ppcvote/misp-mcp-server
БесплатноНе проверенMISP (Malware Information Sharing Platform) MCP server with built-in prompt injection defense via [prompt-defense-audit](https://github.com/ppcvote/prompt-defen
Описание
MISP (Malware Information Sharing Platform) MCP server with built-in prompt injection defense via prompt-defense-audit. 8 read-only threat-intel tools (events, attributes, search, tags, feeds, galaxies). Scans every MISP response for adversarial seeding before returning to LLM. Tracks MISP/MISP#10745. MIT.
README
A Model Context Protocol server for MISP (Malware Information Sharing Platform), with built-in prompt injection defense powered by prompt-defense-audit.
Why this exists: MISP holds operational threat intel — IOCs, threat actor profiles, attack patterns. When you connect an LLM agent to MISP via MCP, two new attack surfaces emerge:
- Adversarial seeding. A threat actor who can submit content into your MISP instance (or a federated feed) can plant prompt-injection payloads designed to hijack downstream LLM agents.
- Sensitive intel leakage. A manipulated LLM can be coerced into returning intel above its authorized TLP level.
This server wraps every outgoing MISP response in
prompt-defense-audit's output scanner, blocking high-risk patterns before they reach the LLM. Read-only by design — no write tools exposed.
Tracks: MISP/MISP#10745 — MCP server for MISP
Features
- 🛡️ Defense built in — every MISP response scanned for prompt-injection / XSS / shell-injection patterns before being returned
- 🔒 Read-only by design — no event/attribute mutation tools; an LLM cannot modify your threat-intel platform
- 🧰 8 high-utility tools covering events, attributes, search, tags, feeds, galaxies
- ⚡ Zero-config beyond
MISP_URLandMISP_API_KEY - 🪶 Stdio transport — works with Claude Desktop, Cursor, Continue, Cline, any MCP client
- 📋 MIT license — fork freely, use commercially
Quick start
1. Install
npm install -g @ultralab/misp-mcp-server
Or use npx directly in your MCP client config (no install needed).
2. Configure your MCP client
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json on macOS, %APPDATA%/Claude/claude_desktop_config.json on Windows):
{
"mcpServers": {
"misp": {
"command": "npx",
"args": ["-y", "@ultralab/misp-mcp-server"],
"env": {
"MISP_URL": "https://misp.your-org.example",
"MISP_API_KEY": "your_misp_api_key_here"
}
}
}
}
Cursor / Continue / Cline — similar pattern, see your client's MCP config docs.
3. Restart your MCP client and start asking
"What MISP events are tagged tlp:white from the last 7 days?"
"Show me event 12345 — I'm investigating a phishing report."
"What threat actor galaxies do we have configured?"
"Find all attributes matching the IP 198.51.100.42."
Tools exposed
| Tool | Purpose |
|---|---|
misp_version |
Health check + server version |
misp_list_events |
Paginated event headers |
misp_get_event |
Full event with attributes (scanned for injection) |
misp_search_events |
Search by tag / type / value / date range |
misp_search_attributes |
Direct IOC lookup |
misp_list_tags |
All configured tags (TLP, taxonomy, etc.) |
misp_list_feeds |
Configured threat-intel feeds |
misp_list_galaxies |
Threat actor / campaign clusters |
Mutation tools intentionally not included. An LLM with write access to MISP is a supply-chain compromise vector. If you need agent-driven MISP mutations, build a per-tool allowlist with human-in-the-loop confirmation.
Defense layer
Every tool response is run through prompt-defense-audit's scanOutput before being returned to the LLM client.
High-risk patterns (critical / high severity) — response is blocked and replaced with a safe summary. Example trigger patterns:
- Script-tag injection (
<script>...</script>) - Iframe / object injection
- JavaScript URLs (
javascript:) - Shell-command patterns in unexpected contexts
- Known prompt-injection vector signatures from
prompt-defense-audit's 17+ vector library
Low/medium-risk patterns — response annotated with a [defense] prefix listing matched patterns but still returned.
Opt out (not recommended)
PROMPT_DEFENSE_DISABLED=true
Use only if you fully trust your MISP instance + all federated feeds and need raw response fidelity for a specific debugging scenario.
Environment variables
| Variable | Required | Default | Notes |
|---|---|---|---|
MISP_URL |
✅ | — | Base URL of your MISP instance (e.g. https://misp.example.com) |
MISP_API_KEY |
✅ | — | MISP automation API key (Profile → Auth Keys) |
MISP_INSECURE_TLS |
❌ | false |
Set to true only for self-signed dev instances |
PROMPT_DEFENSE_DISABLED |
❌ | false |
Set true to skip output scanning (NOT recommended) |
For enterprise users
The free OSS defense layer ships with prompt-defense-audit (17+ regex-based vectors, ~3ms latency, deterministic).
For deployments that need:
- 🔍 Persistent audit logs of every MISP query an LLM has made
- 👥 Team policies (per-role allowlists, per-TLP gating, escalation flows)
- 🌏 Jurisdictional compliance (EU GDPR / TW 個資法 / 中國 PIPL data-residency)
- 🚨 Live threat intel updates to the defense ruleset (new injection vectors pushed daily)
- 📊 SLA-backed uptime and response
→ Upgrade path: route MCP server through Quartz Cloud — Taiwan-domiciled runtime AI firewall, drop-in passthrough.
Development
git clone https://github.com/ppcvote/misp-mcp-server.git
cd misp-mcp-server
npm install
npm test # smoke tests, no live MISP
npm run dev # tsx watch mode
npm run build # produce dist/
Architecture
LLM client (Claude Desktop, Cursor, etc.)
│ stdio
▼
@ultralab/misp-mcp-server
│
├─ src/tools.ts — 8 read-only tool definitions + dispatch
├─ src/misp-client.ts — minimal MISP REST API wrapper
└─ src/index.ts — MCP Server + scanOutput() defense layer
│
▼
MISP REST API (/events, /attributes, /tags, /feeds, /galaxies)
Project context
Built by Ultra Lab — a one-person AI products company in Taiwan, focused on AI safety, threat intel, and the supply chain between LLM agents and operational security tooling.
This server is part of a broader thesis: the MCP ecosystem will be a major prompt-injection vector unless servers default to defensive output handling. We're shipping reference implementations for high-leverage targets (MISP first, OpenCTI / TheHive / Vault next) to anchor the standard.
Companion projects:
- prompt-defense-audit — the underlying detection engine
- ultraprobe — CLI scanner for AI app system prompts
- quartz.tw — paid runtime firewall (audit logs, team policies, jurisdictional moat)
License
MIT © 2026 Ultra Lab — see LICENSE.
Contributing
PRs welcome. Please:
- Keep the read-only invariant. Mutation tools must be argued explicitly with a threat-model writeup.
- Add a test for any new tool.
- If you add new MISP API coverage, link to the relevant OpenAPI spec section in your PR.
For discussion, see MISP/MISP#10745.
Установка ppcvote/misp-mcp-server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/ppcvote/misp-mcp-serverFAQ
ppcvote/misp-mcp-server MCP бесплатный?
Да, ppcvote/misp-mcp-server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для ppcvote/misp-mcp-server?
Нет, ppcvote/misp-mcp-server работает без API-ключей и переменных окружения.
ppcvote/misp-mcp-server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить ppcvote/misp-mcp-server в Claude Desktop, Claude Code или Cursor?
Открой ppcvote/misp-mcp-server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare ppcvote/misp-mcp-server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
