Connects Claude to the ThreatFox feed from abuse.ch, a free threat intelligence source tracking current indicators of compromise. Exposes two tools: search by file hash (MD5, SHA1, or SHA256) to find associated IOCs, and search by malware family name like Cobalt Strike or Emotet to pull tagged indicators. Runs through the Pipeworx gateway as a streamable HTTP transport. You'll want this if you're doing security analysis or incident response and need to check whether hashes or malware families have known IOC associations. Requires a free API key from abuse.ch to use.
claude mcp add --transport http io.github.pipeworx-io-threatfox https://gateway.pipeworx.io/threatfox/mcp