CVE search, vulnerability database, EPSS exploit prediction, KEV, IP reputation & threat feed.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"cyber-intel": {
"url": "https://cyber-intel-mcp-production.up.railway.app/mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Cybersecurity threat intelligence for AI agents — CVE search enriched with EPSS exploit-likelihood + CISA known-exploited (KEV) status, plus live IP/domain reputation and a real-time threat feed.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in data / security
Manage Supabase projects — databases, auth, storage, and edge functions
Zero-dependency, token-efficient database MCP server for Postgres, MySQL, SQL Server, MariaDB, SQLite.
Query and manage PostgreSQL databases directly from AI assistants
🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.
MCP Security Weekly
Get CVE alerts and security updates for io.github.FoundryNet/cyber-intel-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Cybersecurity threat intelligence for AI agents — CVE search enriched with EPSS exploit-likelihood + CISA known-exploited (KEV) status, plus live IP/domain reputation and a real-time threat feed.
Part of the FoundryNet Data Network. Attest your agent's security analysis with MINT Protocol. See also: gov-contracts-mcp, brand-intel-mcp, patent-intel-mcp, financial-signals-mcp, weather-intel-mcp, compliance-mcp.
https://cyber-intel-mcp-production.up.railway.app/mcpio.github.FoundryNet/cyber-intel-mcphttps://cyber-intel-mcp-production.up.railway.app/.well-known/agent-card.jsonclaude mcp add --transport http cyber-intel https://cyber-intel-mcp-production.up.railway.app/mcp
{ "mcpServers": { "cyber-intel": { "url": "https://cyber-intel-mcp-production.up.railway.app/mcp" } } }
| Tool | Price | What it does |
|---|---|---|
search_cve | $0.01 | CVE search by severity, CVSS, EPSS, attack vector, KEV status |
cve_detail | free | Full CVE — CVSS breakdown, EPSS, KEV, CWE, affected products, refs |
check_ip | $0.01 | IP reputation (AbuseIPDB + OTX) — abuse score, threat type, pulses |
check_domain | $0.01 | Domain threat indicators (OTX) |
vulnerability_scan | $0.02 | All CVEs for a product, sorted by EPSS — "should I worry about this dependency?" |
threat_feed | $0.01 | Recent threat indicators (IPs/domains/hashes/URLs) |
mint_info | free | FoundryNet Data Network + MINT Protocol |
Free tier: 25 paid-tool queries/day per agent. Then x402: the tool returns an
HTTP-402 with a Solana USDC payment memo — pay it, re-call with the same args plus
payment_tx=<signature>. An Authorization: Bearer fnet_… key bypasses the paywall.
Raw CVE counts are noise. Every vulnerability here carries its EPSS score (the
probability it'll be exploited) and a CISA KEV flag (whether it's actively
exploited). vulnerability_scan sorts a product's CVEs by exploit likelihood — so
an agent triaging a dependency sees what actually matters first.
Every 6 hours: NVD (CVEs, keyless + throttled), EPSS (exploit probability), CISA KEV (known-exploited catalog), GitHub Advisories. Live on demand: AbuseIPDB (IP reputation) + AlienVault OTX (IP/domain/pulse indicators). Stored in a standalone Supabase project.
MCP registry: io.github.FoundryNet/cyber-intel-mcp
Built by FoundryNet · hello@foundrynet.io
Live feed: mint.foundrynet.io/feed
Real-time verified work across 21 servers and autonomous agents, anchored on Solana via MINT Protocol.