How do I install Nullcone?

Nullcone supports both local and remote installation. For local use, install it via the provided package manager and add the configuration to your AI app. For remote access, add the server URL to your MCP configuration.

What AI apps work with Nullcone?

Nullcone uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Nullcone MCP Server

by Maco144

Developer ToolsUse Caution4.2MCP RegistryLocalRemote

Free

Server data from the Official MCP Registry

Real-time threat intel for AI agents: 890K+ IOCs incl. prompt-injection & AI-skill threats

About

Real-time threat intel for AI agents: 890K+ IOCs incl. prompt-injection & AI-skill threats

Remote endpoints: streamable-http: https://nullcone.ai/mcp

Security Report

4.2

Use Caution4.2High Risk

The Nullcone MCP server is a well-structured threat intelligence platform with reasonable security posture for its intended use case. Authentication is appropriately optional for read operations on a public threat feed, and permissions align with the server's purpose (network I/O for threat data, environment variables for configuration). However, there are several moderate-severity issues: environment variable exposure of database tokens in logs, incomplete input validation in SQL queries, use of broad exception handlers, and a public endpoint that disables destructive operations but lacks explicit rate-limiting or DOS protections. The code quality is generally good with clear documentation, but these gaps should be addressed before production deployment. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity).

3 files analyzed · 12 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

network_websocket

Check that this permission is expected for this type of plugin.

process_spawn

Check that this permission is expected for this type of plugin.

system_info

Check that this permission is expected for this type of plugin.

How to Install & Connect

Available as Local & Remote

This plugin can run on your machine or connect to a hosted endpoint. during install.

Documentation

View on GitHub

From the project's GitHub README.

Nullcone MCP Server

Real-time threat intelligence for AI agents, exposed as a Model Context Protocol server. Check IPs, domains, URLs, hashes, CVEs, prompt-injection payloads, and malicious AI-skill / MCP-tool definitions against the Nullcone network — 890K+ IOCs, free, no API key.

Backed by nullcone.ai.

Use it (hosted — nothing to install)

The server is hosted at https://nullcone.ai/mcp over streamable HTTP. Add it to any MCP client:

Claude Code

claude mcp add --transport http nullcone https://nullcone.ai/mcp

Cursor / other MCP clients — add to your MCP config:

{
  "mcpServers": {
    "nullcone": {
      "url": "https://nullcone.ai/mcp"
    }
  }
}

No signup or token required. Read tools and IOC submission are open; destructive tools (e.g. revoke_ioc) are disabled on the public endpoint.

Tools

30+ tools including:

lookup_ioc(value) — check any indicator against the feed
recent_threats(limit, min_severity) — current threat picture
submit_ioc(...) / submit_batch(...) — contribute indicators
check_prompt(...) — sub-millisecond prompt-injection lookup
validate_skill(...) / scan_skill_content(...) — vet MCP tools / AI skills before loading
poll_since(last_id) — incremental sync, no persistent connection
get_stats(), list_families(), search_by_type(...), and more

Resources: threat://stats, threat://recent, threat://families, threat://family/{name}, threat://ioc/{value}. Prompts: analyze_ioc, triage_alert, threat_brief.

Self-host

The server is built on the public nullcone SDK.

pip install -r requirements.txt
MCP_TRANSPORT=streamable-http MCP_PORT=8001 python server.py

Or with Docker:

docker build -t nullcone-mcp .
docker run -p 8001:8001 nullcone-mcp

Set MCP_PUBLIC=1 to run an anonymous public endpoint (disables destructive tools); omit it for full local control over stdio (MCP_TRANSPORT=stdio).

License

Rising Sun License v1.0 — see LICENSE. Free for individuals and small teams.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

Nullcone MCP Server

About

Security Report

Findings (12)Action required

Permissions Required

How to Install & Connect

Documentation

Nullcone MCP Server

Use it (hosted — nothing to install)

Tools

Self-host

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent