MCP Marketplace
BrowseHow It WorksFor CreatorsDocs
Sign inSign up
MCP Marketplace

The curated, security-first marketplace for AI tools.

Product

Browse ToolsSubmit a ToolDocumentationHow It WorksBlogFAQ

Legal

Terms of ServicePrivacy PolicyCommunity Guidelines

Connect

support@mcp-marketplace.ioTwitter / XDiscord

MCP Marketplace © 2026. All rights reserved.

Back to Browse

Threatlocker MCP Server

by Wyre Technology
Developer ToolsUse Caution4.2MCP RegistryLocal
Free

Server data from the Official MCP Registry

MCP server for ThreatLocker — zero-trust endpoint protection, allowlisting, and policies.

About

MCP server for ThreatLocker — zero-trust endpoint protection, allowlisting, and policies.

Security Report

4.2
Use Caution4.2High Risk

The ThreatLocker MCP server implements proper credential handling with support for both stdio and HTTP gateway modes. However, there are moderate-severity security concerns around credential injection in gateway mode, missing input validation on user-controlled parameters, and insufficient error handling that could leak sensitive information. The permissions (env_vars, network_http) align appropriately with the server's purpose as a developer tool interfacing with the ThreatLocker API. Supply chain analysis found 5 known vulnerabilities in dependencies (1 critical, 3 high severity).

7 files analyzed · 12 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

ThreatLocker API keyRequired

Environment variable: THREATLOCKER_API_KEY

ThreatLocker organization IDOptional

Environment variable: THREATLOCKER_ORGANIZATION_ID

Transport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.Optional

Environment variable: MCP_TRANSPORT

Credential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.Optional

Environment variable: AUTH_MODE

Log verbosity: debug, info, warn, errorOptional

Environment variable: LOG_LEVEL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-wyre-technology-threatlocker-mcp": {
      "env": {
        "AUTH_MODE": "your-auth-mode-here",
        "LOG_LEVEL": "your-log-level-here",
        "MCP_TRANSPORT": "your-mcp-transport-here",
        "THREATLOCKER_API_KEY": "your-threatlocker-api-key-here",
        "THREATLOCKER_ORGANIZATION_ID": "your-threatlocker-organization-id-here"
      },
      "args": [
        "-y",
        "threatlocker-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

ThreatLocker MCP Server

A Model Context Protocol (MCP) server that provides AI assistants with access to the ThreatLocker Portal API. Manage computers, approval requests, audit logs, and organizations through natural language interactions.

Features

  • Stateless Architecture: No session state required, fresh connections per request
  • Decision-Tree Navigation: Navigate domains with threatlocker_navigate
  • Gateway Mode: Multi-tenant support via HTTP headers
  • Elicitation Support: Interactive prompts for missing parameters
  • Comprehensive Error Handling: Detailed error messages and logging
  • Docker Support: Production-ready containerization

Tools

Navigation

  • threatlocker_navigate - Navigate to a domain to see available tools
  • threatlocker_status - Check API connection status and available domains

Computers

  • threatlocker_computers_list - List computers with filters (search, group, pagination)
  • threatlocker_computers_get - Get detailed computer information
  • threatlocker_computers_get_checkins - Get computer checkin history

Computer Groups

  • threatlocker_computer_groups_list - List computer groups with filters
  • threatlocker_computer_groups_dropdown - Get computer groups for dropdown selection

Approval Requests

  • threatlocker_approvals_list - List approval requests with status filters
  • threatlocker_approvals_get - Get detailed approval request information
  • threatlocker_approvals_pending_count - Get count of pending approvals
  • threatlocker_approvals_get_permit_application - Get permit application details

Audit Log

  • threatlocker_audit_search - Search audit log entries with filters
  • threatlocker_audit_get - Get detailed audit log entry
  • threatlocker_audit_file_history - Get audit history for specific file

Organizations

  • threatlocker_organizations_list_children - List child organizations
  • threatlocker_organizations_get_auth_key - Get organization auth key
  • threatlocker_organizations_for_move_computers - Get organizations for computer moves

