How do I install Abnormal?

Abnormal is a local plugin. Install it using the provided package and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Abnormal need?

Abnormal requires the following credentials or environment variables: ABNORMAL_API_TOKEN, MCP_TRANSPORT, AUTH_MODE, LOG_LEVEL. You can find setup instructions on the server detail page.

What AI apps work with Abnormal?

Abnormal uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Abnormal MCP Server

by Wyre Technology

Developer ToolsUse Caution4.8MCP RegistryLocal

Free

Server data from the Official MCP Registry

MCP server for Abnormal Security — AI-powered email threat detection, cases, and remediation.

About

MCP server for Abnormal Security — AI-powered email threat detection, cases, and remediation.

Security Report

4.8

Use Caution4.8High Risk

This is a well-structured MCP server with proper authentication, secure credential handling, and appropriate permissions for its intended purpose. The code follows security best practices with Bearer token authentication, environment variable-based credential management, and dual transport support (stdio and HTTP). Minor code quality issues around input validation and error handling do not significantly impact security. Supply chain analysis found 3 known vulnerabilities in dependencies (2 critical, 0 high severity).

7 files analyzed · 10 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

Abnormal Security API token (Bearer credential)Required

Environment variable: ABNORMAL_API_TOKEN

Transport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.Optional

Environment variable: MCP_TRANSPORT

Credential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.Optional

Environment variable: AUTH_MODE

Log verbosity: debug, info, warn, errorOptional

Environment variable: LOG_LEVEL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-wyre-technology-abnormal-mcp": {
      "env": {
        "AUTH_MODE": "your-auth-mode-here",
        "LOG_LEVEL": "your-log-level-here",
        "MCP_TRANSPORT": "your-mcp-transport-here",
        "ABNORMAL_API_TOKEN": "your-abnormal-api-token-here"
      },
      "args": [
        "-y",
        "@wyre-technology/abnormal-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

abnormal-mcp

MCP server for Abnormal Security — AI-powered threat detection, case management, and email remediation.

Tools

This server uses a decision-tree architecture. Start by calling abnormal_navigate to select a domain, then use the domain-specific tools.

Navigation

Tool	Description
`abnormal_navigate`	Navigate to a domain (threats, messages, remediation, abuse, cases)
`abnormal_back`	Return to domain selection

Threats domain

Tool	Description
`abnormal_threats_list`	List detected threat cases (paginated)
`abnormal_threats_get`	Get full details of a specific threat by ID

Messages domain

Tool	Description
`abnormal_messages_list`	List messages within a threat case
`abnormal_messages_get`	Get detailed message analysis (headers, URLs, attachments, AI analysis)

Remediation domain

Tool	Description
`abnormal_remediation_manage`	Trigger or check remediation actions for a message

Abuse domain

Tool	Description
`abnormal_abuse_list`	List phishing emails reported via the Abuse Mailbox

Cases domain

Tool	Description
`abnormal_cases_list`	List active security investigation cases
`abnormal_cases_get`	Get details of a specific case

Authentication

Abnormal Security uses Bearer token authentication.

Standalone (env mode)

export ABNORMAL_API_TOKEN=your-api-token
node dist/index.js

Generate your token in the Abnormal portal under Settings > Integrations > API.

Gateway mode

When deployed behind the MCP gateway, set AUTH_MODE=gateway. The gateway injects the Authorization: Bearer {token} header automatically on each request.

Running

stdio (for Claude Desktop)

npm install
npm run build
node dist/index.js

HTTP Streamable (for hosted/gateway deployment)

MCP_TRANSPORT=http AUTH_MODE=gateway node dist/index.js

Docker

docker compose up

Development

npm install
npm run dev          # watch mode
npm test             # run tests
npm run typecheck    # TypeScript type check

License

Apache-2.0

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Abnormal MCP Server

About

Security Report

Findings (10)Action required

Permissions Required

What You'll Need

How to Install

Documentation

abnormal-mcp

Tools

Navigation

Threats domain

Messages domain

Remediation domain

Abuse domain

Cases domain

Authentication

Standalone (env mode)

Gateway mode

Running

stdio (for Claude Desktop)

HTTP Streamable (for hosted/gateway deployment)

Docker

Development

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript