This server provides defense-contractor-grade threat intelligence with multi-source feed aggregation, reputation checking, and compliance with major security standards.
Core Threat Intelligence
Multi-source feed aggregation: Collect IOCs from 10+ sources including Feodo Tracker, URLhaus, CISA KEV, ThreatFox, Emerging Threats, Spamhaus DROP, Blocklist.de, and CINSscore
IP reputation (
check_ip_reputation): Evaluate a single IP against VirusTotal, AbuseIPDB, and Shodan, returning a threat level (clean/low/medium/high/critical)Hash reputation (
check_hash_reputation): Look up MD5, SHA1, or SHA256 hashes against threat intelligence databasesBulk IP checking (
check_bulk_ips): Check up to 100 IPs in a single requestCISA KEV (
get_cisa_kev): Retrieve known exploited vulnerabilities, filterable by days and vendorRecent IOCs (
get_recent_iocs): Fetch from ThreatFox by type (ip:port, domain, url, md5, sha256), up to 500 resultsNetwork threat analysis (
check_network_against_threats): Cross-reference network scan results against threat listsDashboard & stats: Aggregated data for visualization, cache statistics, and API key status
Cache management (
clear_threat_cache): Force a fresh data fetch
Defense & Intelligence Standards
STIX/TAXII 2.1: Export OASIS-compliant STIX bundles and fetch from TAXII 2.1 servers
MITRE ATT&CK: Map IOCs to techniques across all 14 Enterprise tactics and export ATT&CK Navigator layers
TLP 2.0: Classify and enforce Traffic Light Protocol sharing rules
Tamper-evident provenance: SHA-256 hash chain tracking for IOC lifecycle (NIST SP 800-86 compliant)
Defense feeds: Aggregate CISA, ICS-CERT, NSA, and DISA IAVA feeds with ICD 203 confidence scoring
NIST compliance: Map to 25+ NIST SP 800-53 Rev. 5 controls and NIST CSF 2.0 functions
DoD Impact Levels: Classification mapping to IL2–IL6 per CNSSI 1253
Enables checking file hash (MD5/SHA1/SHA256) and IP reputation with detection ratios and vendor verdicts from VirusTotal's threat intelligence database.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Threat Intelligence MCP Servercheck the reputation of IP 192.0.2.102"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
World Intelligence MCP Server
Real-time global intelligence across 30+ domains with 109 MCP tools, a live ops-center dashboard, a CLI, and a Qdrant vector store for enterprise-grade semantic search across accumulated intelligence. All data comes from free, public APIs — no paid subscriptions required.
Built for AI agents that need world awareness: market conditions, geopolitical risk, military posture, supply chain disruptions, cyber threats, and more — all queryable via the Model Context Protocol. The vector store enables natural language queries like "military activity near Taiwan" or "cyber threats targeting healthcare" across all historical data.
What You Get
Domain | Tools | Data Sources |
Financial Markets | 7 | Yahoo Finance, CoinGecko, Alternative.me, Mempool |
Forex & Currency | 3 | ECB/Frankfurter (8 major pairs, timeseries, cross rates) |
Bonds & Yields | 2 | FRED, Yahoo Finance (yield curve, bond ETFs, spread analysis) |
Earnings | 2 | Yahoo Finance (mega-cap calendar, surprise history) |
SEC Filings | 3 | SEC EDGAR (full-text search, company filings, 8-K material events) |
Company Enrichment | 1 | Yahoo Finance + GDELT + SEC + GitHub (composite profile) |
Macro Composite | 1 | Weighted 6-signal market verdict (Fear&Greed, VIX, sectors, DXY, BTC, yields) |
Economic Indicators | 3 | EIA energy, FRED macro, World Bank |
Central Banks | 1 | 8 central bank policy rates |
BTC Technicals | 1 | SMA 50/200, golden/death cross, Mayer Multiple |
Natural Disasters | 2 | USGS earthquakes, NASA FIRMS wildfires |
Environmental | 2 | NASA EONET, GDACS disaster alerts |
Climate | 1 | Open-Meteo temperature/precipitation anomalies |
Conflict & Security | 4 | ACLED events, UCDP, unrest detection, humanitarian data |
Military & Defense | 6 | adsb.lol, OpenSky, hexdb.io, surge detection, theater posture, aircraft batch |
Infrastructure | 4 | Cloudflare Radar, submarine cables, cascade analysis, cloud status |
Maritime | 2 | NGA navigation warnings, vessel snapshots |
Aviation | 2 | FAA airport delays, domestic flight snapshot |
