mcp-server-gti
Verified Safeby ArthurTcs
Overview
This MCP server provides an interface to Google's Threat Intelligence suite, enabling programmatic access to threat data, IOC analysis, and threat hunting capabilities.
Installation
gti_mcpEnvironment Variables
- VT_APIKEY
Security Notes
The server uses `os.getenv` for `VT_APIKEY`, which is good practice. No 'eval' or obvious obfuscation is present. All external API calls are handled by the `vt-py` library. The `analyse_file` function allows uploading local files for analysis. If the server or an agent using this tool is exposed to untrusted inputs, providing arbitrary file paths could be a concern, although the tool itself sends the file to an external service (VirusTotal) rather than executing it locally. The `create_collection` and `update_iocs_in_collection` tools modify data on Google Threat Intelligence, implying that the `VT_APIKEY` should have appropriate, least-privilege permissions. Overall, the code follows good security practices, but the security depends heavily on the scope of the provided `VT_APIKEY` and how the tool's file upload/data modification capabilities are managed in deployment.
Similar Servers
mcp-server
A Model Context Protocol (MCP) server that integrates with SerpApi to provide comprehensive search engine results and data extraction to an LLM.
mcp-server-cortex
This server acts as a bridge, exposing Cortex threat intelligence analysis capabilities as tools consumable by Model Context Protocol (MCP) clients, such as large language models (LLMs).
mitre-mcp
A production-ready Model Context Protocol (MCP) server that exposes the MITRE ATT&CK® framework to LLMs, AI assistants, and automation workflows.
pypi-mcp
Provides AI models with a Model Context Protocol (MCP) server to query PyPI package information, analyze dependencies, check vulnerabilities, and manage Python package data.