Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Abnormal

FreeNot checked

An MCP server for Abnormal Security, enabling management of threat detection, email security cases, and AI-powered attack protection through Abnormal's API.

GitHubEmbed

About

An MCP server for Abnormal Security, enabling management of threat detection, email security cases, and AI-powered attack protection through Abnormal's API.

README

MCP server for Abnormal Security — AI-powered threat detection, case management, and email remediation.

Tools

This server uses a decision-tree architecture. Start by calling abnormal_navigate to select a domain, then use the domain-specific tools.

Navigation

Tool Description
abnormal_navigate Navigate to a domain (threats, messages, remediation, abuse, cases)
abnormal_back Return to domain selection

Threats domain

Tool Description
abnormal_threats_list List detected threat cases (paginated)
abnormal_threats_get Get full details of a specific threat by ID

Messages domain

Tool Description
abnormal_messages_list List messages within a threat case
abnormal_messages_get Get detailed message analysis (headers, URLs, attachments, AI analysis)

Remediation domain

Tool Description
abnormal_remediation_manage Trigger or check remediation actions for a message

Abuse domain

Tool Description
abnormal_abuse_list List phishing emails reported via the Abuse Mailbox

Cases domain

Tool Description
abnormal_cases_list List active security investigation cases
abnormal_cases_get Get details of a specific case

Authentication

Abnormal Security uses Bearer token authentication.

Standalone (env mode)

export ABNORMAL_API_TOKEN=your-api-token
node dist/index.js

Generate your token in the Abnormal portal under Settings > Integrations > API.

Gateway mode

When deployed behind the MCP gateway, set AUTH_MODE=gateway. The gateway injects the Authorization: Bearer {token} header automatically on each request.

Running

stdio (for Claude Desktop)

npm install
npm run build
node dist/index.js

HTTP Streamable (for hosted/gateway deployment)

MCP_TRANSPORT=http AUTH_MODE=gateway node dist/index.js

Docker

docker compose up

Development

npm install
npm run dev          # watch mode
npm test             # run tests
npm run typecheck    # TypeScript type check

License

Apache-2.0

from github.com/wyre-technology/abnormal-mcp

Install Abnormal in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install abnormal-mcp

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add abnormal-mcp -- npx -y github:wyre-technology/abnormal-mcp

FAQ

Is Abnormal MCP free?

Yes, Abnormal MCP is free — one-click install via Unyly at no cost.

Does Abnormal need an API key?

No, Abnormal runs without API keys or environment variables.

Is Abnormal hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install Abnormal in Claude Desktop, Claude Code or Cursor?

Open Abnormal on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Abnormal with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All communication MCPs