vuln-intel-mcp 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,8 @@
1
+ __pycache__/
2
+ *.py[cod]
3
+ *.egg-info/
4
+ .venv/
5
+ venv/
6
+ dist/
7
+ build/
8
+ .DS_Store
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Rohan Raj
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,91 @@
1
+ Metadata-Version: 2.4
2
+ Name: vuln-intel-mcp
3
+ Version: 0.1.0
4
+ Summary: Local MCP server for CVE remediation intelligence from public sources (NVD, CISA KEV, FIRST EPSS). Your model does the reasoning — no API keys, no external LLM calls, no data leaves your machine.
5
+ Project-URL: Homepage, https://clawofrohan.com/vuln-intel
6
+ Project-URL: Source, https://github.com/rohanrajnist/vuln-intel-mcp
7
+ Author: Rohan Raj
8
+ License-Expression: MIT
9
+ License-File: LICENSE
10
+ Keywords: cisa-kev,cve,epss,mcp,nvd,security,servicenow,threat-intelligence,vulnerability
11
+ Classifier: License :: OSI Approved :: MIT License
12
+ Classifier: Programming Language :: Python :: 3
13
+ Classifier: Topic :: Security
14
+ Requires-Python: >=3.10
15
+ Requires-Dist: httpx>=0.27
16
+ Requires-Dist: mcp>=1.2.0
17
+ Description-Content-Type: text/markdown
18
+
19
+ # vuln-intel-mcp
20
+
21
+ A local **MCP server** that gives any AI agent — Claude Desktop, Claude Code, Cline, Cursor, or your own — CVE remediation intelligence from public sources: **NVD**, **CISA KEV**, and **FIRST EPSS**.
22
+
23
+ **Your model does the reasoning. This server does not.**
24
+
25
+ That is the whole point: the server only does the token-free work — fetching public vulnerability data over HTTP and computing an objective priority. It **never calls an LLM, needs no API key, and sends nothing anywhere except read-only requests to public vulnerability databases.** The remediation write-up and the ServiceNow note are produced by *your* model, in *your* session, from the structured facts the tools return. No one's API tokens are consumed but your own.
26
+
27
+ Built by [Rohan Raj](https://clawofrohan.com/vuln-intel). A hosted demo with AI synthesis and a live cost ledger runs at **clawofrohan.com/vuln-intel**.
28
+
29
+ ---
30
+
31
+ ## Install & connect
32
+
33
+ You need Python 3.10+. The easiest runner is [`uv`](https://docs.astral.sh/uv/) (`uvx` downloads and runs on demand — nothing to install permanently).
34
+
35
+ ### Claude Code
36
+
37
+ ```bash
38
+ claude mcp add vuln-intel -- uvx vuln-intel-mcp
39
+ ```
40
+
41
+ ### Claude Desktop
42
+
43
+ Edit `claude_desktop_config.json` (Settings → Developer → Edit Config):
44
+
45
+ ```json
46
+ {
47
+ "mcpServers": {
48
+ "vuln-intel": {
49
+ "command": "uvx",
50
+ "args": ["vuln-intel-mcp"]
51
+ }
52
+ }
53
+ }
54
+ ```
55
+
56
+ ### Cline / Cursor / any MCP client
57
+
58
+ Same shape — command `uvx`, args `["vuln-intel-mcp"]`. Or if you installed it with `pip install vuln-intel-mcp`, use command `vuln-intel-mcp` with no args.
59
+
60
+ Restart the client, and ask it something like *"Should I patch CVE-2024-3400?"* or *"What's the exploit status of Log4Shell?"*
61
+
62
+ ---
63
+
64
+ ## Tools
65
+
66
+ | Tool | What it returns (token-free) | What your model does with it |
67
+ |------|------------------------------|------------------------------|
68
+ | `cve_lookup` | NVD facts, CVSS, CWEs, affected products, fix versions from CPE data, EPSS probability, CISA KEV status, and a computed **P1–P4** priority | Writes fix versions, remediation steps, workarounds, and a ServiceNow VR note |
69
+ | `cve_search` | Candidate CVEs for a free-form product/keyword query (NVD keyword search) | Picks the right CVE, then calls `cve_lookup` |
70
+ | `cve_exploit_intel` | Public exploit signals — KEV exploited/ransomware flags, EPSS score, and public GitHub repos referencing the CVE (often PoC/exploit code) | Judges weaponization and urgency |
71
+
72
+ ---
73
+
74
+ ## Optional environment variables
75
+
76
+ All optional — the server works with none. These raise **your own** public-API rate limits:
77
+
78
+ - `NVD_API_KEY` — a free [NVD API key](https://nvd.nist.gov/developers/request-an-api-key) for higher NVD throughput.
