SelfLabbs

MCP Security Server: Give Your AI Agents Threat Intelligence

Updated July 2026

AI agents make security-relevant decisions constantly. A coding agent installs npm or PyPI packages it chose. A research agent follows URLs it has never seen. An ops agent reads logs full of unknown IPs. In most setups, none of these decisions involve any threat intelligence.

An MCP security server fixes this by putting threat lookups in the agent tool loop. Security Intel MCP is an open-source (MIT) remote MCP server exposing four checks any MCP client can call:

The four checks

CVE lookup — CVE details from the National Vulnerability Database, including CVSS score, severity, and CISA KEV (known-exploited) status.

Package vulnerability check — OSV.dev vulnerabilities for any package/version across npm, PyPI, Go, Maven, crates.io, RubyGems, Packagist, NuGet, with fixed versions.

Malicious URL check — URLhaus (abuse.ch) detection of known malware/phishing URLs.

IP reputation — AbuseIPDB confidence score, report history, Tor status, ISP and geography.

Setup

claude mcp add --transport http security-intel https://security-intel-mcp.greenfield1775.workers.dev/mcp

CVE and package tools need zero API keys. Self-host with one dependency-free file on Cloudflare Workers free tier — see the GitHub repo.

Make agents use it automatically

Before adding any new dependency, run package_vulnerabilities on it.