Nullcone Threat Intelligence
io.github.maco144/nullcone · v0.1.0 · MCP 2025-11-25
Real-time threat intel for AI agents: 890K+ IOCs incl. prompt-injection & AI-skill threats
Reachability
reachable
checked 2026-07-14 04:08 UTC
Registry status active
Tools pinned 30
6f82c1f8ba7a
Tools last changed
unchanged since first capture 2026-07-14
Provenance
Registry namespace io.github.maco144
(GitHub-account verified by the official registry)
Repository
github.com/maco144/nullcone-mcp
Website
https://nullcone.ai
Remote endpoints
https://nullcone.ai/mcp (streamable-http)
Observed changes
| When (UTC) | Event | Detail |
|---|---|---|
| 2026-07-14 04:08 | first capture | 30 tools pinned |
Pinned tool definitions (30)
| Tool | Description |
|---|---|
| submit_ioc | Submit a threat indicator (IOC) to the shared intelligence network. The IOC is automatically classified into a malware family, metadata is compressed, and deduplication is handled atomically. All subscribed agents see... |
| submit_batch | Submit multiple IOCs in a single call. Preferred over looping submit_ioc for bulk ingest from honeypots, sandboxes, or feed processing. Each dict in `iocs` follows the same schema as submit_ioc parameters. Required... |
| lookup_ioc | Look up a threat signature by its exact IOC value. Returns the full signature record if found, including severity, family, detection count, and false positive votes. Args: value: The exact IOC value to search... |
| recent_threats | Return the most recently observed threat signatures. Args: limit: Max number of results to return (1-200) min_severity: Minimum severity level (0-10). Default 5 (medium+) |
| family_threats | Return all threat signatures associated with a known malware family. Use list_families() first to discover available family names. Args: family_name: Exact malware family name (e.g. "emotet", "qbot",... |
| list_families | Return all known malware families in the intelligence database. Each entry includes the family name, description, and category. Use family_threats(family_name) to retrieve the IOCs for a specific family. |
| search_by_type | Return threat signatures filtered by IOC type. Useful for pulling all known-bad IPs, all malicious domains, all malicious AI skill hashes, etc. Args: ioc_type: One of: hash_md5, hash_sha1, hash_sha256, ip,... |
| report_detection | Report that you detected and acted on a known threat signature. Increments the signature's detection count and creates a ThreatEvent visible to all other agents in real-time. Args: signature_id: ID of the... |
| vote_false_positive | Flag a threat signature as a likely false positive. When more than 20% of agents vote false positive on a signature, its `is_likely_fp` flag becomes True — a signal to review before blocking. Args: ... |
| poll_since | Fetch new threat signatures since a high-water mark ID. This is the recommended sync pattern — one call, get new data, persist next_id, disconnect. No persistent connection required. Call with last_id=0 on first run to... |
| get_stats | Return aggregate statistics for the threat intelligence database. Includes total signatures, known malware families, active agents, and total detection events. |
| validate_skill | Synchronous SKILL IOC lookup — call this before loading or invoking any MCP tool/skill to check it against the Nullcone threat feed. This is the pre-invocation enforcement hook. Returns an allow/warn/block decision... |
| scan_skill_content | Pre-execution content scan for skill/instruction files. Analyzes the full text of a skill (markdown, plain text, SKILL.md, etc.) for malicious patterns BEFORE the agent follows the instructions. This is the critical... |
| get_new_threats | Drain the live push-subscription buffer of threats received since the last call. Zero-polling — threats are delivered via SpacetimeDB WebSocket subscription and buffered server-side. Use this instead of poll_since()... |
| warm_prompt_cache | Load all PROMPT IOCs from SpacetimeDB into the in-memory hash set. Call once at startup (or after a major feed update) to populate the sub-1ms query cache. Subsequent check_prompt() calls require no network access. The... |
| check_prompt | Check a prompt or text fragment for known PROMPT IOC patterns. Uses an in-memory hash set for sub-1ms token-level querying — no network calls after the cache is warmed. Slides a window of 3, 5, 8, and 10 tokens across... |
| check_prompt_batch | Check multiple prompts for PROMPT IOC patterns in a single call. More efficient than calling check_prompt() in a loop — tokenization overhead is amortized and the cache reference is shared. Args: texts: List... |
| prompt_cache_stats | Return PROMPT IOC cache statistics: size, hit rate, latency, refresh status. Use this to verify the cache is warmed and healthy before relying on check_prompt() for real-time detection. |
| check_freshness | Validate that IOC threat intelligence is fresh enough for the named action. Call this before any high-risk agent action to ensure the TI snapshot is not stale. The check itself completes in <1ms (no network I/O). ... |
| freshness_limits | Return the configured IOC freshness limits for all action tiers. Shows max staleness, warn threshold, and which actions belong to each tier. Use this to understand when check_freshness() will warn or block. |
| fingerprint_tool_metadata | Analyze an MCP tool definition for instruction-injection and malicious patterns. Performs semantic fingerprinting of the tool's description, parameter schemas, and error templates — detecting credential exfiltration... |
| registry_monitor_stats | Return MCP registry monitoring statistics. Shows how many tool definitions are tracked, how many have been flagged, and the current drift detection rate. |
| registry_flagged_tools | Return all MCP tools that have been flagged as suspicious or malicious. Includes tools flagged on initial ingestion (high-risk fingerprint) and tools that showed significant semantic drift on update. |
| subscribe_threats | Open a named, stateful subscription to live threat push delivery. Returns a subscription_id. Pass it to drain_subscription() to collect the IOCs that have arrived since your last drain — zero polling, each caller gets... |
| drain_subscription | Drain the buffer of a stateful subscription created by subscribe_threats(). Returns all IOCs delivered to this subscription since the last drain. Each subscription is independent — draining yours does not affect others. ... |
| unsubscribe | Cancel a stateful subscription and free its buffer. Call this when you no longer need the subscription to release memory. Subscriptions also auto-expire after 1 hour of inactivity. Args: subscription_id: The... |
| list_subscriptions | List all active stateful push subscriptions on this MCP server instance. Returns metadata for each subscription (not the buffered IOCs themselves). Useful for inspecting what agents are currently subscribed and what ... |
| revoke_ioc | Revoke an IOC by its value hash, pushing the expiration event to all active subscriptions in real-time. Call this when an IOC is determined to be a false positive, expired, or superseded. Subscribed agents receive the... |
| is_ioc_revoked | Check whether an IOC has been revoked. O(1) in-process lookup. Use this before acting on any cached threat intelligence to ensure the IOC has not been retracted since it was loaded. Args: value_hash: SHA256 of... |
| list_revocations | List recent IOC revocations, newest first. Args: limit: Maximum number of revocations to return (default 50). since_hours: Only return revocations newer than this many hours ago. 0 =... |
Status badge
[](https://toolpin.dev/servers/io.github.maco144/nullcone)
Maintain this server? Add the badge to your README — it links your users to this live status page.