mcp-threatintel (aplaceforallmystuff)
Unified threat-intel MCP server aggregating AlienVault OTX, AbuseIPDB, GreyNoise, and abuse.ch feeds.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcp-threatintel (aplaceforallmystuff), derived from its capabilities.
AIVSS 7.5 ยท High
View MAESTRO 7-layer threat model โOverview
This MCP server unifies multiple threat-intelligence feeds - AlienVault OTX, AbuseIPDB, GreyNoise, and abuse.ch - so agents can query IPs, domains, hashes, and URLs across all sources at once. It supports optional API keys per source with generous free tiers, and Feodo Tracker works without auth via public JSON. Aggregating attacker-controlled indicators and third-party verdicts makes it a tool-output injection surface holding several API keys.
Key features
- Unified OTX + AbuseIPDB + GreyNoise + abuse.ch
- Cross-source IP/domain/hash/URL lookups
- Optional per-source keys with free tiers
Use cases
- One-shot indicator enrichment across feeds
- IP reputation and abuse checks during IR