content
Glama
googleSandy

Google Threat Intelligence MCP Server

by googleSandy
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

get_url_report

Analyze URLs for security threats using Google Threat Intelligence to identify malicious content and assess reputation.

Instructions

Get a comprehensive URL analysis report from Google Threat Intelligence.

Args: url (required): URL to analyse. Returns: Report with insights about the URL.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
urlYes
api_keyNo

Implementation Reference

  • gti_mcp/tools/urls.py:72-90 (handler)
    Main handler function for the get_url_report tool. It converts the URL to base64, fetches the report from Google Threat Intelligence API with associations, and returns a sanitized response.
    @server.tool()
async def get_url_report(url: str, ctx: Context, api_key: str = None) -> typing.Dict[str, typing.Any]:
  """Get a comprehensive URL analysis report from Google Threat Intelligence.

  Args:
    url (required): URL to analyse.
  Returns:
    Report with insights about the URL.
  """
  url_id = url_to_base64(url)
  async with vt_client(ctx, api_key=api_key) as client:
    res = await utils.fetch_object(
        client,
        "urls",
        "url",
        url_id,
        relationships=["associations"],
        params={"exclude_attributes": "last_analysis_results"})
  return utils.sanitize_response(res)
  • gti_mcp/tools/urls.py:63-69 (helper)
    Helper function that converts a URL string to base64 encoding without padding, as required by the Google Threat Intelligence API for URL identifiers.
    def url_to_base64(url: str) -> str:
  """Converts the URL into base64.

  Without padding, as required by the Google Threat Intelligence API.
  """
  b = base64.b64encode(url.encode('utf-8'))
  return b.decode('utf-8').rstrip("=")
  • gti_mcp/utils.py:29-84 (helper)
    Helper function that fetches objects from the Google Threat Intelligence API with support for filtering by attributes and relationships, and handles API errors gracefully.
    async def fetch_object(
    vt_client: vt.Client,
    resource_collection_type: str,
    resource_type: str,
    resource_id: str,
    attributes: list[str] | None = None,
    relationships: list[str] | None = None,
    params: dict[str, typing.Any] | None = None):
  """Fetches objects from Google Threat Intelligence API."""
  logging.info(
      f"Fetching comprehensive {resource_collection_type} "
      f"report for id: {resource_id}")
  
  params = {k: v for k, v in params.items()} if params else {}

  # Retrieve a selection of object attributes and/or relationships.
  if attributes:
    params["attributes"] = ",".join(attributes)
  if relationships:
    params["relationships"] = ",".join(relationships)

  try:
    obj = await vt_client.get_object_async(
        f"/{resource_collection_type}/{resource_id}", params=params)

    if obj.error:
      logging.error(
          f"Error fetching main {resource_type} report for {resource_id}: {obj.error}"
      )
      return {
          "error": f"Failed to get main {resource_type} report: {obj.error}",
          # "details": report.get("details"),
      }
  except vt.error.APIError as e:
    logging.warning(
        f"VirusTotal API Error fetching {resource_type} {resource_id}: {e.code} - {e.message}"
    )
    return {
        "error": f"VirusTotal API Error: {e.code} - {e.message}",
        "details": f"The requested {resource_type} '{resource_id}' could not be found or there was an issue with the API request."
    }
  except Exception as e:
    logging.exception(
        f"Unexpected error fetching {resource_type} {resource_id}: {e}"
    )
    return {"error": "An unexpected internal error occurred."}

  # Build response.
  obj_dict = obj.to_dict()
  obj_dict['id'] = obj.id
  if 'aggregations' in obj_dict['attributes']:
    del obj_dict['attributes']['aggregations']

  logging.info(
      f"Successfully generated concise threat summary for id: {resource_id}")
  return obj_dict
  • gti_mcp/utils.py:119-138 (helper)
    Helper function that recursively removes empty dictionaries, lists, and empty strings from API responses to provide cleaner output to users.
    def sanitize_response(data: typing.Any) -> typing.Any:
  """Removes empty dictionaries and lists recursively from a response."""
  if isinstance(data, dict):
    sanitized_dict = {}
    for key, value in data.items():
      sanitized_value = sanitize_response(value)
      if sanitized_value is not None:
        sanitized_dict[key] = sanitized_value
    return sanitized_dict
  elif isinstance(data, list):
    sanitized_list = []
    for item in data:
      sanitized_item = sanitize_response(item)
      if sanitized_item is not None:
        sanitized_list.append(sanitized_item)
    return sanitized_list
  elif isinstance(data, str):
    return data if data else None
  else:
    return data
  • gti_mcp/server.py:72-73 (registration)
    Registration point where all tools from gti_mcp.tools are imported. The get_url_report function is automatically registered as an MCP tool via the @server.tool() decorator in urls.py.
    # Load tools.
from gti_mcp.tools import *
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/googleSandy/gti-mcp-standalone'

If you have feedback or need assistance with the MCP directory API, please join our Discord server