HomeBack to App

MCP Server

MalloryAI MCP Server User Guide

Introduction

The MalloryAI Intelligence MCP Server connects advanced cybersecurity intelligence capabilities to your AI assistants through the Model Context Protocol (MCP) framework. With this integration, you can leverage real-time threat intelligence, vulnerability analysis, and exploitation data directly within your conversational AI workflows.

What You Can Do

With the MalloryAI MCP Server, you can:

  • Query vulnerability databases using CVE identifiers

  • Track real-world exploitation of security vulnerabilities

  • Research threat actors and their tactics, techniques, and procedures

  • Monitor emerging cybersecurity threats

  • Access detailed intelligence about security incidents

Getting Started

Requirements

  • A MalloryAI account with an API key

  • Python 3.13 or higher

  • Basic familiarity with command-line operations

Installation

  1. Get Your API Key

    Sign up at MalloryAI Intelligence Portal and generate your API key from the account dashboard.

  2. Download the Software

    git clone https://github.com/malloryai/mallory-mcp-server.git
cd mallory-mcp-server

  3. Set Up the Environment

    Create a virtual environment and install the software:

    # Option 1: Using uv (recommended for better performance)
uv venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
uv pip install -e .

# Option 2: Using standard pip
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate
pip install -e .

  4. Configure Your Server

    Create a .env file in the project root folder with your API key:

    MALLORY_API_KEY=your_api_key_here

Running the MCP Server

Standalone Mode

Start the server with a simple command:

python -m malloryai.mcp.app

Integration with Claude Desktop

MalloryAI works seamlessly with Claude Desktop. To connect:

  1. Open Claude Desktop

  2. Navigate to Settings → Developer → Edit Config

  3. Add a new MCP server with the following configuration:

{
  "mcpServers": {
    "MalloryAI": {
      "command": "/path/to/uv",
      "args": [
        "run",
        "--python",
        "/path/to/mcp-server/.venv/bin/python",
        "/path/to/mcp-server/malloryai/mcp/app.py"
      ],
      "env": {
        "MALLORY_API_KEY": "your_api_key_here"
      }
    }
  }
}

  1. Save your settings and restart Claude Desktop

  2. Start a new conversation and confirm that MalloryAI appears in the available tools

Using MalloryAI with Claude

Once connected, you can use natural language to request cybersecurity intelligence from Claude. Here are some examples:

Researching Vulnerabilities

Tell me about CVE-2023-3519. Has it been exploited in the wild?

Investigating Threat Actors

What do we know about the APT group Lazarus? Which sectors do they typically target?

Monitoring Recent Exploitations

Show me the most recently detected exploitation activities. Which vulnerabilities are being actively exploited right now?
Give me details about exploitation incident 123e4567-e89b-12d3-a456-426614174000. When was it first observed and how many occurrences were detected?

Checking Detection Signatures

Are there any detection signatures available for CVE-2023-29360?

Command Reference

The MalloryAI MCP Server provides the following capabilities:

Function
Description
Example Usage

find_vulnerability

Get detailed information about a specific CVE

"Tell me about CVE-2023-3519"

get_vulnerabilities

Search or browse multiple vulnerabilities

"Show me recent high-severity vulnerabilities"

get_vulnerability_exploitations

Check if a vulnerability has been exploited

"Has CVE-2023-3519 been exploited in the wild?"

get_vulnerability_detection_signatures

Find detection methods for a vulnerability

"What detection signatures exist for CVE-2023-3519?"

get_vulnerability_configurations

See affected system configurations

"Which systems are affected by CVE-2023-3519?"

get_exploitation

Get details about a specific exploitation incident

"Show me details about exploitation UUID abc123"

list_exploitations

Browse recent exploitation incidents

"What vulnerabilities have been exploited recently?"

get_threat_actor

Research a specific threat actor

"Tell me about Lazarus Group"

list_threat_actors

Browse multiple threat actors

"Show me recently active threat actors"

get_mentioned_threat_actors

Monitor recent threat actor activities

"Which threat actors have been mentioned recently?"

Troubleshooting

Common Issues

Server Won't Start

  • Verify your API key is correct in the .env file

  • Ensure Python 3.13+ is installed and active in your environment

  • Check network connectivity to MalloryAI services

Integration Issues with Claude

  • Confirm your Claude Desktop configuration matches the example

  • Verify that all paths in the configuration are correct for your system

  • Check that the MCP server is running before starting Claude

Getting Help

If you encounter issues:

  1. Check the Learn page

  2. Contact support at [email protected]

Updates and Maintenance

To update your MalloryAI MCP Server:

cd mallory-mcp-server
git pull
uv pip install -e .  # or pip install -e .

Last updated