Sectora threat-intel
## Sectora Threat Intelligence Ask your AI *"is this CVE actually being exploited?"* and get real data back — not a guess from 2024 training cutoff. Sectora blends **EPSS scores**, **CISA KEV** status, **public exploit** availability, **Nuclei templates**, and **CVSS** into a single 0–100 **weaponization score**. Your LLM stops hallucinating severity and starts giving actionable answers grounded in live signals. --- ### 🛠️ Tools | Tool | What it does | |---|---| | `lookup_cve` | Full CVE enrichment — EPSS, KEV, exploits, Nuclei, ransomware use | | `get_weaponization_score` | 0–100 score blending 5 exploitation signals | | `search_cves` | Find CVEs by keyword, severity, KEV status, or exploit availability | | `assess_tech_risk` | Risk summary for a stack (e.g. `"nginx 1.25, OpenSSL 3.1, PostgreSQL 16"`) | | `get_kev_recent` | Newly added CISA KEV entries | | `get_trending_cves` | EPSS spikes + new exploits this week | | `lookup_ip_reputation` | Community IP rep from the Sectora Shield WAF network | | `get_threat_stats` | Database coverage stats | --- ### 💬 Try these prompts - *"Is CVE-2024-3400 being actively exploited? What's its weaponization score?"* - *"What's the weaponization score for Log4Shell?"* - *"Assess the security risk of running nginx 1.25 and OpenSSL 3.1"* - *"Show me the critical CVEs added to CISA KEV this week"* - *"Has IP 45.33.32.156 been reported for attacks?"* --- ### ⚡ Quick start (Claude Desktop) ```json { "mcpServers": { "sectora": { "type": "streamable-http", "url": "https://mcp.sectora.io/mcp" } } } Works out of the box with Claude Desktop, Claude Code, Cursor, Windsurf, ChatGPT, and any MCP-compatible client. --- 🎁 Free tier 300 requests/minute per IP. No signup. No credit card. Discovery calls (tools/list, initialize) don't count against quota. Need higher limits for production use? Get a free API key at sectora.io/settings/api-keys → 3,000 req/min. --- 🔒 Privacy We log request metadata (IP, country, tool name, latency) for abuse detection and service reliability. We do not log tool arguments or responses — the CVEs and IPs you look up are never stored. 30-day retention. Full details at sectora.io/legal/privacy. --- 🏢 About Built and operated by Sectora — an AI-era DAST platform that scans production apps for vulnerabilities. This MCP is our way of putting the same threat-intel enrichment our scanners use directly inside your AI workflow
Executive verdict
trustsnap_4f30607abdfbb976- No segmented attention signals observed in the current window.
Current trust snapshot
trustsnap_4f30607abdfbb976Canonical machine links
Own this MCP?
Claim ownership, prove control with a GitHub, DNS, HTTP, MCP metadata, or email-domain challenge, revalidate now, publish a badge, configure monitoring, and unlock a verified server profile.
POST /v1/servers/oversight/threat-intel/revalidateBadge embed
[](https://verify.sentinelsignal.io/servers/oversight/threat-intel)
MCP TrustOps
TrustOps turns this report into operational controls: freshness SLAs, authenticated validation, semantic benchmarks, policy exports, alert subscriptions, badges, cost/compliance metadata, and runtime routing. Fresh trusted index decisions stay separate from long-tail inventory so stale scores do not masquerade as current evidence.
/v1/decideAlert subscription types
MCP Runtime hosting
No hosted runtime profile is available yet.
Production readiness class
Evidence confidence
Recommended for
No recommendation profile is available yet.
Client compatibility verdicts
No client compatibility verdicts are available yet.
Why compatibility is limited by client
No per-client remediation checklist is available yet.
Verdict traces
No verdict trace data is available yet.
Publishability policy profiles
No publishability policy profiles are available yet.
Compatibility fixtures
No compatibility fixtures are available yet.
Authenticated validation sessions
No authenticated validation detail is available yet.
Public validation is free. Authenticated validation is paid and proves scoped behavior, write-action safeguards, and authenticated tool execution.
Public server reputation
No public server reputation signals are available yet.
Incident & change feed
No incidents or changes recorded yet.
Capabilities
- OAuth:
- DCR/CIMD:
- Prompts:
- Homepage: https://sectora.io/
- Docs: none
- Support: none
- Icon: https://api.smithery.ai/servers/oversight/threat-intel/icon
- Remote endpoint: none
- Server card: none
Security posture
No security posture summary available yet.
Agent Commerce & Payment Readiness - Beta
No agent-commerce assessment available yet.
Tool capability & risk inventory
No tool inventory available from the latest validation run.
Write-action governance
No write-action governance summary is available yet.
Action-controls diff
Need at least two validation runs before diffing action controls.
Why this score?
No score decomposition available yet.
Algorithmic score breakdown
Compatibility profiles
No compatibility profiles available.
Actionable remediation
No remediation items. Current evidence does not show urgent client-facing fixes.
Point loss breakdown
No current score penalties are recorded.
Validation diff
Need at least two validation runs before diffing changes.
Tool snapshot diff & changelog
Need at least two validation runs before building a tool changelog.
Connector replay
No connector replay evidence is available yet.
Transport compliance drilldown
No transport compliance drilldown is available yet.
Request association
No request-association evidence is available yet.
Utility coverage
No utility-coverage summary is available yet.
Benchmark tasks
No benchmark tasks are available yet.
Registry & provenance divergence
No provenance-divergence summary is available yet.
Active alerts
No active alerts for the current server state.
Aliases & registry graph
No aliases discovered for this server.
Alias consolidation
No alias consolidation details are available yet.
Install snippets
No install snippets available.
Agent access & tool surface
tools/list, prompts/list, and resources/list checks.oversight/threat-intel.Claims & monitoring
No verified maintainer claim recorded.
Alert routing
No alert routing is configured yet.
Maintainer analytics
No maintainer analytics available.
Maintainer response quality
No maintainer response quality signals are available yet.
Maintainer annotations
No maintainer annotations have been recorded yet.
Maintainer rebuttals & expected behavior
No maintainer rebuttals or expected-behavior overrides are recorded yet.
Latest validation evidence
No validation run available yet.
Raw evidence view
No raw evidence recorded.
Known versions
- No versions recorded.
Validation history
No historical trend summary is available yet.
Validation timeline
No validation timeline is available yet.
Recent validation runs
| Started | Status | Summary | Latency | Checks |
|---|---|---|---|---|
| No validation runs yet. | ||||