A threat intelligence MCP that indexes 17.9 million documents including 1.13 million IOCs from URLhaus, Spamhaus, ThreatFox, and OTX, plus unusual datasets like 1.83 million Tor relay snapshots and the Epstein archive. Three tools: search across nine indexes (IOCs, adversaries, CISA KEV CVEs, OTX pulses, blog posts), enrich-ioc for deep dives on single indicators with actor attribution and cross-feed correlation, and stix-feed-summary for gauging STIX 2.1 feed shape before pulling the full bundle. Read-only by design with prompt-injection sanitization. Authenticated access required for STIX operations; anonymous calls get search and enrichment with rate limits. Built by the team that caught ClearFake left-of-boom and predicted Medtronic six weeks early.
claude mcp add --transport http io.github.pduggusa-dugganusa-threat-intel https://analytics.dugganusa.com/api/v1/mcp