KeyboardCrumbs MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add keyboardcrumbs -- uvx --from git+https://github.com/keyboardcrumbs/mcp keyboardcrumbs-mcp
README.md

Live threat intelligence tools for Claude Desktop.

KeyboardCrumbs MCP Server

mcp-name: com.keyboardcrumbs/mcp

Live threat intelligence tools for Claude Desktop. Free, no API key required.

Tools

Tool Description
check_ip Threat intel for any IP — risk score, geo, ASN, C2 associations, staging clusters
check_cve CVE lookup — CVSS, EPSS, KEV status, exploit availability, patch urgency
check_domain Domain intel — DNS records, WHOIS, malware associations, subdomains
check_hash Malware hash lookup via VirusTotal (68+ engines) + CIRCL (6.3B files)
active_threats Live snapshot — KEV count, active C2s, ransomware victims, data freshness
predict_kev KEV Oracle — top CVEs predicted to be added to CISA KEV before it happens
check_staging GhostWatch — detect pre-attack infrastructure staging for an IP or domain
check_ransomware Ransomware group lookup and victim tracking

Install

Option 1 — uvx (no install needed)

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "keyboardcrumbs": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/keyboardcrumbs/mcp", "keyboardcrumbs-mcp"]
    }
  }
}

Option 2 — Clone and run locally

git clone https://github.com/keyboardcrumbs/mcp
cd mcp
uv venv && source .venv/bin/activate
uv add "mcp[cli]" httpx

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "keyboardcrumbs": {
      "command": "uv",
      "args": ["--directory", "/path/to/mcp", "run", "server.py"]
    }
  }
}

Restart Claude Desktop.

Example Usage

Once installed, just ask Claude:

  • "Is 45.141.26.73 malicious?"
  • "Should I patch CVE-2024-3400 immediately?"
  • "What CVEs are about to be added to CISA KEV?"
  • "Is this domain staging for an attack?"
  • "What's the current threat landscape?"

Claude will call the live KeyboardCrumbs API and return real-time threat intelligence.

Data Sources

URLhaus · Feodo Tracker · AlienVault OTX · CISA KEV · NVD · EPSS · ExploitDB · VirusTotal · CIRCL · SANS ISC DShield · Shodan · RIPE · crt.sh · Ransomware.live

Data updates every 15 minutes. No API key. No signup. No rate limits for normal use.

Links

Tools (8)

check_ipProvides threat intel for any IP including risk score, geo, ASN, C2 associations, and staging clusters.
check_cvePerforms CVE lookup including CVSS, EPSS, KEV status, exploit availability, and patch urgency.
check_domainProvides domain intel including DNS records, WHOIS, malware associations, and subdomains.
check_hashPerforms malware hash lookup via VirusTotal and CIRCL.
active_threatsProvides a live snapshot of KEV counts, active C2s, ransomware victims, and data freshness.
predict_kevPredicts top CVEs likely to be added to the CISA KEV list.
check_stagingDetects pre-attack infrastructure staging for an IP or domain.
check_ransomwareProvides ransomware group lookup and victim tracking.

Configuration

claude_desktop_config.json
{"mcpServers": {"keyboardcrumbs": {"command": "uvx", "args": ["--from", "git+https://github.com/keyboardcrumbs/mcp", "keyboardcrumbs-mcp"]}}}

Try it

Is 45.141.26.73 malicious?
Should I patch CVE-2024-3400 immediately?
What CVEs are about to be added to CISA KEV?
Is this domain staging for an attack?
What's the current threat landscape?

Frequently Asked Questions

What are the key features of KeyboardCrumbs?

Real-time threat intelligence without API keys. CISA KEV status and predictive analysis. Malware hash lookup via VirusTotal and CIRCL. Pre-attack infrastructure staging detection. Ransomware group and victim tracking.

What can I use KeyboardCrumbs for?

Security analysts verifying IP reputation during incident response. IT administrators prioritizing patch management based on KEV status. Threat hunters identifying potential pre-attack infrastructure staging. Security researchers tracking ransomware group activity.

How do I install KeyboardCrumbs?

Install KeyboardCrumbs by running: uvx --from git+https://github.com/keyboardcrumbs/mcp keyboardcrumbs-mcp

What MCP clients work with KeyboardCrumbs?

KeyboardCrumbs works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep KeyboardCrumbs docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars