Mallory MCP Server — threat intelligence tools for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers
Report project as malware

Project description

Mallory MCP Server

PyPI Python 3.11+ License: Apache 2.0

Mallory provides a robust source of cyber and threat intelligence. This MCP server exposes the Mallory API to AI agents via the malloryapi Python client, with tools for vulnerabilities, threat actors, malware, exploits, organizations, attack patterns, breaches, products, advisories, stories, mentions, search, and sources.

Once connected, your AI assistant (Cursor, Claude Desktop, or another MCP client) can look up CVEs, threat actors, malware, and more directly from Mallory — no copy-pasting from the dashboard.

Prerequisites

  • Python 3.11 or higher
  • A Mallory API key (mallory.ai)

Quick Start

1. Set your API key

Get an API key at mallory.ai and add it to your shell profile (~/.zshrc, ~/.bashrc, etc.):

export MALLORY_API_KEY=your_api_key_here

Reload your shell (or run source ~/.zshrc) so the variable is available.

2. Add to your AI client

Add the server to your MCP client config. Pick one of the options below.

Cursor — add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

Claude Desktop — add to claude_desktop_config.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

Claude Code — run this command:

claude mcp add --transport stdio Mallory -- uvx mallorymcp

This stores the config in ~/.claude.json (local scope, current project). To share it with your team, use project scope instead:

claude mcp add --transport stdio --scope project Mallory -- uvx mallorymcp

This writes to .mcp.json in the project root, which can be committed to git.

uvx downloads and runs the package automatically — no install step needed. If you prefer to install it yourself, see Alternative: pip install below.

3. Restart your AI client and start using it

Ask your assistant to query Mallory:

  • "Look up CVE-2024-1234 and summarize the risk."
  • "List threat actors trending in the last 7 days."
  • "Find vulnerabilities that are known to be exploited."
  • "Search for intelligence on APT28."
  • "What malware is associated with technique T1566?"

The assistant calls the MCP tools automatically — you don't need to invoke tool names yourself.

Note: mallorymcp is an MCP server that communicates via JSON-RPC over stdio. It's designed to be launched by your AI client, not run interactively from a terminal.

Alternative: pip install

If you prefer installing the package rather than using uvx:

pip install mallorymcp

Then reference the command directly in your config:

{
  "mcpServers": {
    "Mallory": {
      "command": "mallorymcp"
    }
  }
}

Configuration

Environment Variable Required Description Default
MALLORY_API_KEY Yes Your Mallory API key
MALLORY_BASE_URL No Override the API base URL https://api.mallory.ai/v1

Tools

The server exposes the following tools, backed by the Mallory API.

Vulnerabilities (7)

Tool Description
get_vulnerability Get a vulnerability by CVE ID or UUID
list_vulnerabilities List/search vulnerabilities with filters and pagination
list_trending_vulnerabilities List vulnerabilities trending over 1d/7d/30d
list_exploited_vulnerabilities List vulnerabilities known to be exploited in the wild
get_vulnerability_detection_signatures Detection signatures for a CVE
get_vulnerability_exploitations Exploitation records for a CVE
get_vulnerability_configurations Affected configurations (CPE) for a CVE

Threat Actors (5)

Tool Description
get_threat_actor Get a threat actor by UUID or name
list_threat_actors List/search threat actors
list_trending_threat_actors List trending threat actors
list_mentioned_threat_actors Recent threat actor mentions from intel sources
get_threat_actor_attack_patterns MITRE ATT&CK patterns for an actor

Malware (5)

Tool Description
get_malware Get a malware entity by UUID or name
list_malware List/search malware
list_trending_malware List trending malware
get_malware_vulnerabilities Vulnerabilities linked to a malware
get_malware_attack_patterns MITRE ATT&CK patterns for a malware

Exploits (2)

Tool Description
get_exploit Get an exploit by UUID or identifier
list_exploits List/search exploits

Organizations (4)

Tool Description
get_organization Get an organization by UUID or name
list_organizations List/search organizations
list_trending_organizations List trending organizations
get_organization_breaches Breaches associated with an organization

Attack Patterns (4)

Tool Description
get_attack_pattern Get an attack pattern (MITRE ATT&CK technique) by UUID or ID
list_attack_patterns List/search attack patterns
get_attack_pattern_threat_actors Threat actors associated with a technique
get_attack_pattern_malware Malware associated with a technique

Breaches (3)

Tool Description
get_breach Get a breach by UUID or identifier
list_breaches List breaches
get_breach_organizations Organizations associated with a breach

Products (3)

Tool Description
get_product Get a technology product by UUID or name
list_products List/search technology products
get_product_advisories Security advisories for a product

Advisories (3)

Tool Description
get_advisory Get a technology product advisory by UUID or identifier
list_advisories List technology product advisories
get_advisory_vulnerabilities Vulnerabilities associated with an advisory

Stories (3)

Tool Description
get_story Get an intelligence story by UUID or identifier
list_stories List/search intelligence stories
list_story_topics List available story topics

Mentions (3)

Tool Description
list_mentions List recent mentions across entity types
list_mentions_actors Recent threat actor mentions
list_mentions_vulnerabilities Recent vulnerability mentions

Search and Sources (2)

Tool Description
search Search across all entity types by query string
list_sources List intelligence sources in the platform

Development

Install from source

git clone https://github.com/malloryai/mallorymcp.git
cd mallorymcp
uv sync
uv run mallorymcp

Lint

uv sync --extra lint
uv run ruff check src/ tests/
uv run ruff format src/ tests/

Project Structure

src/mallorymcp/
├── __init__.py
├── _version.py          # Auto-generated by hatch-vcs from git tags
├── app.py               # Entry point (main, stdio transport)
├── config/              # Env-based config (MALLORY_API_KEY, MALLORY_BASE_URL)
├── decorator/           # API error handling for tools
├── server/              # FastMCP server and tool loader
├── tools/               # Tool modules (one per resource area)
└── utils/               # Serialization, debug

Releasing

  1. Tag a release: git tag v0.4.0 && git push --tags
  2. Create a GitHub release from the tag
  3. GitHub Actions builds and publishes to PyPI via trusted publisher

License

Apache 2.0.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers

Release history Release notifications | RSS feed

This version

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mallorymcp-0.3.8.tar.gz (14.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mallorymcp-0.3.8-py3-none-any.whl (24.9 kB view details)

Uploaded Python 3

File details

Details for the file mallorymcp-0.3.8.tar.gz.

File metadata

  • Download URL: mallorymcp-0.3.8.tar.gz
  • Upload date:
  • Size: 14.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.8.tar.gz
Algorithm Hash digest
SHA256 c9035a6228b032df8d6ae0f4d03516bd00c631886fa2ecf0c5dcc692071406d5
MD5 1304327dd058c622c4bbd40455140de5
BLAKE2b-256 a73216bca25244d60f382357b3ac42420b1517d8aac98b1629fd6a5cf359683a

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.8.tar.gz:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mallorymcp-0.3.8-py3-none-any.whl.

File metadata

  • Download URL: mallorymcp-0.3.8-py3-none-any.whl
  • Upload date:
  • Size: 24.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.8-py3-none-any.whl
Algorithm Hash digest
SHA256 5ddc62f7c8c0e68f18df8b5a848adc56523de9a0b508aaa2b997b65c4b71f0a1
MD5 4d9ce7aad9fa0055b04ef0c4c4934151
BLAKE2b-256 26c185b5de8640e83a93c54544817e2774b099eedd74a8f1b80f9a6bdaad05a1

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.8-py3-none-any.whl:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page