io.github.maco144/nullcone

Real-time threat intel for AI agents: 890K+ IOCs incl. prompt-injection & AI-skill threats

GitHub

No known CVEs

No license

Actively maintained

Last commit 4d ago

Works with most clients

Transport:

0 tools

Grade F

Edit this pageView history

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-maco144-nullcone": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-maco144-nullcone)](https://mcppedia.org/s/io-github-maco144-nullcone)

Read me

What io.github.maco144/nullcone does

Real-time threat intel for AI agents: 890K+ IOCs incl. prompt-injection & AI-skill threats

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

29/100across 5 weighted dimensions

How we score →

0255075100

−71

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.maco144/nullcone safe to use?: io.github.maco144/nullcone has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.maco144/nullcone?: io.github.maco144/nullcone can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.maco144/nullcone?: io.github.maco144/nullcone is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.maco144/nullcone actively maintained?: io.github.maco144/nullcone is actively maintained — last commit was 4 days ago.

Similar servers

Others in ai-ml

View all →

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

87.0k 1

Memory MCP Server98

Persistent memory using a knowledge graph

87.0k 5

Better Chatbot96

Just a Better Chatbot. Powered by Agent & MCP & Workflows.

1.1k 4

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.3k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.maco144/nullcone and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Use it (hosted — nothing to install)

The server is hosted at https://nullcone.ai/mcp over streamable HTTP. Add it to any MCP client:

Claude Code

claude mcp add --transport http nullcone https://nullcone.ai/mcp

Cursor / other MCP clients — add to your MCP config:

{ "mcpServers": { "nullcone": { "url": "https://nullcone.ai/mcp" } } }

No signup or token required. Read tools and IOC submission are open; destructive tools (e.g. revoke_ioc) are disabled on the public endpoint.

Tools

30+ tools including:

lookup_ioc(value) — check any indicator against the feed

recent_threats(limit, min_severity) — current threat picture

submit_ioc(...) / submit_batch(...) — contribute indicators

check_prompt(...) — sub-millisecond prompt-injection lookup

validate_skill(...) / scan_skill_content(...) — vet MCP tools / AI skills before loading

poll_since(last_id) — incremental sync, no persistent connection

get_stats(), list_families(), search_by_type(...), and more

Resources: threat://stats, threat://recent, threat://families, threat://family/{name}, threat://ioc/{value}. Prompts: analyze_ioc, triage_alert, threat_brief.

Self-host

The server is built on the public nullcone SDK.

pip install -r requirements.txt MCP_TRANSPORT=streamable-http MCP_PORT=8001 python server.py

Or with Docker:

docker build -t nullcone-mcp . docker run -p 8001:8001 nullcone-mcp

Set MCP_PUBLIC=1 to run an anonymous public endpoint (disables destructive tools); omit it for full local control over stdio (MCP_TRANSPORT=stdio).

Frequently Asked Questions

Is io.github.maco144/nullcone safe to use?

io.github.maco144/nullcone has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.maco144/nullcone?

io.github.maco144/nullcone can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.maco144/nullcone?

io.github.maco144/nullcone is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.maco144/nullcone actively maintained?

io.github.maco144/nullcone is actively maintained — last commit was 4 days ago.

Nullcone MCP Server

Real-time threat intelligence for AI agents, exposed as a Model Context Protocol server. Check IPs, domains, URLs, hashes, CVEs, prompt-injection payloads, and malicious AI-skill / MCP-tool definitions against the Nullcone network — 890K+ IOCs, free, no API key.

Backed by nullcone.ai.

Use it (hosted — nothing to install)

The server is hosted at https://nullcone.ai/mcp over streamable HTTP. Add it to any MCP client:

Claude Code

claude mcp add --transport http nullcone https://nullcone.ai/mcp

Cursor / other MCP clients — add to your MCP config:

{
  "mcpServers": {
    "nullcone": {
      "url": "https://nullcone.ai/mcp"
    }
  }
}

No signup or token required. Read tools and IOC submission are open; destructive tools (e.g. revoke_ioc) are disabled on the public endpoint.

Tools

30+ tools including:

lookup_ioc(value) — check any indicator against the feed
recent_threats(limit, min_severity) — current threat picture
submit_ioc(...) / submit_batch(...) — contribute indicators
check_prompt(...) — sub-millisecond prompt-injection lookup
validate_skill(...) / scan_skill_content(...) — vet MCP tools / AI skills before loading
poll_since(last_id) — incremental sync, no persistent connection
get_stats(), list_families(), search_by_type(...), and more

Resources: threat://stats, threat://recent, threat://families, threat://family/{name}, threat://ioc/{value}. Prompts: analyze_ioc, triage_alert, threat_brief.

Self-host

The server is built on the public nullcone SDK.

pip install -r requirements.txt
MCP_TRANSPORT=streamable-http MCP_PORT=8001 python server.py

Or with Docker:

docker build -t nullcone-mcp .
docker run -p 8001:8001 nullcone-mcp

Set MCP_PUBLIC=1 to run an anonymous public endpoint (disables destructive tools); omit it for full local control over stdio (MCP_TRANSPORT=stdio).

License

Rising Sun License v1.0 — see LICENSE. Free for individuals and small teams.