79
+ - `GITHUB_TOKEN` — a GitHub token for more GitHub repo searches in `cve_exploit_intel`.
80
+
81
+ ---
82
+
83
+ ## Privacy
84
+
85
+ - No telemetry. No account. No key required.
86
+ - Outbound requests go only to `services.nvd.nist.gov`, `api.first.org`, `cisa.gov`, and (for exploit intel) `api.github.com`.
87
+ - The CVE ids and search terms you look up are sent to those public services, exactly as if you visited them in a browser.
88
+
89
+ ## License
90
+
91
+ MIT © Rohan Raj
@@ -0,0 +1,73 @@
1
+ # vuln-intel-mcp
2
+
3
+ A local **MCP server** that gives any AI agent — Claude Desktop, Claude Code, Cline, Cursor, or your own — CVE remediation intelligence from public sources: **NVD**, **CISA KEV**, and **FIRST EPSS**.
4
+
5
+ **Your model does the reasoning. This server does not.**
6
+
7
+ That is the whole point: the server only does the token-free work — fetching public vulnerability data over HTTP and computing an objective priority. It **never calls an LLM, needs no API key, and sends nothing anywhere except read-only requests to public vulnerability databases.** The remediation write-up and the ServiceNow note are produced by *your* model, in *your* session, from the structured facts the tools return. No one's API tokens are consumed but your own.
8
+
9
+ Built by [Rohan Raj](https://clawofrohan.com/vuln-intel). A hosted demo with AI synthesis and a live cost ledger runs at **clawofrohan.com/vuln-intel**.
10
+
11
+ ---
12
+
13
+ ## Install & connect
14
+
15
+ You need Python 3.10+. The easiest runner is [`uv`](https://docs.astral.sh/uv/) (`uvx` downloads and runs on demand — nothing to install permanently).
16
+
17
+ ### Claude Code
18
+
19
+ ```bash
20
+ claude mcp add vuln-intel -- uvx vuln-intel-mcp
21
+ ```
22
+
23
+ ### Claude Desktop
24
+
25
+ Edit `claude_desktop_config.json` (Settings → Developer → Edit Config):
26
+
27
+ ```json
28
+ {
29
+ "mcpServers": {
30
+ "vuln-intel": {
31
+ "command": "uvx",
32
+ "args": ["vuln-intel-mcp"]
33
+ }
34
+ }
35
+ }
36
+ ```
37
+
38
+ ### Cline / Cursor / any MCP client
39
+
40
+ Same shape — command `uvx`, args `["vuln-intel-mcp"]`. Or if you installed it with `pip install vuln-intel-mcp`, use command `vuln-intel-mcp` with no args.
41
+
42
+ Restart the client, and ask it something like *"Should I patch CVE-2024-3400?"* or *"What's the exploit status of Log4Shell?"*
43
+
44
+ ---
45
+
46
+ ## Tools
47
+
48
+ | Tool | What it returns (token-free) | What your model does with it |
49
+ |------|------------------------------|------------------------------|
50
+ | `cve_lookup` | NVD facts, CVSS, CWEs, affected products, fix versions from CPE data, EPSS probability, CISA KEV status, and a computed **P1–P4** priority | Writes fix versions, remediation steps, workarounds, and a ServiceNow VR note |
51
+ | `cve_search` | Candidate CVEs for a free-form product/keyword query (NVD keyword search) | Picks the right CVE, then calls `cve_lookup` |
52
+ | `cve_exploit_intel` | Public exploit signals — KEV exploited/ransomware flags, EPSS score, and public GitHub repos referencing the CVE (often PoC/exploit code) | Judges weaponization and urgency |
53
+
54
+ ---
55
+
56
+ ## Optional environment variables
57
+
58
+ All optional — the server works with none. These raise **your own** public-API rate limits:
59
+
60
+ - `NVD_API_KEY` — a free [NVD API key](https://nvd.nist.gov/developers/request-an-api-key) for higher NVD throughput.