Configuration

Environment Variables

Stdio Mode (Direct API Access)
THREATLOCKER_API_KEY=your_api_key_here
THREATLOCKER_ORGANIZATION_ID=your_org_id_here
MCP_TRANSPORT=stdio
Gateway Mode (Multi-tenant)
AUTH_MODE=gateway
MCP_TRANSPORT=http
MCP_HTTP_PORT=8080
MCP_HTTP_HOST=0.0.0.0
Gateway Mode Headers

When running in gateway mode, include these headers with each request:

  • X-Threatlocker-Api-Key: Your ThreatLocker API key
  • X-Threatlocker-Organization-Id: Your organization ID

Logging

LOG_LEVEL=debug|info|warn|error  # Default: info

Local Development

  1. Clone the repository:
git clone https://github.com/wyre-technology/threatlocker-mcp.git
cd threatlocker-mcp
  1. Install dependencies:
npm install
  1. Set environment variables:
cp .env.example .env
# Edit .env with your ThreatLocker credentials
  1. Build and run:
npm run build
npm start

# Or for development with hot reload:
npm run dev
  1. Test the server:
# Stdio mode
echo '{"jsonrpc": "2.0", "id": 1, "method": "tools/list"}' | npm start

# HTTP mode
curl http://localhost:8080/health

Docker

Using Docker Compose

# Pull and run latest image
docker compose up -d

# Or build locally
docker compose -f docker-compose.dev.yml up --build

Using Docker directly

# Gateway mode (recommended)
docker run -d \
  --name threatlocker-mcp \
  -p 8080:8080 \
  -e AUTH_MODE=gateway \
  ghcr.io/wyre-technology/threatlocker-mcp:latest

# Stdio mode
docker run -d \
  --name threatlocker-mcp \
  -e THREATLOCKER_API_KEY=your_key \
  -e THREATLOCKER_ORGANIZATION_ID=your_org_id \
  -e MCP_TRANSPORT=stdio \
  ghcr.io/wyre-technology/threatlocker-mcp:latest

Architecture

Directory Structure

src/
├── domains/           # Domain-specific handlers
│   ├── computers.ts
│   ├── computer_groups.ts
│   ├── approval_requests.ts
│   ├── audit_log.ts
│   ├── organizations.ts
│   ├── navigation.ts
│   └── index.ts
├── utils/             # Utilities
│   ├── client.ts      # ThreatLocker API client
│   ├── logger.ts      # Structured logging
│   ├── types.ts       # TypeScript types
│   ├── server-ref.ts  # Server reference for elicitation
│   └── elicitation.ts # Interactive prompts
├── server.ts          # MCP server creation
├── index.ts           # Stdio transport entry
└── http.ts            # HTTP transport entry

Design Patterns

  • Domain Handlers: Each API area has its own handler with getTools() and handleCall()
  • Lazy Loading: Domain handlers are imported on-demand
  • Fresh Connections: New server instance per HTTP request for stateless operation
  • Credential Invalidation: Client is reset when credentials change
  • Elicitation Framework: Interactive prompts for missing parameters

License

Apache-2.0 - see LICENSE for details.

Reviews

No reviews yet

Be the first to review this server!

0

installs

New

no ratings yet

Is this your server?

Claim ownership to manage your listing, respond to reviews, and track installs from your dashboard.

Claim with GitHub

Sign up with the GitHub account that owns this repo

Links

Source CodeDocumentation

Details

Published May 22, 2026
Version 1.2.2
0 installs
Local Plugin

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

80.0K
Stars
7
Installs
5.3
Security
No ratings yet
Local

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

80.0K
Stars
6
Installs
6.5
Security
No ratings yet
Local

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

137
Stars
535
Installs
8.0
Security
4.8
Local

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

-
Stars
80
Installs
10.0
Security
4.6
Local

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

156.1K
Stars
47
Installs
6.0
Security
5.0
Local

MCP Marketplace

Free

by mcp-marketplace · Developer Tools

Search and install MCP servers from inside your AI client.

-
Stars
34
Installs
10.0
Security
5.0
Remote