Skip to main content
Glama
lidless-labs

maltego-mcp

by lidless-labs

maltego_build_ioc_graph

Build a Maltego .mtgx investigation graph from one IOC and enrichment summaries from MISP, TheHive, Cortex, or MITRE ATT&CK.

Instructions

Build a .mtgx investigation graph from one IOC plus enrichment summaries gathered from MISP, TheHive, Cortex, MITRE, or other MCPs. This tool does not call those services itself.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
iocYes
notesNo
titleNo
overwriteNo
mispEventsNo
outputPathYesOutput path. Resolved relative to outputDir; absolute paths must be inside outputDir.
thehiveCasesNo
cortexReportsNo
attackTechniquesNo
maxItemsPerSectionNo
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must bear all behavioral disclosure. It mentions that the tool does not call external services, but omits other critical behaviors: file overwrite behavior (though an 'overwrite' param exists), output path resolution relative to outputDir, error handling, or side effects on existing files. Minimal transparency beyond the basic function.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two sentences: one for purpose, one for a clarifying limitation ('does not call those services itself'). No unnecessary words. Every sentence adds value and the critical constraint is front-loaded.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness1/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (10 parameters, nested objects, no output schema), the description is severely incomplete. It does not explain the expected structure of enrichment summaries, how parameters like 'attackTechniques' or 'cortexReports' map to graph elements, or what the tool returns (likely a file path or success status). Many required behaviors (e.g., overwrite handling) are left to the agent to infer from the param name alone. This is inadequate for confident invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is only 10%, meaning most parameters lack schema-level explanations. The tool description adds no parameter-specific meaning beyond the generic 'enrichment summaries'. For example, 'notes', 'title', 'mispEvents', 'thehiveCases', etc., remain undefined. The description does not compensate for the sparse schema, leaving the agent to infer parameter formats and relationships.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool builds a .mtgx investigation graph from one IOC and enrichment summaries, specifying sources like MISP, TheHive, Cortex, MITRE. The verb 'Build' and resource '.mtgx investigation graph' are specific, and the sibling context (e.g., maltego_create_graph, maltego_add_entity) helps distinguish this as a batch graph construction tool.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage: provide an IOC plus enrichment summaries. However, it does not explicitly state when to use this tool versus siblings (e.g., maltego_add_entity for incremental additions, maltego_create_graph for blank graphs). It also lacks prerequisites, such as the need to have already gathered enrichment data from other MCPs. No when-not guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/lidless-labs/maltego-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server