Mallory MCP Server — threat intelligence tools for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers
Report project as malware

Project description

Mallory MCP Server

PyPI Python 3.11+ License: Apache 2.0

Mallory provides a robust source of cyber and threat intelligence. This MCP server exposes the Mallory API to AI agents via the malloryapi Python client, with tools for vulnerabilities, threat actors, malware, exploits, organizations, attack patterns, breaches, products, advisories, stories, mentions, search, and sources.

Once connected, your AI assistant (Cursor, Claude Desktop, or another MCP client) can look up CVEs, threat actors, malware, and more directly from Mallory — no copy-pasting from the dashboard.

Prerequisites

  • Python 3.11 or higher
  • A Mallory API key (mallory.ai)

Quick Start

1. Set your API key

Get an API key at mallory.ai and add it to your shell profile (~/.zshrc, ~/.bashrc, etc.):

export MALLORY_API_KEY=your_api_key_here

Reload your shell (or run source ~/.zshrc) so the variable is available.

2. Add to your AI client

Add the server to your MCP client config. Pick one of the options below.

Cursor — add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

Claude Desktop — add to claude_desktop_config.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

uvx downloads and runs the package automatically — no install step needed. If you prefer to install it yourself, see Alternative: pip install below.

3. Restart your AI client and start using it

Ask your assistant to query Mallory:

  • "Look up CVE-2024-1234 and summarize the risk."
  • "List threat actors trending in the last 7 days."
  • "Find vulnerabilities that are known to be exploited."
  • "Search for intelligence on APT28."
  • "What malware is associated with technique T1566?"

The assistant calls the MCP tools automatically — you don't need to invoke tool names yourself.

Note: mallorymcp is an MCP server that communicates via JSON-RPC over stdio. It's designed to be launched by your AI client, not run interactively from a terminal.

Alternative: pip install

If you prefer installing the package rather than using uvx:

pip install mallorymcp

Then reference the command directly in your config:

{
  "mcpServers": {
    "Mallory": {
      "command": "mallorymcp"
    }
  }
}

Configuration

Environment Variable Required Description Default
MALLORY_API_KEY Yes Your Mallory API key
MALLORY_BASE_URL No Override the API base URL https://api.mallory.ai/v1

Tools

The server exposes the following tools, backed by the Mallory API.

Vulnerabilities (7)

Tool Description
get_vulnerability Get a vulnerability by CVE ID or UUID
list_vulnerabilities List/search vulnerabilities with filters and pagination
list_trending_vulnerabilities List vulnerabilities trending over 1d/7d/30d
list_exploited_vulnerabilities List vulnerabilities known to be exploited in the wild
get_vulnerability_detection_signatures Detection signatures for a CVE
get_vulnerability_exploitations Exploitation records for a CVE
get_vulnerability_configurations Affected configurations (CPE) for a CVE

Threat Actors (5)

Tool Description
get_threat_actor Get a threat actor by UUID or name
list_threat_actors List/search threat actors
list_trending_threat_actors List trending threat actors
list_mentioned_threat_actors Recent threat actor mentions from intel sources
get_threat_actor_attack_patterns MITRE ATT&CK patterns for an actor

Malware (5)

Tool Description
get_malware Get a malware entity by UUID or name
list_malware List/search malware
list_trending_malware List trending malware
get_malware_vulnerabilities Vulnerabilities linked to a malware
get_malware_attack_patterns MITRE ATT&CK patterns for a malware

Exploits (2)

Tool Description
get_exploit Get an exploit by UUID or identifier
list_exploits List/search exploits

Organizations (4)

Tool Description
get_organization Get an organization by UUID or name
list_organizations List/search organizations
list_trending_organizations List trending organizations
get_organization_breaches Breaches associated with an organization

Attack Patterns (4)

Tool Description
get_attack_pattern Get an attack pattern (MITRE ATT&CK technique) by UUID or ID
list_attack_patterns List/search attack patterns
get_attack_pattern_threat_actors Threat actors associated with a technique
get_attack_pattern_malware Malware associated with a technique

Breaches (3)

Tool Description
get_breach Get a breach by UUID or identifier
list_breaches List breaches
get_breach_organizations Organizations associated with a breach

Products (3)

Tool Description
get_product Get a technology product by UUID or name
list_products List/search technology products
get_product_advisories Security advisories for a product

Advisories (3)

Tool Description
get_advisory Get a technology product advisory by UUID or identifier
list_advisories List technology product advisories
get_advisory_vulnerabilities Vulnerabilities associated with an advisory

Stories (3)

Tool Description
get_story Get an intelligence story by UUID or identifier
list_stories List/search intelligence stories
list_story_topics List available story topics

Mentions (3)

Tool Description
list_mentions List recent mentions across entity types
list_mentions_actors Recent threat actor mentions
list_mentions_vulnerabilities Recent vulnerability mentions

Search and Sources (2)

Tool Description
search Search across all entity types by query string
list_sources List intelligence sources in the platform

Development

Install from source

git clone https://github.com/malloryai/mallorymcp.git
cd mallorymcp
uv sync
uv run mallorymcp

Lint

uv sync --extra lint
uv run ruff check src/ tests/
uv run ruff format src/ tests/

Project Structure

src/mallorymcp/
├── __init__.py
├── _version.py          # Auto-generated by hatch-vcs from git tags
├── app.py               # Entry point (main, stdio transport)
├── config/              # Env-based config (MALLORY_API_KEY, MALLORY_BASE_URL)
├── decorator/           # API error handling for tools
├── server/              # FastMCP server and tool loader
├── tools/               # Tool modules (one per resource area)
└── utils/               # Serialization, debug

Releasing

  1. Tag a release: git tag v0.4.0 && git push --tags
  2. Create a GitHub release from the tag
  3. GitHub Actions builds and publishes to PyPI via trusted publisher

License

Apache 2.0.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers

Release history Release notifications | RSS feed

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

This version

0.3.3

0.3.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mallorymcp-0.3.3.tar.gz (13.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mallorymcp-0.3.3-py3-none-any.whl (24.1 kB view details)

Uploaded Python 3

File details

Details for the file mallorymcp-0.3.3.tar.gz.

File metadata

  • Download URL: mallorymcp-0.3.3.tar.gz
  • Upload date:
  • Size: 13.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.3.tar.gz
Algorithm Hash digest
SHA256 79f12f222ed015140e84e26de8666eccb3c63f6111d82bbad62db5f076547bd6
MD5 90a0ccc4266963f8cf8d7562be771c30
BLAKE2b-256 076ed1886d4305ddccd71cc2eabdd80362d32d8cb4015e3a2bb643c4fabba335

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.3.tar.gz:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mallorymcp-0.3.3-py3-none-any.whl.

File metadata

  • Download URL: mallorymcp-0.3.3-py3-none-any.whl
  • Upload date:
  • Size: 24.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 9945e89356ef1b12c8c1ed75537055975353e82b44e526bf9be245e71ab66a2e
MD5 de7c920e9a64720196317f2a1e384704
BLAKE2b-256 c324140243a6b06b21f9dbdb36e229bc95fa6e42b41e2af5bb9495c0c15e2012

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.3-py3-none-any.whl:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page