Live threat intel for Claude — CVE, KEV predictions, IP lookup, malware hashes. Free, no API key.
mcp-name: com.keyboardcrumbs/mcp
Live threat intelligence tools for Claude Desktop. Free, no API key required.
| Tool | Description |
|---|---|
check_ip | Threat intel for any IP — risk score, geo, ASN, C2 associations, staging clusters |
check_cve | CVE lookup — CVSS, EPSS, KEV status, exploit availability, patch urgency |
check_domain | Domain intel — DNS records, WHOIS, malware associations, subdomains |
check_hash | Malware hash lookup via VirusTotal (68+ engines) + CIRCL (6.3B files) |
active_threats | Live snapshot — KEV count, active C2s, ransomware victims, data freshness |
predict_kev | KEV Oracle — top CVEs predicted to be added to CISA KEV before it happens |
check_staging | GhostWatch — detect pre-attack infrastructure staging for an IP or domain |
check_ransomware | Ransomware group lookup and victim tracking |
Add to claude_desktop_config.json:
{
"mcpServers": {
"keyboardcrumbs": {
"command": "uvx",
"args": ["--from", "git+https://github.com/keyboardcrumbs/mcp", "keyboardcrumbs-mcp"]
}
}
}git clone https://github.com/keyboardcrumbs/mcp
cd mcp
uv venv && source .venv/bin/activate
uv add "mcp[cli]" httpxAdd to claude_desktop_config.json:
{
"mcpServers": {
"keyboardcrumbs": {
"command": "uv",
"args": ["--directory", "/path/to/mcp", "run", "server.py"]
}
}
}Restart Claude Desktop.
Once installed, just ask Claude:
Claude will call the live KeyboardCrumbs API and return real-time threat intelligence.
URLhaus · Feodo Tracker · AlienVault OTX · CISA KEV · NVD · EPSS · ExploitDB · VirusTotal · CIRCL · SANS ISC DShield · Shodan · RIPE · crt.sh · Ransomware.live
Data updates every 15 minutes. No API key. No signup. No rate limits for normal use.