61
+ - `GITHUB_TOKEN` — a GitHub token for more GitHub repo searches in `cve_exploit_intel`.
62
+
63
+ ---
64
+
65
+ ## Privacy
66
+
67
+ - No telemetry. No account. No key required.
68
+ - Outbound requests go only to `services.nvd.nist.gov`, `api.first.org`, `cisa.gov`, and (for exploit intel) `api.github.com`.
69
+ - The CVE ids and search terms you look up are sent to those public services, exactly as if you visited them in a browser.
70
+
71
+ ## License
72
+
73
+ MIT © Rohan Raj
@@ -0,0 +1,29 @@
1
+ [build-system]
2
+ requires = ["hatchling"]
3
+ build-backend = "hatchling.build"
4
+
5
+ [project]
6
+ name = "vuln-intel-mcp"
7
+ version = "0.1.0"
8
+ description = "Local MCP server for CVE remediation intelligence from public sources (NVD, CISA KEV, FIRST EPSS). Your model does the reasoning — no API keys, no external LLM calls, no data leaves your machine."
9
+ readme = "README.md"
10
+ requires-python = ">=3.10"
11
+ license = "MIT"
12
+ authors = [{ name = "Rohan Raj" }]
13
+ keywords = ["mcp", "cve", "vulnerability", "security", "servicenow", "nvd", "cisa-kev", "epss", "threat-intelligence"]
14
+ classifiers = [
15
+ "Programming Language :: Python :: 3",
16
+ "License :: OSI Approved :: MIT License",
17
+ "Topic :: Security",
18
+ ]
19
+ dependencies = ["mcp>=1.2.0", "httpx>=0.27"]
20
+
21
+ [project.scripts]
22
+ vuln-intel-mcp = "vuln_intel_mcp.server:main"
23
+
24
+ [project.urls]
25
+ Homepage = "https://clawofrohan.com/vuln-intel"
26
+ Source = "https://github.com/rohanrajnist/vuln-intel-mcp"
27
+
28
+ [tool.hatch.build.targets.wheel]
29
+ packages = ["src/vuln_intel_mcp"]
@@ -0,0 +1,2 @@
1
+ """vuln-intel-mcp — local CVE intelligence MCP server (public data only)."""
2
+ __version__ = "0.1.0"
@@ -0,0 +1,256 @@
1
+ """vuln-intel-mcp — local MCP server for CVE remediation intelligence.
2
+
3
+ Design principle: this server does ONLY the token-free work — fetching public
4
+ data (NVD, CISA KEV, FIRST EPSS, public GitHub) over HTTP and computing an
5
+ objective priority. It never calls an LLM and needs no API keys. The reasoning
6
+ (remediation narrative, ServiceNow note) is done by *your* model, in your own
7
+ session, from the structured facts these tools return. Nothing leaves your
8
+ machine except read-only requests to public vulnerability databases.
9
+
10
+ By Rohan Raj — hosted demo with AI synthesis at https://clawofrohan.com/vuln-intel
11
+ """
12
+ import os
13
+ import re
14
+
15
+ import httpx
16
+ from mcp.server.fastmcp import FastMCP
17
+
18
+ NVD_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0"
19
+ EPSS_URL = "https://api.first.org/data/v1/epss"
20
+ KEV_URL = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
21
+ GH_URL = "https://api.github.com/search/repositories"
22
+ CVE_RE = re.compile(r"^CVE-\d{4}-\d{4,7}$", re.IGNORECASE)
23
+ UA = {"User-Agent": "vuln-intel-mcp"}
24
+ # Optional: set NVD_API_KEY / GITHUB_TOKEN for higher public rate limits (still your keys, not ours).
25
+ NVD_KEY = os.environ.get("NVD_API_KEY")
26
+ GH_TOKEN = os.environ.get("GITHUB_TOKEN")
27
+
28
+ _kev_cache = {"loaded": False, "ids": {}}
29
+
30
+ mcp = FastMCP(
31
+ "vuln-intel",
32
+ instructions=(
33
+ "Vulnerability Response intelligence from public data (NVD, CISA KEV, "
34
+ "FIRST EPSS). These tools return structured facts and an objective "
35
+ "priority; YOU synthesize the remediation guidance and ServiceNow note "
36
+ "from them. No external LLM is called and no API key is required."
37
+ ),
38
+ )
39
+
40
+
41
+ async def _client():
42
+ return httpx.AsyncClient(timeout=30, headers=UA)
43
+
44
+
45
+ def _nvd_headers():
46
+ return {**UA, **({"apiKey": NVD_KEY} if NVD_KEY else {})}
47
+
48
+
49
+ async def _load_kev(cx):
50
+ if not _kev_cache["loaded"]:
51
+ try:
52
+ r = await cx.get(KEV_URL)
53
+ r.raise_for_status()
54
+ _kev_cache["ids"] = {
55
+ v["cveID"].upper(): v for v in r.json().get("vulnerabilities", [])
56
+ }
57
+ _kev_cache["loaded"] = True
58
+ except Exception:
59
+ pass
60
+ return _kev_cache["ids"]
61
+
62
+
63
+ def _parse_nvd(cve):
64
+ desc = next((d["value"] for d in cve.get("descriptions", []) if d["lang"] == "en"), "")
65
+ cvss = severity = vector = None
66
+ metrics = cve.get("metrics", {})
67
+ for key in ("cvssMetricV40", "cvssMetricV31", "cvssMetricV30", "cvssMetricV2"):
68
+ if metrics.get(key):
69
+ m = metrics[key][0]
70
+ d = m.get("cvssData", {})
71
+ cvss, severity = d.get("baseScore"), d.get("baseSeverity") or m.get("baseSeverity")
72
+ vector = d.get("vectorString")
73
+ break
74
+ cwes = sorted({
75
+ de["value"] for w in cve.get("weaknesses", []) for de in w.get("description", [])
76
+ if de["value"].startswith("CWE")
77
+ })
78
+ affected, fix_hints = [], []
79
+ for cfg in cve.get("configurations", []):
80
+ for node in cfg.get("nodes", []):
81
+ for m in node.get("cpeMatch", []):
82
+ if not m.get("vulnerable"):
83
+ continue
84
+ p = m["criteria"].split(":")
85
+ prod = f"{p[3]}/{p[4]}".replace("_", " ")
86
+ if m.get("versionEndExcluding"):
87
+ hint = f"{prod}: fixed in {m['versionEndExcluding']} (upgrade to that version or later)"
88
+ if hint not in fix_hints:
89
+ fix_hints.append(hint)
90
+ entry = prod if p[5] in ("*", "-") else f"{prod} {p[5]}"
91
+ if entry not in affected and len(affected) < 12:
92
+ affected.append(entry)
93
+ refs = [{"url": r["url"], "tags": r.get("tags", [])} for r in cve.get("references", [])]
94
+ advisories = [r["url"] for r in refs if {"Patch", "Vendor Advisory"} & set(r["tags"])][:6]
95
+ return {
96
+ "description": desc, "cvss": cvss, "severity": severity, "vector": vector,
97
+ "cwes": cwes[:6], "affected_products": affected, "fix_hints_from_cpe": fix_hints[:10],
98
+ "vendor_advisories": advisories, "references": [r["url"] for r in refs[:10]],
99
+ "published": cve.get("published"), "last_modified": cve.get("lastModified"),
100
+ }
101
+
102
+
103
+ def _priority(kev, cvss, epss):
104
+ cvss, epss = cvss or 0, epss or 0
105
+ if kev:
106
+ return {"level": "P1", "rationale": "Actively exploited in the wild (CISA KEV) — remediate immediately",
107
+ "kev_due_date": kev.get("dueDate"), "ransomware_use": kev.get("knownRansomwareCampaignUse")}
108
+ if cvss >= 9 or epss >= 0.5:
109
+ return {"level": "P2", "rationale": "Critical severity or high exploit probability — urgent patching"}
110
+ if cvss >= 7 or epss >= 0.1:
111
+ return {"level": "P3", "rationale": "High severity — remediate within standard patch cycle"}
112
+ return {"level": "P4", "rationale": "Moderate/low — batch with routine maintenance"}
113
+
114
+
115
+ @mcp.tool()
116
+ async def cve_lookup(cve_id: str) -> dict:
117
+ """Fetch structured facts and an objective priority for a known CVE.
