MCP Server
Threatray's MCP server connects AI assistants and coding agents — Claude Code, Codex, Gemini CLI, Claude Desktop, Cursor, and others — directly to the Threatray platform. Query samples, run searches, inspect reports, and aggregate IOCs in natural language, and build agentic workflows on top of Threatray's platform.
The server and full documentation, including the complete tool reference, lives at github.com/threatray/threatray-mcp
Requirements
- Python 3.11+
- A Threatray API key (from your account settings)
- Your realm API URL:
https://api-<your-realm>.analysis.threatray.com
Setup
Claude Code
claude mcp add threatray -s user \
-e THREATRAY_API_KEY=YOUR_API_KEY \
-e THREATRAY_API_URL=https://api-<your-realm>.analysis.threatray.com \
-- uvx threatray-mcpClaude Desktop, Cursor and others
Add to the client's MCP config file, then restart:
{
"mcpServers": {
"threatray": {
"command": "uvx",
"args": ["threatray-mcp"],
"env": {
"THREATRAY_API_KEY": "YOUR_API_KEY",
"THREATRAY_API_URL": "https://api-<your-realm>.analysis.threatray.com"
}
}
}
} Capabilities
28 tools across search & retrohunt, sample submission, analyses, file inspection, function diffing, CAPA, AI analysis, and OSINT. See the GitHub README for the full list.
Updated about 15 hours ago