falcon-mcp
Verified Safeby CrowdStrike
Overview
An MCP server providing AI agents programmatic access to CrowdStrike Falcon platform capabilities for intelligent security analysis and automation, integrating threat detection, incident response, and vulnerability management into agentic workflows.
Installation
docker run -i --rm --env-file /path/to/.env quay.io/crowdstrike/falcon-mcp:latestEnvironment Variables
- FALCON_CLIENT_ID
- FALCON_CLIENT_SECRET
- FALCON_BASE_URL
Security Notes
The core Python server code (`falcon_mcp/server.py` and its dependencies) uses `python-dotenv` for environment variable loading, which is a secure approach. However, the `examples/adk/adk_agent_operations.sh` script, provided for deploying with a prebuilt Google ADK agent, uses an `eval` command to load `.env` variables (`eval "$(grep ...)"`). This construct is vulnerable to arbitrary code execution if a malicious string is present in the value of an environment variable in the `.env` file. This vulnerability is specific to that shell script and its usage path. Hardcoded API credentials are appropriately avoided, relying on environment variables or direct parameters. The project is explicitly in 'Public Preview' and not recommended for production deployments, indicating potential for undiscovered security issues.
Similar Servers
atomic-red-team-mcp
An MCP server providing tools to search, validate, refresh, and optionally execute Atomic Red Team security tests for threat emulation and security development.
Reversecore_MCP
Provides a Micro-Agent Control Protocol (MCP) server that wraps various reverse engineering CLI tools and libraries, enabling AI agents to perform binary analysis, malware analysis, and vulnerability research through natural language commands.
MalwareBazaar_MCP
An AI-driven MCP server interfacing with Malware Bazaar for real-time threat intelligence and sample metadata, supporting cybersecurity research workflows.
mcp-cyberbro
A Model Context Protocol (MCP) server for Cyberbro that extracts and analyzes Indicators of Compromise (IoCs) from unstructured input, checking their reputation using multiple threat intelligence services.