118
+
119
+ Returns NVD data (description, CVSS, CWEs, affected products, fix versions
120
+ from CPE ranges, vendor advisories), the FIRST EPSS exploit probability, and
121
+ CISA KEV exploited-in-the-wild status — plus a computed P1-P4 priority. No
122
+ LLM is called. From the returned facts, YOU should write: the fix version(s),
123
+ ordered remediation steps, any workarounds, and a one-sentence ServiceNow
124
+ Vulnerability Response note. Note that final prioritization also needs asset
125
+ criticality from the caller's CMDB.
126
+
127
+ Args:
128
+ cve_id: A CVE identifier, e.g. "CVE-2021-44228".
129
+ """
130
+ cve_id = cve_id.strip().upper()
131
+ if not CVE_RE.match(cve_id):
132
+ return {"error": "Invalid CVE id — expected CVE-YYYY-NNNN"}
133
+ async with await _client() as cx:
134
+ try:
135
+ nvd_r = await cx.get(NVD_URL, params={"cveId": cve_id}, headers=_nvd_headers())
136
+ nvd_r.raise_for_status()
137
+ vulns = nvd_r.json().get("vulnerabilities") or []
138
+ if not vulns:
139
+ return {"error": f"{cve_id} not found in NVD"}
140
+ nvd = _parse_nvd(vulns[0]["cve"])
141
+ except Exception as e:
142
+ return {"error": f"NVD request failed: {type(e).__name__}"}
143
+ epss = percentile = None
144
+ try:
145
+ er = await cx.get(EPSS_URL, params={"cve": cve_id})
146
+ rows = er.json().get("data") or []
147
+ if rows:
148
+ epss, percentile = float(rows[0]["epss"]), float(rows[0]["percentile"])
149
+ except Exception:
150
+ pass
151
+ kev = (await _load_kev(cx)).get(cve_id)
152
+ return {
153
+ "cve": cve_id,
154
+ "priority": _priority(kev, nvd["cvss"], epss),
155
+ "actively_exploited_kev": bool(kev),
156
+ "kev_details": {k: kev.get(k) for k in ("requiredAction", "dueDate", "knownRansomwareCampaignUse")} if kev else None,
157
+ "epss": {"probability": epss, "percentile": percentile},
158
+ **nvd,
159
+ "data_sources": "NVD, FIRST EPSS, CISA KEV (public)",
160
+ "your_task": "Write remediation guidance (fix versions, ordered steps, workarounds) and a "
161
+ "one-sentence ServiceNow VR note from these facts. Final priority also needs "
162
+ "asset criticality from the CMDB.",
163
+ }
164
+
165
+
166
+ @mcp.tool()
167
+ async def cve_search(query: str, limit: int = 5) -> dict:
168
+ """Find candidate CVE ids for a free-form query via NVD keyword search.
169
+
170
+ Use when you don't already know the CVE id and can't recall it — e.g. a
171
+ product and version, or a keyword phrase. (For well-known incident names
172
+ like "Log4Shell" you likely already know the CVE — call cve_lookup directly.)
173
+ Returns candidate CVEs with a description snippet and CVSS so you can pick.
174
+
175
+ Args:
176
+ query: Free-form product, keyword, or description.
177
+ limit: Max candidates to return (default 5).
178
+ """
179
+ async with await _client() as cx:
180
+ try:
181
+ r = await cx.get(NVD_URL, params={"keywordSearch": query.strip(),
182
+ "resultsPerPage": max(1, min(limit, 10))}, headers=_nvd_headers())
183
+ r.raise_for_status()
184
+ items = r.json().get("vulnerabilities") or []
185
+ except Exception as e:
186
+ return {"error": f"NVD search failed: {type(e).__name__}"}
187
+ out = []
188
+ for it in items[:limit]:
189
+ c = it["cve"]
190
+ desc = next((d["value"] for d in c.get("descriptions", []) if d["lang"] == "en"), "")
191
+ cvss = None
192
+ for key in ("cvssMetricV31", "cvssMetricV30", "cvssMetricV2"):
193
+ if c.get("metrics", {}).get(key):
194
+ cvss = c["metrics"][key][0]["cvssData"].get("baseScore")
195
+ break
196
+ out.append({"id": c["id"], "cvss": cvss, "description": desc[:200]})
197
+ return {"query": query, "candidates": out}
198
+
199
+
200
+ @mcp.tool()
201
+ async def cve_exploit_intel(cve_id: str) -> dict:
202
+ """Gather public exploit signals for a CVE — no LLM, no proprietary feed.
