Model Context Protocol low risk

Security

The ORKL MCP server provides access to threat intelligence data, including reports, actors, and sources, via a set of read-only tools.

Connections & Capabilities

Connects To

GitHubTwitter

Capabilities

read

Quickstart

Config

{
  "mcpServers": {
    "orkl": {
      "command": "uv",
      "args": [
      "--directory",
      "/MyMCP/mcptest/orkl",
      "run",
      "orkl"
      ]
    }
  }
}


## Report Tools

### Fetch Latest Threat Reports
- **Name**: `fetch_latest_threat_reports`
- **Description**: Fetch recent threat reports with their titles and IDs.
- **Parameters**: None

### Fetch Threat Report Details
- **Name**: `fetch_threat_report_details`
- **Description**: Retrieve detailed information for a specific threat report by ID.
- **Parameters**:
  - `report_id` (required): The ID of the threat report.

## Threat Actor Tools

### Fetch Threat Actors
- **Name**: `fetch_threat_actors`
- **Description**: Fetch a list of known threat actors with their IDs and names.
- **Parameters**: None

### Fetch Threat Actor Details
- **Name**: `fetch_threat_actor_details`
- **Description**: Retrieve detailed information for a specific threat actor by ID.
- **Parameters**:
  - `actor_id` (required): The ID of the threat actor.

## Source Tools

### Fetch Sources
- **Name**: `fetch_sources`
- **Description**: Fetch a list of sources used in threat intelligence.
- **Parameters**: None

### Fetch Source Details
- **Name**: `fetch_source_details`
- **Description**: Retrieve detailed metadata for a specific source by ID.
- **Parameters**:
  - `source_id` (required): The ID of the source.

Exposed MCP Tools (6)

safe

fetch_latest_threat_reports

Retrieves a list of the most recent threat reports, including their titles and IDs.

Read-only operation; retrieves a list of threat reports.

safe

fetch_threat_report_details

Fetches detailed information about a specific threat report using its ID.

Read-only operation; retrieves details of a specific threat report.

safe

fetch_threat_actors

Retrieves a list of known threat actors, including their IDs and names.

Read-only operation; retrieves a list of threat actors.

safe

fetch_threat_actor_details

Fetches detailed information about a specific threat actor using its ID.

Read-only operation; retrieves details of a specific threat actor.

safe

fetch_sources

Retrieves a list of sources used in threat intelligence.

Read-only operation; retrieves a list of threat intelligence sources.

safe

fetch_source_details

Fetches detailed metadata for a specific threat intelligence source using its ID.

Read-only operation; retrieves details of a specific threat intelligence source.

Safety Assessment

This server is relatively safe due to its read-only nature and focus on retrieving threat intelligence data. However, users should be aware of the potential risks associated with data exfiltration and misinterpretation. It is safe to use in environments where access to threat intelligence is required, but risky if the data is not properly secured and interpreted.

Read-only operations
No direct system access
Focus on threat intelligence data retrieval
No write or delete capabilities

Potential for data exfiltration if not handled properly
Reliance on external ORKL API introduces a dependency
Misinterpretation of threat data could lead to incorrect actions
Exposure of threat data to unauthorized personnel