Skip to main content
Glama
googleSandy

Google Threat Intelligence MCP Server

by googleSandy
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

list_threat_profiles

Retrieve Google Threat Intelligence profiles to filter threats by industry and region, focusing analysis on relevant organizational risks before broader searches.

Instructions

List your Threat Profiles at Google Threat Intelligence.

Threat Profiles filter all of Google TI's threat intelligence so you can focus only on the threats that matter most to your organization.

Threat Profiles let you apply top-level filters for Target Industries and Target Regions to immediately provide a more focused view of relevant threats.

When searching for threats, we must use this tool first to check if there is any Threat Profile that matches the user query before peforming a general search using the search_threats tool.

Recommendations from Threat Profiles are more relevants to users than generic search threats. Use them as long as they match user's query.

Returns: List of Threat Profiles.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
limitNo
api_keyNo

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes

Implementation Reference

  • gti_mcp/tools/threat_profiles.py:22-51 (handler)
    Main handler function for list_threat_profiles tool. Decorated with @server.tool() to register as MCP tool. Takes Context, limit (default 10), and optional api_key parameters. Uses vt_client to call /threat_profiles endpoint and returns sanitized list of threat profile dictionaries.
    @server.tool()
async def list_threat_profiles(
    ctx: Context, limit: int = 10, api_key: str = None
) -> typing.List[typing.Dict[str, typing.Any]]:
  """List your Threat Profiles at Google Threat Intelligence.

  Threat Profiles filter all of Google TI's threat intelligence
  so you can focus only on the threats that matter most
  to your organization.

  Threat Profiles let you apply top-level filters
  for Target Industries and Target Regions to immediately provide
  a more focused view of relevant threats.

  When searching for threats, we must use this tool first to check
  if there is any Threat Profile that matches the user query
  before peforming a general search using the `search_threats` tool.

  Recommendations from Threat Profiles are more relevants to users
  than generic search threats. Use them as long as
  they match user's query.

  Returns:
    List of Threat Profiles.
  """
  async with vt_client(ctx, api_key=api_key) as client:
    res = await utils.consume_vt_iterator(
        client, "/threat_profiles", limit=limit
    )
  return utils.sanitize_response([o.to_dict() for o in res])
  • gti_mcp/tools/threat_profiles.py:22-22 (registration)
    Tool registration via @server.tool() decorator. This decorator from FastMCP registers the function as an available MCP tool on the server instance defined in server.py.
    @server.tool()
  • gti_mcp/utils.py:20-26 (helper)
    Helper function consume_vt_iterator used by list_threat_profiles to consume a vt.Iterator and return a list of objects from the VirusTotal API.
    async def consume_vt_iterator(
    vt_client: vt.Client, endpoint: str, params: dict | None = None, limit: int = 10):
  """Consumes a vt.Iterator iterator and return the list of objects."""
  res = []
  async for obj in vt_client.iterator(endpoint, params=params, limit=limit):
    res.append(obj)
  return res
  • gti_mcp/utils.py:119-138 (helper)
    Helper function sanitize_response used by list_threat_profiles to recursively remove empty dictionaries and lists from API responses before returning to the client.
    def sanitize_response(data: typing.Any) -> typing.Any:
  """Removes empty dictionaries and lists recursively from a response."""
  if isinstance(data, dict):
    sanitized_dict = {}
    for key, value in data.items():
      sanitized_value = sanitize_response(value)
      if sanitized_value is not None:
        sanitized_dict[key] = sanitized_value
    return sanitized_dict
  elif isinstance(data, list):
    sanitized_list = []
    for item in data:
      sanitized_item = sanitize_response(item)
      if sanitized_item is not None:
        sanitized_list.append(sanitized_item)
    return sanitized_list
  elif isinstance(data, str):
    return data if data else None
  else:
    return data
  • gti_mcp/tools/threat_profiles.py:23-25 (schema)
    Function signature defines input/output schema: takes Context, limit (int, default 10), api_key (str, optional) and returns List[Dict[str, Any]] representing threat profiles.
    async def list_threat_profiles(
    ctx: Context, limit: int = 10, api_key: str = None
) -> typing.List[typing.Dict[str, typing.Any]]:

Tool Definition Quality

A4/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It explains that Threat Profiles filter intelligence by Target Industries and Target Regions for focused views, which adds useful behavioral context. However, it lacks details on permissions, rate limits, or error handling, leaving gaps for a tool with no annotation coverage.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and front-loaded with the core purpose. It uses clear paragraphs to explain functionality and usage guidelines without unnecessary fluff. However, it could be slightly more concise by integrating some points more tightly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity and the presence of an output schema (which handles return values), the description is fairly complete. It covers purpose, usage guidelines, and behavioral context effectively. The main gap is the lack of parameter explanations, but the output schema reduces the need for detailed return value descriptions.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate for the two parameters (limit, api_key). The description does not mention or explain these parameters at all, failing to add meaning beyond the schema. This leaves key input semantics undocumented.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'List your Threat Profiles at Google Threat Intelligence.' It specifies the verb ('List') and resource ('Threat Profiles'), and distinguishes it from sibling tools like 'search_threats' by explaining that Threat Profiles provide filtered, organization-relevant views, unlike generic searches.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit usage guidelines: 'When searching for threats, we must use this tool first to check if there is any Threat Profile that matches the user query before performing a general search using the `search_threats` tool.' It also states when to prefer this tool over alternatives: 'Recommendations from Threat Profiles are more relevant to users than generic search threats. Use them as long as they match user's query.'

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/googleSandy/gti-mcp-standalone'

If you have feedback or need assistance with the MCP directory API, please join our Discord server