MCP ConfigsMay 12, 2026·2 min read

CVE MCP Server — Security Intel for Claude

cve-mcp-server is a security intelligence MCP server; start free with EPSS/KEV/NVD, then add an NVD key to jump from 5 to 50 req/30s.

MCP Hub
MCP Hub · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Needs Confirmation · 62/100Policy: confirm
Agent surface
Any MCP/CLI agent
Kind
Mcp
Install
Manual
Trust
Trust: Established
Entrypoint
python -m cve_mcp.server
Universal CLI install command
npx tokrepo install e2527e64-be66-572b-82a3-191e7bdeef75
install contractmetadata JSONadapter planraw content
Intro

cve-mcp-server is a security intelligence MCP server; start free with EPSS/KEV/NVD, then add an NVD key to jump from 5 to 50 req/30s.

  • Best for: teams triaging CVEs who want correlated signals (CVSS, EPSS, KEV, advisories) in one agent workflow
  • Works with: Python; Claude Desktop/Claude Code via MCP; optional API keys for higher limits and more intel sources
  • Setup time: 15–40 minutes

Practical Notes

  • Quant: README says adding NVD_API_KEY increases NVD rate limit from 5 → 50 requests per 30 seconds.
  • Quant: the MCP inspector example opens at http://localhost:6274 for interactive tool testing.

Main

A staged rollout that avoids alert fatigue:

  1. Start with free signals (EPSS + CISA KEV + baseline NVD) to answer “is this exploited?”.
  2. Add NVD_API_KEY early for throughput (5→50 req/30s), then add other keys only if you truly need them.
  3. Write a triage prompt template that always outputs: affected versions, exploit likelihood, KEV status, and a patch recommendation with deadline.

Keep .env out of git and treat threat-intel keys as production secrets.

FAQ

Q: Can I start without any API keys? A: Yes—README says you can test with free tools first and add keys progressively.

Q: Why add NVD key first? A: It provides a 10× throughput bump: 5→50 requests per 30 seconds.

Q: How do I validate the server? A: Use claude mcp list or run the MCP inspector on localhost to test tools interactively.

🙏

Source & Thanks

Source: https://github.com/mukul975/cve-mcp-server > License: Apache-2.0 > GitHub stars: 561 · forks: 93

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

pentest-ai — Offensive Security MCP for Claude Code

pentest-ai is a Python CLI and MCP server that lets Claude Code run verified probes, chain attack paths, and export reports for authorized testing.

MCP Configs
MCP Hub

Awesome OSINT MCP Servers — Security Tools Directory

Curated OSINT MCP server directory (threat intel, recon, censorship). Discover endpoints and install via npx or remote HTTP transports.

MCP Configs
MCP Hub

MCP SSH Manager — Remote Ops via Claude/Codex

MCP SSH Manager is an MCP server that lets Claude Code and OpenAI Codex manage SSH sessions: run commands, sync files, and automate DevOps routines.

MCP Configs
MCP Hub

mcp-server-kubernetes — Kubernetes Ops via MCP

MCP server that lets agents run kubectl/Helm workflows against your clusters; works with Claude Code via npx; verified 1390★, pushed 2026-05-03.

MCP Configs
MCP Hub
Home🔍Search👤Me