Model-Context-Protocol server that exposes ORKL threat-intelligence endpoints (reports, actors, sources) as callable MCP tools.
https://github.com/fr0gger/MCP_SecurityStop switching between Claude and your threat intelligence platform. This MCP server brings ORKL's comprehensive threat database directly into your AI conversations, so you can analyze threats, research actors, and build security reports without breaking your workflow.
You're probably doing this: researching a threat in Claude, switching to ORKL to pull specific intelligence, copy-pasting data back into Claude, then asking follow-up questions that require another round trip to ORKL. It's inefficient and kills your analytical momentum.
This MCP server eliminates the context switching. Now Claude can directly query ORKL's threat intelligence database, analyze the results, and provide insights—all in a single conversation thread.
Direct Data Access: Six MCP tools that pull live threat intelligence:
Contextual Analysis: Instead of raw data dumps, you get Claude's analytical layer on top of real threat intelligence. Ask "Show me recent ransomware campaigns and their TTPs" and get both the data and the insights.
Workflow Integration: Perfect for incident response, threat hunting, and security research where you need to quickly correlate threats with ongoing investigations.
Incident Response: "Pull details on threat actor APT29 and correlate with this suspicious PowerShell activity I'm investigating." Claude fetches the ORKL data and immediately connects it to your specific IOCs.
Threat Hunting: "Get the latest threat reports involving supply chain attacks and suggest hunting queries for our environment." You get current intelligence plus actionable detection logic.
Security Briefings: "Summarize recent threats targeting financial services and format as an executive brief." Claude pulls relevant reports and creates presentation-ready summaries.
Attribution Research: "Compare the TTPs of these three threat groups and identify overlaps." Claude accesses detailed actor profiles and performs the comparative analysis automatically.
Add this to your Claude Desktop config and you're running threat intelligence queries in minutes:
{
"mcpServers": {
"orkl": {
"command": "uv",
"args": ["--directory", "/path/to/MCP_Security/orkl", "run", "orkl"]
}
}
}
No API keys, no complex authentication—just direct access to ORKL's threat intelligence through Claude's interface.
Threat intelligence is only valuable when it's actionable and accessible. This server removes the friction between having questions about threats and getting authoritative answers. You're not just querying a database—you're having intelligent conversations about threat landscapes with an AI that has real-time access to professional threat intelligence.
For security teams already using Claude for analysis and ORKL for threat intel, this integration is obvious. Stop juggling tools and start having smarter security conversations.