News & Media | 3 | 80+ RSS feeds (4-tier), GDELT, trending keywords |
Intelligence Analysis | 8 | Signal convergence, focal points, instability index, risk scores, escalation |
NLP Intelligence | 4 | Entity extraction, event classification, news clustering, keyword spikes |
Strategic Synthesis | 4 | Strategic posture, world brief, fleet report, population exposure |
Geospatial | 11 | Military bases, ports, pipelines, nuclear facilities, cables, datacenters, spaceports, minerals, exchanges, trade routes, cloud regions |
AI & Technology | 4 | arXiv papers, HuggingFace models, Hacker News, GitHub trending |
Cyber Threats | 1 | URLhaus, Feodotracker, CISA KEV, SANS |
Health | 1 | WHO DON, ProMED, CIDRAP disease outbreaks |
Space Weather | 1 | NOAA SWPC (Kp index, solar flares, alerts) |
Social & Sanctions | 3 | Reddit velocity, OFAC SDN list, nuclear test site monitoring |
Country Intelligence | 3 | Country brief, country stocks, financial centers |
Prediction Markets | 1 | Polymarket event contracts |
Elections | 1 | Global election calendar with risk scoring |
Displacement | 1 | UNHCR refugee/IDP data |
Shipping | 1 | Dry bulk shipping stress index |
Government | 1 | USAspending.gov federal contracts |
Traffic | 2 | Road traffic flow, real-time incidents |
Cross-Domain Alerts | 2 | Alert digest, weekly trends |
Monitoring | 2 | Webcams, server health/status |
Vector Search | 5 | Qdrant semantic search, similarity, timeline, stats |
Cross-Domain Analytics | 3 | Correlation, domain summary, trend detection |
Reports | 1 | PDF/HTML multi-domain intelligence reports |
Total: 110 tools across 30+ intelligence domains.
Quick Start
Install
git clone https://github.com/marc-shade/world-intel-mcp.git
cd world-intel-mcp
pip install -e .
# Optional extras
pip install -e ".[dashboard]" # Live ops-center dashboard
pip install -e ".[vector]" # Qdrant vector store + FastEmbed
pip install -e ".[dev]" # pytest, respx, coverageRun as MCP Server
world-intel-mcp # stdio mode for Claude Code, Cursor, etc.Claude Code Configuration
Add to ~/.claude.json:
{
"mcpServers": {
"world-intel-mcp": {
"command": "world-intel-mcp"
}
}
}Dashboard
intel-dashboard # http://localhost:8501
intel-dashboard --port 9000 # custom portPDF/HTML Reports
pip install -e ".[pdf]" # requires: brew install pango (macOS)
intel report # full PDF report → ~/.cache/world-intel-mcp/
intel report --format html # HTML (no native deps needed)
intel report -o brief.pdf # custom output path
intel report -s markets,cyber,earthquakes # select sectionsMap-first ops center: Leaflet map with toggle-able layers (quakes, military, conflict, fires, convergence, nuclear, infrastructure), 35+ live SSE feeds, HUD bar, glassmorphic panels, per-source circuit breaker health.
CLI
intel markets # stock indices
intel earthquakes --min-mag 5.0
intel status # cache + circuit breaker healthArchitecture
server.py (MCP stdio) ─┐ ┌─ VectorStore (Qdrant)
cli.py (Click CLI) ├─> sources/*.py ─> Fetcher ─> CircuitBreaker ─┤
dashboard.py (SSE) │ analysis/*.py └─ Cache (SQLite)
collector.py (daemon) ─┘Fetcher: Centralized async HTTP client (httpx). Retries, per-source rate limiting, stale-data fallback. Auto-stores results in vector store on fresh fetches.
CircuitBreaker: Per-source tracking. 3 consecutive failures trips for 5 minutes. Each RSS feed gets its own breaker.
Cache: SQLite WAL-mode TTL cache.
get()returns live data,get_stale()returns expired data for fallback.VectorStore: Qdrant + FastEmbed (BAAI/bge-small-en-v1.5, 384-dim). Async background worker queue for non-blocking storage. Enables semantic search across all accumulated intelligence.
Collector: Standalone daemon that fetches all 43 sources in parallel and populates the vector store. Run once or as a daemon (default: 5-minute interval).
Sources (
sources/*.py): 30+ modules, each exportsasync def fetch_*(fetcher, **kwargs) -> dict.Analysis (
analysis/*.py): Cross-domain synthesis — signal aggregation, instability indexing, NLP, company enrichment, macro composite.Config (
config/*.py): Curated datasets — 22 hotspots, 70+ bases, 40 ports, 24 pipelines, 24 nuclear facilities, 34 cables, 48 datacenters, 27 spaceports, 82 exchanges.
