Mallory MCP Server — threat intelligence tools for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers
Report project as malware

Project description

Mallory MCP Server

PyPI Python 3.11+ License: Apache 2.0

Mallory provides a robust source of cyber and threat intelligence. This MCP server exposes the Mallory API to AI agents via the malloryapi Python client, with tools for vulnerabilities, threat actors, malware, exploits, organizations, attack patterns, breaches, products, advisories, stories, mentions, search, and sources.

Once connected, your AI assistant (Cursor, Claude Desktop, or another MCP client) can look up CVEs, threat actors, malware, and more directly from Mallory — no copy-pasting from the dashboard.

Prerequisites

  • Python 3.11 or higher
  • A Mallory API key (mallory.ai)

Quick Start

1. Set your API key

Get an API key at mallory.ai and add it to your shell profile (~/.zshrc, ~/.bashrc, etc.):

export MALLORY_API_KEY=your_api_key_here

Reload your shell (or run source ~/.zshrc) so the variable is available.

2. Add to your AI client

Add the server to your MCP client config. Pick one of the options below.

Cursor — add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

Claude Desktop — add to claude_desktop_config.json:

{
  "mcpServers": {
    "Mallory": {
      "command": "uvx",
      "args": ["mallorymcp"]
    }
  }
}

Claude Code — run this command:

claude mcp add --transport stdio Mallory -- uvx mallorymcp

This stores the config in ~/.claude.json (local scope, current project). To share it with your team, use project scope instead:

claude mcp add --transport stdio --scope project Mallory -- uvx mallorymcp

This writes to .mcp.json in the project root, which can be committed to git.

uvx downloads and runs the package automatically — no install step needed. If you prefer to install it yourself, see Alternative: pip install below.

3. Restart your AI client and start using it

Ask your assistant to query Mallory:

  • "Look up CVE-2024-1234 and summarize the risk."
  • "List threat actors trending in the last 7 days."
  • "Find vulnerabilities that are known to be exploited."
  • "Search for intelligence on APT28."
  • "What malware is associated with technique T1566?"

The assistant calls the MCP tools automatically — you don't need to invoke tool names yourself.

Note: mallorymcp is an MCP server that communicates via JSON-RPC over stdio. It's designed to be launched by your AI client, not run interactively from a terminal.

Alternative: pip install

If you prefer installing the package rather than using uvx:

pip install mallorymcp

Then reference the command directly in your config:

{
  "mcpServers": {
    "Mallory": {
      "command": "mallorymcp"
    }
  }
}

Configuration

Environment Variable Required Description Default
MALLORY_API_KEY Yes Your Mallory API key
MALLORY_BASE_URL No Override the API base URL https://api.mallory.ai/v1

Tools

The server exposes the following tools, backed by the Mallory API.

Vulnerabilities (7)

Tool Description
get_vulnerability Get a vulnerability by CVE ID or UUID
list_vulnerabilities List/search vulnerabilities with filters and pagination
list_trending_vulnerabilities List vulnerabilities trending over 1d/7d/30d
list_exploited_vulnerabilities List vulnerabilities known to be exploited in the wild
get_vulnerability_detection_signatures Detection signatures for a CVE
get_vulnerability_exploitations Exploitation records for a CVE
get_vulnerability_configurations Affected configurations (CPE) for a CVE

Threat Actors (5)

Tool Description
get_threat_actor Get a threat actor by UUID or name
list_threat_actors List/search threat actors
list_trending_threat_actors List trending threat actors
list_mentioned_threat_actors Recent threat actor mentions from intel sources
get_threat_actor_attack_patterns MITRE ATT&CK patterns for an actor

Malware (5)

Tool Description
get_malware Get a malware entity by UUID or name
list_malware List/search malware
list_trending_malware List trending malware
get_malware_vulnerabilities Vulnerabilities linked to a malware
get_malware_attack_patterns MITRE ATT&CK patterns for a malware

Exploits (2)

Tool Description
get_exploit Get an exploit by UUID or identifier
list_exploits List/search exploits

Organizations (4)

