OLETools Secure MCP Server
@pradeep895
Secure MCP server for analyzing Excel files with oletools
Overview
What is OLETools Secure MCP Server?
A secure microservice using FastMCP that analyzes Microsoft Office documents (Excel, Word, PowerPoint) and XLL add-ins for malicious content via static analysis. It integrates with MCP‑compatible tools like Claude Desktop.
How to use OLETools Secure MCP Server?
Clone the repository, install dependencies with pip install -r requirements.txt, then edit claude_desktop_config.json to add the server. Run python config.py and python mcp_service.py. In Claude Desktop, invoke tools like analyze_vba_macros file_path:"C:\path\to\example.xlsm".
Key features of OLETools Secure MCP Server
- Analyzes VBA Macros using olevba
- Detects XLM Macros with XLMMacroDeobfuscator
- Checks for DDE Links via msodde
- Extracts embedded OLE Objects with oleobj
- Analyzes XLL exports for suspicious functions with pefile
- Extracts IOCs (URLs, IPs, hashes, emails) using iocextract
- Provides MIME type and file size validation with python-magic
- Uses a configurable scoring system for risk classification
- Designed for MCP protocol integration with Claude Desktop
Use cases of OLETools Secure MCP Server
- Analyze suspicious Office documents for VBA or XLM macros
- Detect DDE links and embedded OLE objects in email attachments
- Scan XLL add‑ins for malicious function exports
- Extract indicators of compromise (IOCs) from document metadata
- Integrate static analysis into MCP‑aware threat investigation workflows
FAQ from OLETools Secure MCP Server
What are the software dependencies?
Python 3.6+, plus oletools, XLMMacroDeobfuscator, python-magic (or python-magic-bin on Windows), and optionally iocextract.
How do I configure the server for Claude Desktop?
Edit the claude_desktop_config.json file with the server configuration provided in the repository, then restart Claude Desktop. A hammer icon indicates MCP tools are available.
What file types are supported?
Microsoft Office documents (Excel, Word, PowerPoint) and XLL add‑in files.
How do I run an analysis?
After starting the server, use MCP‑compatible clients like Claude Desktop and issue commands such as analyze_vba_macros file_path:"C:\path\to\example.xlsm".
Does the server perform static or dynamic analysis?
It performs static analysis only — no code execution. A scoring system is used for basic risk classification.