MCP Tools Reference
Financial Markets (7)
Tool | Description |
| Stock index quotes (S&P 500, Dow, Nasdaq, FTSE, Nikkei) |
| Top crypto prices and market caps from CoinGecko |
| Stablecoin peg health (USDT, USDC, DAI, FDUSD) |
| Bitcoin spot ETF prices and volumes |
| US equity sector performance (11 SPDR ETFs) |
| 7 macro indicators (Fear & Greed, VIX, DXY, gold, 10Y, BTC) |
| Commodity futures (gold, silver, crude, natgas, grains) |
Forex & Currency (3)
Tool | Description |
| Latest FX rates from ECB. Filter by base/target currencies |
| Historical FX rate with trend analysis (configurable days) |
| All 8 major pairs + cross rates + DXY proxy |
Bonds & Yields (2)
Tool | Description |
| US Treasury yield curve (2Y-30Y), 2s10s/3m10y spreads, inversion flag |
| Bond ETFs: AGG, TLT, HYG, LQD, TIP with price/change |
Earnings (2)
Tool | Description |
| Upcoming earnings for 20 mega-cap stocks with EPS estimates |
| Historical earnings surprise (actual vs estimate, trend) |
SEC Filings (3)
Tool | Description |
| Full-text search across all EDGAR filings |
| Company filings by ticker (10-K, 10-Q, 8-K) with CIK resolution |
| Latest 8-K material events (M&A, exec changes, earnings) |
Company Enrichment (1)
Tool | Description |
| Composite profile: stock quote + financials + news + SEC + GitHub |
Macro Composite (1)
Tool | Description |
| Weighted market score (0-100) with verdict: RISK_ON to STRONG_CAUTION |
Economic (3)
Tool | Description |
| Brent/WTI crude oil and natural gas from EIA |
| FRED economic data (GDP, CPI, unemployment, rates) |
| World Bank development indicators by country |
Central Banks (1)
Tool | Description |
| Policy rates for 8 major central banks |
BTC Technicals (1)
Tool | Description |
| Bitcoin SMA 50/200, golden/death cross, Mayer Multiple |
Natural Disasters (2)
Tool | Description |
| USGS earthquakes (configurable magnitude/time/limit) |
| NASA FIRMS satellite fire hotspots (9 global regions) |
Environmental (2)
Tool | Description |
| NASA EONET natural events |
| GDACS disaster alerts with severity scoring |
Conflict & Security (4)
Tool | Description |
| ACLED armed conflict events |
| Uppsala Conflict Data Program events |
| Social unrest with Haversine dedup |
| HDX humanitarian crisis datasets |
Military & Defense (6)
Tool | Description |
| Military aircraft via adsb.lol (OpenSky fallback) |
| Activity across 5 theaters (EU, Indo-Pacific, ME, Arctic, Korea) |
| Aircraft lookup by ICAO24 hex (hexdb.io) |
| Batch aircraft lookup (multiple hex codes) |
| Foreign aircraft concentration anomaly detection |
| USNI News naval fleet tracker |
Infrastructure (4)
Tool | Description |
| Cloudflare Radar internet disruptions |
| Submarine cable corridor health |
| Infrastructure cascade simulation |
| Cloud platform health (AWS, Azure, GCP, Cloudflare, GitHub) |
Maritime (2)
Tool | Description |
| NGA maritime navigation warnings |
| Naval activity at 9 strategic waterways |
Geospatial Datasets (10)
Tool | Description |
| 70 military bases from 9 operators |
| 40 strategic ports across 6 types |
| 24 oil/gas/hydrogen pipelines |
| 24 nuclear power/enrichment/research facilities |
| 34 submarine communications cables |
| 48 AI/HPC datacenters worldwide |
| 27 global spaceports |
| 27 strategic mineral deposits |
| 82 stock exchanges worldwide |
| Major trade routes and chokepoints |
News & Media (3)
Tool | Description |
| 80+ global RSS feeds with 4-tier source ranking |
| Trending terms with spike detection |
| GDELT 2.0 global news search |
Intelligence Analysis (8)
Tool | Description |
| Geographic convergence of multi-domain signals |
| Multi-signal focal point detection |
| Country-level signal aggregation |
| Activity deviations from baselines |
| Country Instability Index v2 (0-100) |
| ACLED-based conflict risk scoring |
| Escalation scores for 22 intel hotspots |
| Comprehensive country intelligence dossier |
NLP Intelligence (4)
Tool | Description |
| Named entity extraction (countries, leaders, orgs, CVEs, APTs) |
| Event classification into 14 threat categories |
| Topic clustering by Jaccard similarity |
| Keyword spike detection with Welford's algorithm |
Strategic Synthesis (4)
Tool | Description |
| Composite global risk from 9 weighted domains |
| Structured daily intelligence summary |
| Naval fleet activity report with readiness scoring |
| Population at risk near active events (105-city dataset) |
Climate (1)
Tool | Description |
