MCP.so
Sign In

YaraFlux MCP Server

@ThreatFlux

About YaraFlux MCP Server

A yara based MCP Server

Basic information

Category

Other

License

MIT

Runtime

python

Transports

stdio

Publisher

ThreatFlux

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "YaraFlux": {
      "command": "docker",
      "args": [
        "pull",
        "threatflux/yaraflux-mcp-server:latest"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is YaraFlux MCP Server?

YaraFlux MCP Server is a Model Context Protocol (MCP) server that gives AI assistants the ability to analyze files using YARA rules. It integrates YARA-based threat scanning with LLMs, supporting comprehensive rule management, secure scanning, and result analysis through a modular architecture.

How to use YaraFlux MCP Server?

Run it with Docker (docker pull threatflux/yaraflux-mcp-server:latest and docker run with the required JWT_SECRET_KEY, ADMIN_PASSWORD, and DEBUG environment variables) or install from source (requires Python 3.13+, then make install and make run). For Claude Desktop, add a docker entry to claude_desktop_config.json with the appropriate environment variables and auto-approved tools.

Key features of YaraFlux MCP Server

  • 19 integrated MCP tools for scanning, rule management, and file handling
  • YARA rule creation, validation, import, update, and deletion
  • URL and file content scanning with detailed match information
  • Secure file upload, storage, and analysis (hex view, string extraction)
  • Storage backends: local filesystem and MinIO/S3
  • JWT authentication and non-root container execution

Use cases of YaraFlux MCP Server

  • AI-assisted malware analysis by scanning files with community YARA rules
  • Threat intelligence automation: import and manage YARA rules from the ThreatFlux repository
  • Incident response: upload suspicious files, scan them, and retrieve detailed results
  • Rule lifecycle management: create, validate, update, and delete YARA rules through a chatbot interface

FAQ from YaraFlux MCP Server

What runtime dependencies does YaraFlux MCP Server require?

Python 3.13+ is required for source installation. Docker is used for containerized deployment. No other external services are strictly required, but MinIO/S3 can be used for remote storage.

How is data stored and secured?

By default, uploaded files and scan results are stored on the local filesystem. Optionally, MinIO/S3 storage can be configured. JWT authentication protects the API, and the container runs as a non-root user.

What transport and authentication does the server use?

The server uses the Model Context Protocol (MCP) for communication with AI assistants. API access is protected by JWT authentication, configured via the JWT_SECRET_KEY environment variable.

Can I import existing YARA rules from the ThreatFlux repository?

Yes, the import_threatflux_rules tool allows importing rules directly from the ThreatFlux GitHub repository, and rules can be categorized as custom or community.

How do I integrate YaraFlux MCP Server with Claude Desktop?

Add a docker command entry in Claude Desktop’s claude_desktop_config.json under mcpServers, setting the required environment variables. After restarting Claude Desktop, the MCP tools become available.

Comments

More Other MCP servers