Esta página se muestra en inglés. Una traducción al español está en curso.
MCP ConfigsMay 12, 2026·2 min de lectura

CVE MCP Server — Security Intel for Claude

cve-mcp-server is a security intelligence MCP server; start free with EPSS/KEV/NVD, then add an NVD key to jump from 5 to 50 req/30s.

Listo para agents

Staging seguro para este activo

Este activo primero queda en staging. El prompt copiado pide inspeccionar los archivos staged antes de activar scripts, config MCP o config global.

Stage only · 17/100Política: staging
Superficie agent
Cualquier agent MCP/CLI
Tipo
Mcp Config
Instalación
Stage only
Confianza
Confianza: Established
Entrada
Asset
Comando de staging seguro
npx -y tokrepo@latest install e2527e64-be66-572b-82a3-191e7bdeef75 --target codex

Primero deja archivos en staging; la activación requiere revisar el README y el plan staged.

Introducción

cve-mcp-server is a security intelligence MCP server; start free with EPSS/KEV/NVD, then add an NVD key to jump from 5 to 50 req/30s.

  • Best for: teams triaging CVEs who want correlated signals (CVSS, EPSS, KEV, advisories) in one agent workflow
  • Works with: Python; Claude Desktop/Claude Code via MCP; optional API keys for higher limits and more intel sources
  • Setup time: 15–40 minutes

Practical Notes

  • Quant: README says adding NVD_API_KEY increases NVD rate limit from 5 → 50 requests per 30 seconds.
  • Quant: the MCP inspector example opens at http://localhost:6274 for interactive tool testing.

Main

A staged rollout that avoids alert fatigue:

  1. Start with free signals (EPSS + CISA KEV + baseline NVD) to answer “is this exploited?”.
  2. Add NVD_API_KEY early for throughput (5→50 req/30s), then add other keys only if you truly need them.
  3. Write a triage prompt template that always outputs: affected versions, exploit likelihood, KEV status, and a patch recommendation with deadline.

Keep .env out of git and treat threat-intel keys as production secrets.

FAQ

Q: Can I start without any API keys? A: Yes—README says you can test with free tools first and add keys progressively.

Q: Why add NVD key first? A: It provides a 10× throughput bump: 5→50 requests per 30 seconds.

Q: How do I validate the server? A: Use claude mcp list or run the MCP inspector on localhost to test tools interactively.

🙏

Fuente y agradecimientos

Source: https://github.com/mukul975/cve-mcp-server > License: Apache-2.0 > GitHub stars: 561 · forks: 93

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados