A read-only STDIO server that wires 1.13M threat intelligence indicators into Claude Desktop, Cursor, or any MCP client. You get three tools: full-text search across 17.9M documents spanning IOCs, CISA KEV, adversary profiles, and 40+ threat indexes; IP enrichment with geolocation, ASN, and cross-index correlation; and STIX feed metadata. No filesystem writes, no exec calls, no third-party SDK dependencies. The same two-person Minnesota outfit that named TeamPCP 45 days before CISA and called NGINX-UI exploitation 20 days early. Built for CI pipelines that need to fail on known-bad indicators before deployment, now accessible as conversational tooling. Optional local policy gate if you need stricter controls than the default allow-all stance.
claude mcp add --transport stdio pduggusa-dugganusa-cli uvx dugganusa-cli