MCP server for Abnormal Security — AI-powered threat detection, case management, and email remediation
- ✓Open-source license (Apache-2.0)
- ✓Actively maintained (<30d)
- ✓Clear description
- ✓Topics declared
git clone https://github.com/wyre-technology/abnormal-mcp{
"mcpServers": {
"abnormal-mcp": {
"command": "node",
"args": ["/path/to/abnormal-mcp/dist/index.js"],
"env": {
"ABNORMAL_API_TOKEN": "<abnormal_api_token>"
}
}
}
}ABNORMAL_API_TOKENMCP Servers overview
# abnormal-mcp
MCP server for [Abnormal Security](https://abnormalsecurity.com/) — AI-powered threat detection, case management, and email remediation.
## Tools
This server uses a decision-tree architecture. Start by calling `abnormal_navigate` to select a domain, then use the domain-specific tools.
### Navigation
| Tool | Description |
|------|-------------|
| `abnormal_navigate` | Navigate to a domain (threats, messages, remediation, abuse, cases) |
| `abnormal_back` | Return to domain selection |
### Threats domain
| Tool | Description |
|------|-------------|
| `abnormal_threats_list` | List detected threat cases (paginated) |
| `abnormal_threats_get` | Get full details of a specific threat by ID |
### Messages domain
| Tool | Description |
|------|-------------|
| `abnormal_messages_list` | List messages within a threat case |
| `abnormal_messages_get` | Get detailed message analysis (headers, URLs, attachments, AI analysis) |
### Remediation domain
| Tool | Description |
|------|-------------|
| `abnormal_remediation_manage` | Trigger or check remediation actions for a message |
### Abuse domain
| Tool | Description |
|------|-------------|
| `abnormal_abuse_list` | List phishing emails reported via the Abuse Mailbox |
### Cases domain
| Tool | Description |
|------|-------------|
| `abnormal_cases_list` | List active security investigation cases |
| `abnormal_cases_get` | Get details of a specific case |
## Authentication
Abnormal Security uses Bearer token authentication.
### Standalone (env mode)
```bash
export ABNORMAL_API_TOKEN=your-api-token
node dist/index.js
```
Generate your token in the Abnormal portal under **Settings > Integrations > API**.
### Gateway mode
When deployed behind the MCP gateway, set `AUTH_MODE=gateway`. The gateway injects the `Authorization: Bearer {token}` header automatically on each request.
## Running
### stdio (for Claude Desktop)
```bash
npm install
npm run build
node dist/index.js
```
### HTTP Streamable (for hosted/gateway deployment)
```bash
MCP_TRANSPORT=http AUTH_MODE=gateway node dist/index.js
```
### Docker
```bash
docker compose up
```
## Development
```bash
npm install
npm run dev # watch mode
npm test # run tests
npm run typecheck # TypeScript type check
```
## License
Apache-2.0
What people ask about abnormal-mcp
What is wyre-technology/abnormal-mcp?
+
wyre-technology/abnormal-mcp is mcp servers for the Claude AI ecosystem. MCP server for Abnormal Security — AI-powered threat detection, case management, and email remediation It has 0 GitHub stars and was last updated today.
How do I install abnormal-mcp?
+
You can install abnormal-mcp by cloning the repository (https://github.com/wyre-technology/abnormal-mcp) or following the README instructions on GitHub. ClaudeWave also provides quick install blocks on this page.
Is wyre-technology/abnormal-mcp safe to use?
+
Our security agent has analyzed wyre-technology/abnormal-mcp and assigned a Trust Score of 87/100 (tier: Trusted). See the full breakdown of passed checks and flags on this page.
Who maintains wyre-technology/abnormal-mcp?
+
wyre-technology/abnormal-mcp is maintained by wyre-technology. The last recorded GitHub activity is from today, with 14 open issues.
Are there alternatives to abnormal-mcp?
+
Yes. On ClaudeWave you can browse similar mcp servers at /categories/mcp, sorted by popularity or recent activity.
Deploy abnormal-mcp to your cloud
Ship this repo to production in minutes. Each platform spins up its own environment with editable env vars.
Maintain this repo? Add a badge to your README
Drop the badge into your GitHub README to show it's tracked on ClaudeWave. Each badge links back to this page and reflects the live Trust Score.
[](https://claudewave.com/repo/wyre-technology-abnormal-mcp)<a href="https://claudewave.com/repo/wyre-technology-abnormal-mcp"><img src="https://claudewave.com/api/badge/wyre-technology-abnormal-mcp" alt="Featured on ClaudeWave: wyre-technology/abnormal-mcp" width="320" height="64" /></a>More MCP Servers
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
An open-source AI agent that brings the power of Gemini directly into your terminal.
The fastest path to AI-powered full stack observability, even for lean teams.
🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。