| Open-Meteo temperature/precipitation anomalies |
Prediction Markets (1)
Tool | Description |
| Polymarket prediction contracts |
Elections (1)
Tool | Description |
| Global election calendar with risk scoring |
Displacement (1)
Tool | Description |
| UNHCR refugee/IDP statistics |
Aviation (2)
Tool | Description |
| FAA airport delay status |
| Global air traffic snapshot from OpenSky |
Cyber Threats (1)
Tool | Description |
| Aggregated cyber intel (URLhaus, CISA KEV, SANS) |
Space Weather (1)
Tool | Description |
| Solar activity (Kp index, X-ray flux, SWPC alerts) |
AI & Technology (4)
Tool | Description |
| arXiv AI papers, HuggingFace models |
| Hacker News top stories |
| GitHub trending repositories |
| arXiv paper search |
Health (1)
Tool | Description |
| WHO DON, ProMED, CIDRAP outbreaks |
Social & Sanctions (3)
Tool | Description |
| Reddit geopolitical discussion velocity |
| OFAC SDN list search |
| Seismic monitoring near nuclear test sites |
Shipping & Trade (1)
Tool | Description |
| Dry bulk shipping stress index |
Government (1)
Tool | Description |
| USAspending.gov federal contracts |
Country Intelligence (3)
Tool | Description |
| Quick country situation summary |
| Stock exchanges and listings by country |
| Global financial centers ranking |
Extended Geospatial (1)
Tool | Description |
| Cloud provider regions worldwide |
Traffic (2)
Tool | Description |
| Road traffic flow data |
| Real-time traffic incidents |
Cross-Domain Alerts (2)
Tool | Description |
| Cross-domain alert aggregation |
| Weekly trend analysis |
Monitoring (2)
Tool | Description |
| Public webcam locations and live previews |
| Server health, cache stats, circuit breaker status |
Vector Search (5)
Tool | Description |
| Natural language search across all accumulated intelligence |
| Find events similar to a given data point |
| Chronological view of intelligence for a domain/category |
| Vector store collection statistics |
| Trigger an on-demand collection cycle |
Cross-Domain Analytics (3)
Tool | Description |
| Find correlated signals across all domains for a given topic |
| Per-category summary of stored intelligence (counts, sources, recency) |
| Detect activity surges/drops by comparing recent vs baseline periods |
Reports (1)
Tool | Description |
| Generate a PDF or HTML intelligence report covering 18 domains in parallel |
Vector Store
The optional Qdrant vector store accumulates intelligence over time for semantic retrieval. All data fetched through the Fetcher is automatically embedded and stored.
Setup
# Install Qdrant (Docker)
docker run -p 6333:6333 qdrant/qdrant
# Install vector dependencies
pip install -e ".[vector]"
# Run the collector daemon (populates vector store 24/7)
intel-collector --daemon # every 5 minutes
intel-collector --daemon --interval 120 # every 2 minutes
intel-collector --sources markets,cyber # specific domains only
intel-collector # single collection cycleSemantic Search Examples
Once data accumulates, AI agents can query across all domains:
"military activity near Taiwan strait" — finds military flights, naval warnings, theater posture data
"cyber threats targeting healthcare" — finds URLhaus, CISA KEV entries related to healthcare
"economic indicators suggesting recession" — finds yield curve inversions, macro signals, FRED data
The vector store uses FastEmbed (ONNX-based, BAAI/bge-small-en-v1.5) for embeddings — no GPU required, ~3 second cold start.
Environment Variables
Variable | Required | Description |
| No | ACLED conflict events |
| No | Satellite wildfire data |
| No | Energy price data |
| No | Internet outage data |
| No | Macro economic data (also used for yield curve) |
| No | Military flight fallback |
| No | Military flight fallback |
| No | Logging level (default: INFO) |
Everything else uses free, unauthenticated public APIs.
Development
pip install -e ".[dev]"
pytest # 186 tests
pytest --cov=world_intel_mcp # with coverage
pytest tests/test_forex.py -v # single moduleAdding a New Source
Create
sources/your_source.pywithasync def fetch_your_data(fetcher: Fetcher, **kwargs) -> dictUse
fetcher.get_json(url, source="your-source", cache_key=..., cache_ttl=300)— automatic caching, retries, circuit breaking, rate limitingIn
server.py: addTool(...)toTOOLS, addcaseto_dispatch()(use inline import)Add tests using
respxto mock HTTP (seetests/test_forex.pyfor pattern)Optionally add to
dashboard/app.py(SSE) andcli.py(Click)
License
MIT