Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"blackdome": {
"env": {
"BLACKDOME_API_KEY": "your-api-key-here"
},
"command": "blackdome-mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Give your AI agents direct access to live honeypot threat intelligence. Look up attacker IPs, browse indicators of compromise (IOCs), inspect captured credentials and malware payloads, profile threat actors, and render a real-time global attack map — all from Claude, Cursor, or any MCP-compatible client.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'blackdome-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked blackdome-mcp against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
AI agent trust & reputation protocol — verify, score, route, compare, delegate. 18 tools.
MCP Security Weekly
Get CVE alerts and security updates for io.github.blackdome-ai/blackdome and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Give your AI agents direct access to live honeypot threat intelligence. Look up attacker IPs, browse indicators of compromise (IOCs), inspect captured credentials and malware payloads, profile threat actors, and render a real-time global attack map — all from Claude, Cursor, or any MCP-compatible client.
Most tools are free and need no API key (the public community tier). A subset of high-value intelligence requires a paid plan.
pip install blackdome-mcp
The free public tools work with no API key. To unlock the paid tiers (credential intelligence, payloads, actors, warboard, STIX export), get an API key at https://blackdome.ai/pricing.
Add to your claude_desktop_config.json:
{
"mcpServers": {
"blackdome": {
"command": "blackdome-mcp",
"env": {
"BLACKDOME_API_KEY": "your-api-key-here"
}
}
}
}
The
envblock is optional — omitBLACKDOME_API_KEYto run free public tools only.
claude mcp add blackdome -- blackdome-mcp
# Optional — only needed for paid tools:
export BLACKDOME_API_KEY="your-api-key-here"
Add to your MCP settings:
{
"blackdome": {
"command": "blackdome-mcp",
"env": {
"BLACKDOME_API_KEY": "your-api-key-here"
}
}
}
Free tools work with no key. Paid tools require an API key whose plan includes the listed feature.
| Tool | Tier | Description |
|---|---|---|
lookup_attacker_ip | Free | Full dossier for one attacker IP — events, protocols, credentials (passwords masked), MITRE, edge nodes |
top_attackers | Free | Most active attacker IPs over a window — pick one to drill into |
attack_map | Free | Recent geolocated attack events for a live map (limit ≥ 10) |
attack_heatmap | Free | Country-aggregated attack heatmap with centroids (limit ≥ 5) |
credential_preview | Free | Sample of recent credentials (masked server-side) + teaser totals |
verify_sigil | Free | Verify a BlackDome Sigil / audit record by id |
recent_iocs | Free | Browse recent IOCs with full filter set (72h community delay) |
ioc_trends | Free | Aggregated IOC trends — totals, breakdowns, daily new, top MITRE |
export_iocs | Free (json/csv) · Pro (stix) | Export the IOC feed; STIX bundle needs the stix_export feature |
search_credentials | Enterprise (credential_intel) | Search the global credential corpus with PLAINTEXT passwords |
credential_stats | Enterprise (credential_intel) | Aggregate credential stats — top usernames/passwords, breakdowns |
list_payloads | Pro (api_access) | List captured malware payloads, or fetch one by sha256 (VT/MB intel) |
get_actor | Pro (api_access) | List clustered threat actors, or fetch one actor's sessions |
warboard | Pro (api_access) | Sigil leaderboard with intrusion narratives + attacker command tails |
list_notable_sessions | Enterprise (session_intel) | Ranked hand-keyed attacker sessions surfaced out of botnet noise |
get_session_transcript | Enterprise (session_intel) | Structured command/output transcript for one attacker session |
list_detonations | Pro (detonation_intel) | Malware detonation list with verdicts, Magika labels and IOC counts |
get_detonation_report | Pro (detonation_intel) | Full detonation report with behavior, IOCs, artifact classification and report availability |
get_artifact | Pro (detonation_intel) | Artifact dossier with linked detonation, IOCs and session identifiers only |
whoami | Any key | Check your tenant, plan, features and live quota |
Plans: Community (free) → Pro ($299, adds stix_export, api_access, `detonation_int