MCP Server

MalloryAI MCP Server User Guide

Introduction

The MalloryAI Intelligence MCP Server connects advanced cybersecurity intelligence capabilities to your AI assistants through the Model Context Protocol (MCP) framework. With this integration, you can leverage real-time threat intelligence, vulnerability analysis, and exploitation data directly within your conversational AI workflows.

What You Can Do

With the MalloryAI MCP Server, you can:

Query vulnerability databases using CVE identifiers
Track real-world exploitation of security vulnerabilities
Research threat actors and their tactics, techniques, and procedures
Monitor emerging cybersecurity threats
Access detailed intelligence about security incidents

Getting Started

Requirements

A MalloryAI account with an API key
Python 3.13 or higher
Basic familiarity with command-line operations

Installation

Get Your API Key

Download the Software

git clone https://github.com/malloryai/mallory-mcp-server.git
cd mallory-mcp-server

Set Up the Environment

Create a virtual environment and install the software:

# Option 1: Using uv (recommended for better performance)
uv venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
uv pip install -e .

# Option 2: Using standard pip
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
pip install -e .

Configure Your Server
Create a .env file in the project root folder with your API key:
```
MALLORY_API_KEY=your_api_key_here
```

Running the MCP Server

Standalone Mode

Start the server with a simple command:

python -m malloryai.mcp.app

Integration with Claude Desktop

MalloryAI works seamlessly with Claude Desktop. To connect:

Open Claude Desktop
Navigate to Settings → Developer → Edit Config
Add a new MCP server with the following configuration:

{
  "mcpServers": {
    "MalloryAI": {
      "command": "/path/to/uv",
      "args": [
        "run",
        "--python",
        "/path/to/mcp-server/.venv/bin/python",
        "/path/to/mcp-server/malloryai/mcp/app.py"
      ],
      "env": {
        "MALLORY_API_KEY": "your_api_key_here"
      }
    }
  }
}

Save your settings and restart Claude Desktop
Start a new conversation and confirm that MalloryAI appears in the available tools

Using MalloryAI with Claude

Once connected, you can use natural language to request cybersecurity intelligence from Claude. Here are some examples:

Researching Vulnerabilities

Tell me about CVE-2023-3519. Has it been exploited in the wild?

Investigating Threat Actors

What do we know about the APT group Lazarus? Which sectors do they typically target?

Monitoring Recent Exploitations

Show me the most recently detected exploitation activities. Which vulnerabilities are being actively exploited right now?

Give me details about exploitation incident 123e4567-e89b-12d3-a456-426614174000. When was it first observed and how many occurrences were detected?

Checking Detection Signatures

Are there any detection signatures available for CVE-2023-29360?

Command Reference

The MalloryAI MCP Server provides the following capabilities:

Function

Description

Example Usage

find_vulnerability

Get detailed information about a specific CVE

"Tell me about CVE-2023-3519"

get_vulnerabilities

Search or browse multiple vulnerabilities

"Show me recent high-severity vulnerabilities"

get_vulnerability_exploitations

Check if a vulnerability has been exploited

"Has CVE-2023-3519 been exploited in the wild?"

get_vulnerability_detection_signatures

Find detection methods for a vulnerability

"What detection signatures exist for CVE-2023-3519?"

get_vulnerability_configurations

See affected system configurations

"Which systems are affected by CVE-2023-3519?"

get_exploitation

Get details about a specific exploitation incident

"Show me details about exploitation UUID abc123"

list_exploitations

Browse recent exploitation incidents

"What vulnerabilities have been exploited recently?"

get_threat_actor

Research a specific threat actor

"Tell me about Lazarus Group"

list_threat_actors

Browse multiple threat actors

"Show me recently active threat actors"

get_mentioned_threat_actors

Monitor recent threat actor activities

"Which threat actors have been mentioned recently?"

Troubleshooting

Common Issues

Server Won't Start

Verify your API key is correct in the .env file
Ensure Python 3.13+ is installed and active in your environment
Check network connectivity to MalloryAI services

Integration Issues with Claude

Confirm your Claude Desktop configuration matches the example
Verify that all paths in the configuration are correct for your system
Check that the MCP server is running before starting Claude

Getting Help

If you encounter issues:

Contact support at hello@mallory.ai

Updates and Maintenance

To update your MalloryAI MCP Server:

cd mallory-mcp-server
git pull
uv pip install -e .  # or pip install -e .

Last updated 1 month ago

# Option 1: Using uv (recommended for better performance) uv venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate uv pip install -e . # Option 2: Using standard pip python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate pip install -e .

{ "mcpServers": { "MalloryAI": { "command": "/path/to/uv", "args": [ "run", "--python", "/path/to/mcp-server/.venv/bin/python", "/path/to/mcp-server/malloryai/mcp/app.py" ], "env": { "MALLORY_API_KEY": "your_api_key_here" } } } }