rdintel-mcp

MCP server for the rdintel.com CVE intelligence API.
48 tools over stdio. Drop it into Claude Desktop, Cursor, Windsurf, or any MCP-compatible agent.

Website · Docs · API reference · rdintel-cli

---

What it does

Exposes the rdintel CVE intelligence API as MCP tools so an agent can:

• Look up a single CVE — full intel, threat score, exploitation status, affected products, detection rules
• Search the corpus by severity, CVSS, CWE, product, freshness, KEV, PoC, threat score
• Pull threat feeds — daily digest, weaponized CVEs, recent exploits, recent KEV adds, trending, high-EPSS, EU-relevant
• Fetch detection rules per CVE — Nuclei, Sigma, YARA, AI-generated Nuclei
• Browse vendors and products — list, drill in, list affected CVEs
• Investigate threat actors and malware families
• Track public-repository exploit-development activity

All 48 tools call the rdintel REST API over HTTPS. Nothing runs locally except the stdio bridge.

---

Install

Recommended — pipx

pipx install rdintel-mcp

pipx puts the rdintel-mcp binary on your PATH in an isolated virtualenv. Install pipx itself with brew install pipx or python3 -m pip install --user pipx.

Alternative — uv tool

uv tool install rdintel-mcp

From source

git clone https://github.com/rdintel/rdintel-mcp
cd rdintel-mcp
pip install -e .

---

Authenticate

Generate an API key at rdintel.com/account/api-keys/ and export it:

export RDINTEL_API_KEY="your-key-here"

The server exits immediately with a clear message if this is unset.

---

Configure your MCP client

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "rdintel": {
      "command": "rdintel-mcp",
      "env": {
        "RDINTEL_API_KEY": "your-key-here"
      }
    }
  }
}

Restart Claude Desktop. The 48 tools appear in the hammer-icon menu.

Cursor

In Cursor settings → MCP Servers, add:

{
  "mcpServers": {
    "rdintel": {
      "command": "rdintel-mcp",
      "env": {
        "RDINTEL_API_KEY": "your-key-here"
      }
    }
  }
}

Or use the included examples/cursor_mcp.json as a starting point.

Windsurf / Cline / other MCP clients

Any stdio-MCP-compatible client works. Point it at the rdintel-mcp executable and pass RDINTEL_API_KEY in the env.

---

Configuration

Env var	Default	Notes
RDINTEL_API_KEY	(required)	API key. Server exits on startup if unset.
RDINTEL_API_URL	https://rdintel.com/api/v1	Override only if you self-host.

---

Example interactions

Once configured, ask your agent natural-language questions:

• "Look up CVE-2024-3400 and tell me if there are public exploits."
• "Give me today's threat briefing."
• "Show me CRITICAL CVEs from the last 7 days that are in KEV and have a public PoC."
• "What CVEs affecting Fortinet products are trending right now?"
• "Get the Nuclei and Sigma rules for CVE-2024-9474."

The agent picks the right tool automatically.

---

Troubleshooting

RDINTEL_API_KEY is not set — Export the env var or add it to your MCP client's env block. The server refuses to start without it.

HTTP 401 / HTTP 403 — API key is invalid, expired, or rate-limited. Re-generate at rdintel.com/account/api-keys/.

Not found — The CVE ID or vendor slug doesn't exist in the corpus. Check spelling; CVE IDs are case-insensitive but the tool will normalize.

Tools don't appear in Claude Desktop — Verify the path: which rdintel-mcp. The config file's command must be either the absolute path or a binary on Claude's PATH.

---

License

MIT — see LICENSE.