203
+
204
+ Returns objective, public exploit indicators: CISA KEV exploited/ransomware
205
+ status, the FIRST EPSS exploit probability, and public GitHub repositories
206
+ that reference the CVE (frequently proof-of-concept or exploit code), ranked
207
+ by stars. Interpret these signals yourself to judge weaponization/urgency.
208
+
209
+ Args:
210
+ cve_id: A CVE identifier, e.g. "CVE-2024-3400".
211
+ """
212
+ cve_id = cve_id.strip().upper()
213
+ if not CVE_RE.match(cve_id):
214
+ return {"error": "Invalid CVE id"}
215
+ async with await _client() as cx:
216
+ kev = (await _load_kev(cx)).get(cve_id)
217
+ epss = None
218
+ try:
219
+ er = await cx.get(EPSS_URL, params={"cve": cve_id})
220
+ rows = er.json().get("data") or []
221
+ if rows:
222
+ epss = float(rows[0]["epss"])
223
+ except Exception:
224
+ pass
225
+ repos = []
226
+ try:
227
+ h = {**UA, **({"Authorization": f"Bearer {GH_TOKEN}"} if GH_TOKEN else {})}
228
+ gr = await cx.get(GH_URL, params={"q": cve_id, "sort": "stars", "per_page": 6}, headers=h)
229
+ if gr.status_code == 200:
230
+ for r in gr.json().get("items", [])[:6]:
231
+ repos.append({"repo": r["full_name"], "url": r["html_url"],
232
+ "stars": r["stargazers_count"], "description": (r.get("description") or "")[:120]})
233
+ elif gr.status_code == 403:
234
+ repos = {"note": "GitHub rate limit hit — set GITHUB_TOKEN env var for more searches"}
235
+ except Exception:
236
+ pass
237
+ return {
238
+ "cve": cve_id,
239
+ "actively_exploited_kev": bool(kev),
240
+ "ransomware_campaign_use": kev.get("knownRansomwareCampaignUse") if kev else None,
241
+ "kev_due_date": kev.get("dueDate") if kev else None,
242
+ "epss_probability": epss,
243
+ "public_github_repos": repos,
244
+ "data_sources": "CISA KEV, FIRST EPSS, public GitHub search",
245
+ "your_task": "Judge exploitation likelihood and weaponization from these public signals. "
246
+ "Presence of high-star repos referencing the CVE often indicates public PoC/exploit code.",
247
+ }
248
+
249
+
250
+ def main():
251
+ """Console entry point — runs the MCP server over stdio."""
252
+ mcp.run()
253
+
254
+
255
+ if __name__ == "__main__":
256
+ main()
@@ -0,0 +1,22 @@
1
+ """Smoke test: spawn the packaged server over stdio and exercise the tools."""
2
+ import asyncio
3
+
4
+ from mcp import ClientSession, StdioServerParameters
5
+ from mcp.client.stdio import stdio_client
6
+
7
+
8
+ async def main():
9
+ params = StdioServerParameters(command="vuln-intel-mcp", args=[])
10
+ async with stdio_client(params) as (read, write):
11
+ async with ClientSession(read, write) as s:
12
+ await s.initialize()
13
+ tools = await s.list_tools()
14
+ print("TOOLS:", [t.name for t in tools.tools])
15
+ r = await s.call_tool("cve_lookup", {"cve_id": "CVE-2021-44228"})
16
+ print("LOOKUP:", r.content[0].text[:350])
17
+ r2 = await s.call_tool("cve_exploit_intel", {"cve_id": "CVE-2024-3400"})
18
+ print("EXPLOIT:", r2.content[0].text[:300])
19
+
20
+
21
+ if __name__ == "__main__":
22
+ asyncio.run(main())