MCP ConfigsMay 12, 2026·2 min read

CVE MCP Server — Security Intel for Claude

cve-mcp-server is a security intelligence MCP server; start free with EPSS/KEV/NVD, then add an NVD key to jump from 5 to 50 req/30s.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 17/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Stage only
Trust
Trust: Established
Entrypoint
Asset
Safe staging command
npx -y tokrepo@latest install e2527e64-be66-572b-82a3-191e7bdeef75 --target codex

Stages files first; activation requires review of the staged README and plan.

Intro

cve-mcp-server is a security intelligence MCP server; start free with EPSS/KEV/NVD, then add an NVD key to jump from 5 to 50 req/30s.

  • Best for: teams triaging CVEs who want correlated signals (CVSS, EPSS, KEV, advisories) in one agent workflow
  • Works with: Python; Claude Desktop/Claude Code via MCP; optional API keys for higher limits and more intel sources
  • Setup time: 15–40 minutes

Practical Notes

  • Quant: README says adding NVD_API_KEY increases NVD rate limit from 5 → 50 requests per 30 seconds.
  • Quant: the MCP inspector example opens at http://localhost:6274 for interactive tool testing.

Main

A staged rollout that avoids alert fatigue:

  1. Start with free signals (EPSS + CISA KEV + baseline NVD) to answer “is this exploited?”.
  2. Add NVD_API_KEY early for throughput (5→50 req/30s), then add other keys only if you truly need them.
  3. Write a triage prompt template that always outputs: affected versions, exploit likelihood, KEV status, and a patch recommendation with deadline.

Keep .env out of git and treat threat-intel keys as production secrets.

FAQ

Q: Can I start without any API keys? A: Yes—README says you can test with free tools first and add keys progressively.

Q: Why add NVD key first? A: It provides a 10× throughput bump: 5→50 requests per 30 seconds.

Q: How do I validate the server? A: Use claude mcp list or run the MCP inspector on localhost to test tools interactively.

🙏

Source & Thanks

Source: https://github.com/mukul975/cve-mcp-server > License: Apache-2.0 > GitHub stars: 561 · forks: 93

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets