Model Context Protocol

Threat Intel for AI Agents

Add ThreatChain to Claude Desktop, Cursor, Cline, or any MCP-compatible AI agent. 7 tools for hash lookup, CVE search, rugpull scoring, and wallet exposure — free, no API key required.

MCP Tools

3.5M+

Threats

342K+

CVEs

Free

Forever

Install in Claude Desktop

Option 1 — HTTP Transport (Recommended)

Add this to your Claude Desktop config file. On macOS it's at ~/Library/Application Support/Claude/claude_desktop_config.json.

{
  "mcpServers": {
    "threatchain": {
      "url": "https://threatchain.io/mcp",
      "transport": "http"
    }
  }
}

Restart Claude Desktop. You'll see the ThreatChain tools appear in the hammer icon.

Option 2 — Any MCP Client

ThreatChain implements the standard MCP JSON-RPC 2.0 protocol. Works with any MCP-compatible client:

Claude Desktop (macOS, Windows)
Cursor IDE
Cline (VS Code extension)
Continue.dev
Custom agents via the mcp Python/TypeScript SDK

Endpoint: https://threatchain.io/mcp

Manifest: https://threatchain.io/mcp/manifest.json

Available Tools

lookup_hash

Look up hashes (MD5/SHA1/SHA256), CVE IDs, or wallet addresses against 3M+ threats.

enrich_hash

Unified enrichment: VirusTotal (60+ engines) + Hybrid Analysis + MalwareBazaar + ThreatChain.

score_contract_rugpull

0-100 rugpull risk score for ERC-20 contracts on Ethereum, Arbitrum, Base.

check_wallet_exposure

Scan a wallet's recent transactions for interactions with known scam addresses.

search_cves

342K+ CVEs with filters: severity, vendor, product, EPSS score, CISA KEV status.

search_threats

Full-text search across all threat records: malware, phishing, wallets, IPs.

get_stats

Platform statistics: total threats, new in 24h, CVE counts, KEV entries.

Example Queries (In Claude Desktop)

After installing, try asking Claude:

"Check if CVE-2021-44228 is actively exploited"
"Is the token at 0xabc... a rugpull?"
"Show me the top 5 critical Apache CVEs from 2024"
"Has this wallet (0xdef...) interacted with any scam addresses?"
"Enrich this hash: 5bf2ef67e14876189cc28e342a7815ee9cb93ef9ff10110d5673ee2e31524844"

Protocol Details

ThreatChain implements MCP version 2024-11-05 over HTTP JSON-RPC 2.0. Supports:

initialize — handshake
tools/list — discover available tools
tools/call — execute a tool
ping — keepalive

Batched requests supported. Stateless — no session required.

Why Free?

ThreatChain is a free public threat intelligence platform. Our MCP server gives AI agents access to the same data humans get from threatchain.io — no API key, no rate limits, no gating.

If you're building a product on top of ThreatChain's MCP server, consider our paid tiers for higher limits and enterprise support.