Tool Description
get_organization Get an organization by UUID or name
list_organizations List/search organizations
list_trending_organizations List trending organizations
get_organization_breaches Breaches associated with an organization

Attack Patterns (4)

Tool Description
get_attack_pattern Get an attack pattern (MITRE ATT&CK technique) by UUID or ID
list_attack_patterns List/search attack patterns
get_attack_pattern_threat_actors Threat actors associated with a technique
get_attack_pattern_malware Malware associated with a technique

Breaches (3)

Tool Description
get_breach Get a breach by UUID or identifier
list_breaches List breaches
get_breach_organizations Organizations associated with a breach

Products (3)

Tool Description
get_product Get a technology product by UUID or name
list_products List/search technology products
get_product_advisories Security advisories for a product

Advisories (3)

Tool Description
get_advisory Get a technology product advisory by UUID or identifier
list_advisories List technology product advisories
get_advisory_vulnerabilities Vulnerabilities associated with an advisory

Stories (3)

Tool Description
get_story Get an intelligence story by UUID or identifier
list_stories List/search intelligence stories
list_story_topics List available story topics

Mentions (3)

Tool Description
list_mentions List recent mentions across entity types
list_mentions_actors Recent threat actor mentions
list_mentions_vulnerabilities Recent vulnerability mentions

Search and Sources (2)

Tool Description
search Search across all entity types by query string
list_sources List intelligence sources in the platform

Development

Install from source

git clone https://github.com/malloryai/mallorymcp.git
cd mallorymcp
uv sync
uv run mallorymcp

Lint

uv sync --extra lint
uv run ruff check src/ tests/
uv run ruff format src/ tests/

Project Structure

src/mallorymcp/
├── __init__.py
├── _version.py          # Auto-generated by hatch-vcs from git tags
├── app.py               # Entry point (main, stdio transport)
├── config/              # Env-based config (MALLORY_API_KEY, MALLORY_BASE_URL)
├── decorator/           # API error handling for tools
├── server/              # FastMCP server and tool loader
├── tools/               # Tool modules (one per resource area)
└── utils/               # Serialization, debug

Releasing

  1. Tag a release: git tag v0.4.0 && git push --tags
  2. Create a GitHub release from the tag
  3. GitHub Actions builds and publishes to PyPI via trusted publisher

License

Apache 2.0.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for malloryai from gravatar.com malloryai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Mallory
  • Tags cybersecurity , mallory , mcp , threat-intelligence
  • Requires: Python >=3.11
  • Provides-Extra: lint , test
Classifiers

Release history Release notifications | RSS feed

0.3.8

0.3.7

This version

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mallorymcp-0.3.6.tar.gz (14.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

mallorymcp-0.3.6-py3-none-any.whl (24.9 kB view details)

Uploaded Python 3

File details

Details for the file mallorymcp-0.3.6.tar.gz.

File metadata

  • Download URL: mallorymcp-0.3.6.tar.gz
  • Upload date:
  • Size: 14.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.6.tar.gz
Algorithm Hash digest
SHA256 7e2ba40be1fa272c164d9c12706bd2cca09cba9dafafe959ee5568365b76824d
MD5 96da2533040fde6a35e8c2be697f2de1
BLAKE2b-256 7401e56f2520d6fcf76df002ef0eaf18f1c1ab34d34112376c7aaee5aa73a347

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.6.tar.gz:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file mallorymcp-0.3.6-py3-none-any.whl.

File metadata

  • Download URL: mallorymcp-0.3.6-py3-none-any.whl
  • Upload date:
  • Size: 24.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for mallorymcp-0.3.6-py3-none-any.whl
Algorithm Hash digest
SHA256 4d3227071c848edc83cf7c9d5388460948d50c4f3eda22157ec0d36e63080124
MD5 1ddfd61b025605d2e0a37f567d91f732
BLAKE2b-256 156d0f85766500133cbe3269cb97102f1303b35bd9c69e81c713d5d74f9c5749

See more details on using hashes here.

Provenance

The following attestation bundles were made for mallorymcp-0.3.6-py3-none-any.whl:

Publisher: publish.yml on malloryai/mallorymcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page