Public

orkl_mcp_server

Try Now

2025-04-04

ORKL威胁情报库的MCP服务器

3 years

Works with Finder

1

Github Watches

0

Github Forks

0

Github Stars

ORKL MCP Server

A MCP (Model Control Protocol) server for accessing the ORKL Threat Intelligence Library.

Features
Getting Started
MCP Tools
MCP Resources
Example Prompts
License

Features

Access to ORKL Threat Intelligence Library data via the ORKL API
Efficient caching to minimize API calls
Rate limiting to respect ORKL API restrictions
Standardized MCP Tools and Resources for LLM interaction
Built-in support for Claude Desktop integration

Screenshot

Getting Started

Prerequisites

Python 3.10 or later
uv package manager (recommended)

Installation

Clone the repository:

git clone https://github.com/heiths/orkl_mcp_server.git
cd orkl_mcp_server

Install dependencies using uv (recommended):

uv venv
uv pip install -r requirements.txt

Configure the server (see Configuration section below)

Register with Claude Desktop

Add the following config to your claude_desktop_config.json:

{
  "ORKL Threat Intelligence": {
    "command": "uv",
    "args": [
      "--directory",
      "/path/to/orkl_mcp_server",  <-- Replace with the path to the cloned repository
      "run",
      "python",
      "run_server.py"
    ],
    "env": {
      "ORKL_API_BASE_URL": "https://orkl.eu/api/v1",
      "ORKL_REQUEST_TIMEOUT": "30",
      "ORKL_CACHE_TTL": "300",
      "ORKL_USE_CACHE": "1",
      "ORKL_RATE_LIMIT_REQUESTS": "90",
      "ORKL_RATE_LIMIT_PERIOD": "30"
    }
  }
}

MCP Tools

The server provides the following MCP Tools:

fetch_latest_threat_reports: Get recent threat intelligence reports
fetch_threat_report_details: Get details about a specific report
fetch_threat_report_by_hash: Retrieve a report by SHA1 hash
search_threat_reports: Search for reports matching criteria
get_library_info: Get information about the ORKL library
get_library_version: Get version information
fetch_threat_actors: Get a list of all threat actors
fetch_threat_actor_details: Get detailed information about a threat actor
fetch_sources: Get a list of available sources
fetch_source_details: Get detailed information about a source
clear_cache: Clear the local cache for fresh data

MCP Resources

The server provides these MCP Resources:

threat_reports://{report_id}: Direct access to specific reports
threat_actors://{actor_id}: Direct access to threat actor information
sources://{source_id}: Direct access to source information

Example Prompts

Malware Investigation

I found a suspicious file with SHA1 hash '5f2b7f47b2c9da342583c3a7e3887b4babad0fa9'. Can you check if this hash is associated with any known threats in the ORKL database and provide details about its capabilities and attribution?

Threat Landscape Overview

Can you provide an overview of the current threat landscape for financial institutions? Use the ORKL API to search for relevant threat reports from the past month and identify emerging trends or notable threat actors.

Configuration

Configuration can be provided through:

Environment variables
A JSON configuration file (config.json in the current directory)

Environment Variables

Variable	Description	Default
`ORKL_API_BASE_URL`	API base URL	`https://orkl.eu/api/v1`
`ORKL_REQUEST_TIMEOUT`	Request timeout in seconds	`30`
`ORKL_CACHE_TTL`	Cache time-to-live in seconds	`300`
`ORKL_USE_CACHE`	Enable caching (1/0)	`1`
`ORKL_RATE_LIMIT_REQUESTS`	Maximum requests per period	`90`
`ORKL_RATE_LIMIT_PERIOD`	Rate limit period in seconds	`30`
`ORKL_CONFIG_FILE`	Path to configuration file	`config.json`

License

This project is licensed under the MIT License - see the LICENSE file for details.

Reviews

1 (1)

user_qJ73lWQL

2025-04-18

Orkl_mcp_server by heiths on GitHub is a fantastic MCP application. The setup was straightforward and the documentation comprehensive. The server runs smoothly and handles multiple clients without issues. Excellent work by the developer! Highly recommend checking it out here: https://github.com/heiths/orkl_mcp_server.