Abnormal
FreeNot checkedAn MCP server for Abnormal Security, enabling management of threat detection, email security cases, and AI-powered attack protection through Abnormal's API.
About
An MCP server for Abnormal Security, enabling management of threat detection, email security cases, and AI-powered attack protection through Abnormal's API.
README
MCP server for Abnormal Security — AI-powered threat detection, case management, and email remediation.
Tools
This server uses a decision-tree architecture. Start by calling abnormal_navigate to select a domain, then use the domain-specific tools.
Navigation
| Tool | Description |
|---|---|
abnormal_navigate |
Navigate to a domain (threats, messages, remediation, abuse, cases) |
abnormal_back |
Return to domain selection |
Threats domain
| Tool | Description |
|---|---|
abnormal_threats_list |
List detected threat cases (paginated) |
abnormal_threats_get |
Get full details of a specific threat by ID |
Messages domain
| Tool | Description |
|---|---|
abnormal_messages_list |
List messages within a threat case |
abnormal_messages_get |
Get detailed message analysis (headers, URLs, attachments, AI analysis) |
Remediation domain
| Tool | Description |
|---|---|
abnormal_remediation_manage |
Trigger or check remediation actions for a message |
Abuse domain
| Tool | Description |
|---|---|
abnormal_abuse_list |
List phishing emails reported via the Abuse Mailbox |
Cases domain
| Tool | Description |
|---|---|
abnormal_cases_list |
List active security investigation cases |
abnormal_cases_get |
Get details of a specific case |
Authentication
Abnormal Security uses Bearer token authentication.
Standalone (env mode)
export ABNORMAL_API_TOKEN=your-api-token
node dist/index.js
Generate your token in the Abnormal portal under Settings > Integrations > API.
Gateway mode
When deployed behind the MCP gateway, set AUTH_MODE=gateway. The gateway injects the Authorization: Bearer {token} header automatically on each request.
Running
stdio (for Claude Desktop)
npm install
npm run build
node dist/index.js
HTTP Streamable (for hosted/gateway deployment)
MCP_TRANSPORT=http AUTH_MODE=gateway node dist/index.js
Docker
docker compose up
Development
npm install
npm run dev # watch mode
npm test # run tests
npm run typecheck # TypeScript type check
License
Apache-2.0
Install Abnormal in Claude Desktop, Claude Code & Cursor
unyly install abnormal-mcpInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add abnormal-mcp -- npx -y github:wyre-technology/abnormal-mcpFAQ
Is Abnormal MCP free?
Yes, Abnormal MCP is free — one-click install via Unyly at no cost.
Does Abnormal need an API key?
No, Abnormal runs without API keys or environment variables.
Is Abnormal hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Abnormal in Claude Desktop, Claude Code or Cursor?
Open Abnormal on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Gmail
Read, send and search emails from Claude
by GoogleSlack
Send, search and summarize Slack messages
by SlackRunbear
No-code MCP client for team chat platforms, such as Slack, Microsoft Teams, and Discord.
Discord Server
A community discord server dedicated to MCP by [Frank Fiegel](https://github.com/punkpeye)
Compare Abnormal with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All communication MCPs
