Mallory MCP Server — threat intelligence tools for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers
Report project as malware

Project description

Mallory MCP Server

PyPI Python 3.11+ License: Apache 2.0

Mallory provides a robust source of cyber and threat intelligence. This MCP server exposes the Mallory API to AI agents via the malloryapi Python client, with tools for vulnerabilities, threat actors, malware, exploits, organizations, attack patterns, breaches, products, advisories, stories, mentions, search, and sources.

Once connected, your AI assistant (Cursor, Claude Desktop, or another MCP client) can look up CVEs, threat actors, malware, and more directly from Mallory — no copy-pasting from the dashboard.

Prerequisites

  • Python 3.11 or higher
  • A Mallory API key (mallory.ai)

Quick Start

1. Set your API key

Get an API key at mallory.ai and add it to your shell profile (~/.zshrc, ~/.bashrc, etc.):

export MALLORY_API_KEY=your_api_key_here

Reload your shell (or run source ~/.zshrc) so the variable is available.

2. Add to your AI client

Add the server to your MCP client config. Pick one of the options below.

Cursor — add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

Claude Desktop — add to claude_desktop_config.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

uvx downloads and runs the package automatically — no install step needed. If you prefer to install it yourself, see Alternative: pip install below.

3. Restart your AI client and start using it

Ask your assistant to query Mallory:

  • "Look up CVE-2024-1234 and summarize the risk."
  • "List threat actors trending in the last 7 days."
  • "Find vulnerabilities that are known to be exploited."
  • "Search for intelligence on APT28."
  • "What malware is associated with technique T1566?"

The assistant calls the MCP tools automatically — you don't need to invoke tool names yourself.

Note: mallorymcp is an MCP server that communicates via JSON-RPC over stdio. It's designed to be launched by your AI client, not run interactively from a terminal.

Alternative: pip install

If you prefer installing the package rather than using uvx:

pip install mallorymcp

Then reference the command directly in your config:

{
  "mcpServers": {
    "Mallory": {
      "command": "mallorymcp"
    }
  }
}

Configuration

Environment Variable Required Description Default
MALLORY_API_KEY Yes Your Mallory API key
MALLORY_BASE_URL No Override the API base URL https://api.mallory.ai/v1

Tools

The server exposes the following tools, backed by the Mallory API.

Vulnerabilities (7)

Tool Description
get_vulnerability Get a vulnerability by CVE ID or UUID
list_vulnerabilities List/search vulnerabilities with filters and pagination
list_trending_vulnerabilities List vulnerabilities trending over 1d/7d/30d
list_exploited_vulnerabilities List vulnerabilities known to be exploited in the wild
get_vulnerability_detection_signatures Detection signatures for a CVE
get_vulnerability_exploitations Exploitation records for a CVE
get_vulnerability_configurations Affected configurations (CPE) for a CVE

Threat Actors (5)

Tool Description
get_threat_actor Get a threat actor by UUID or name
list_threat_actors List/search threat actors
list_trending_threat_actors List trending threat actors
list_mentioned_threat_actors Recent threat actor mentions from intel sources
get_threat_actor_attack_patterns MITRE ATT&CK patterns for an actor

Malware (5)

Tool Description
get_malware Get a malware entity by UUID or name
list_malware List/search malware
list_trending_malware List trending malware
get_malware_vulnerabilities Vulnerabilities linked to a malware
get_malware_attack_patterns MITRE ATT&CK patterns for a malware

Exploits (2)

Tool Description
get_exploit Get an exploit by UUID or identifier
list_exploits List/search exploits

Organizations (4)

Tool Description
get_organization Get an organization by UUID or name
list_organizations List/search organizations
list_trending_organizations List trending organizations
get_organization_breaches Breaches associated with an organization

Attack Patterns (4)

Tool Description
get_attack_pattern Get an attack pattern (MITRE ATT&CK technique) by UUID or ID
list_attack_patterns List/search attack patterns
get_attack_pattern_threat_actors Threat actors associated with a technique
get_attack_pattern_malware Malware associated with a technique

Breaches (3)

Tool Description
get_breach Get a breach by UUID or identifier
list_breaches List breaches
get_breach_organizations Organizations associated with a breach

Products (3)

Tool Description
get_product Get a technology product by UUID or name
list_products List/search technology products
get_product_advisories Security advisories for a product

Advisories (3)

Tool Description
get_advisory Get a technology product advisory by UUID or identifier
list_advisories List technology product advisories
get_advisory_vulnerabilities Vulnerabilities associated with an advisory

Stories (3)

Tool Description
get_story Get an intelligence story by UUID or identifier
list_stories List/search intelligence stories
list_story_topics List available story topics

Mentions (3)

Tool Description
list_mentions List recent mentions across entity types
list_mentions_actors Recent threat actor mentions
list_mentions_vulnerabilities Recent vulnerability mentions

Search and Sources (2)

Tool Description
search Search across all entity types by query string
list_sources List intelligence sources in the platform

Development

Install from source

git clone https://github.com/malloryai/mallorymcp.git
cd mallorymcp
uv sync
uv run mallorymcp

Lint

uv sync --extra lint
uv run ruff check src/ tests/
uv run ruff format src/ tests/

Project Structure

src/mallorymcp/
├── __init__.py
├── _version.py          # Auto-generated by hatch-vcs from git tags
├── app.py               # Entry point (main, stdio transport)
├── config/              # Env-based config (MALLORY_API_KEY, MALLORY_BASE_URL)
├── decorator/           # API error handling for tools
├── server/              # FastMCP server and tool loader
├── tools/               # Tool modules (one per resource area)
└── utils/               # Serialization, debug

Releasing

  1. Tag a release: git tag v0.4.0 && git push --tags
  2. Create a GitHub release from the tag
  3. GitHub Actions builds and publishes to PyPI via trusted publisher

License

Apache 2.0.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers

Release history Release notifications | RSS feed

0.3.8

0.3.7

0.3.6

0.3.5

This version

0.3.4

0.3.3

0.3.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mallorymcp-0.3.4.tar.gz (13.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mallorymcp-0.3.4-py3-none-any.whl (24.7 kB view details)

Uploaded Python 3

File details

Details for the file mallorymcp-0.3.4.tar.gz.

File metadata

  • Download URL: mallorymcp-0.3.4.tar.gz
  • Upload date:
  • Size: 13.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.4.tar.gz
Algorithm Hash digest
SHA256 4a72cc256afcdc27dc9494e92a472120e4378ef51b796de12089ae27a23e3b43
MD5 3489365a6b205e7161039bf44c7f9f41
BLAKE2b-256 fa15c3d89402ae1115e4a0490df3ae0d4e1453e2a19f89e81fac06c5e8e30a97

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.4.tar.gz:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mallorymcp-0.3.4-py3-none-any.whl.

File metadata

  • Download URL: mallorymcp-0.3.4-py3-none-any.whl
  • Upload date:
  • Size: 24.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.4-py3-none-any.whl
Algorithm Hash digest
SHA256 e893e8658b6d475faca76cb01f70a719e4d8aa1b13631ddd46ff084c8cea1ec8
MD5 3609d70d379a93a97578307e80304bb2
BLAKE2b-256 478c87c9a2cadadd8d175e9461d872368b26f1bf437b92a796cf49fc9fa58d4d

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.4-py3-none-any.whl:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page