A powerful MCP server built with NitroStack
Add via Cursor Settings UI (Settings > Features > MCP > Add New MCP Server):
{
"mcpServers": {
// your other mcp servers
"talos-mcp-server": {
"url": "https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
}
}
}
Connect remote tools directly via Claude's Web UI:
Configure custom tools directly via ChatGPT's Web UI:
Add the following configuration block under mcpServers in your Antigravity configuration file (~/.gemini/config/mcp_config.json):
{
"mcpServers": {
// your other mcp servers
"talos-mcp-server": {
"serverUrl": "https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
}
}
}
Add the following configuration block to your Codex configuration file (~/.codex/config.toml):
[mcp_servers.talos-mcp-server] url = "https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
Connect directly using the Server-Sent Events endpoint:
https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp
Primary tool for a passive website security posture scan. Use when the user asks to scan, audit, review, grade, or check the security of a website/domain they own or are authorized to test. Checks HTTPS/TLS, security headers, cookies, exposed files, DNS/email security, and basic fingerprinting, then returns a graded report with remediation. Do not use this for "is this link safe/phishing" questions; use analyze_link_safety for suspicious links.
Primary tool for public vulnerability/CVE lookup. Use when the user asks about CVEs, known vulnerabilities, exploit advisories, NVD records, or risk for a named software product/version such as nginx 1.18.0, Apache, OpenSSL, WordPress, or a CVE id. Do not use for academic papers; use find_research_papers or search_research.
Primary tool for SSH/Linux/server authentication-log brute-force incident analysis. Use when the user mentions auth.log, login failures, failed password attempts, password guessing, brute force, suspicious SSH logins, attacking IPs, or wants IPs extracted from logs. Reports attacking IPs, attempt counts, targeted usernames, ML confidence, and anomaly flags.
Generic academic literature search across OpenAlex, Semantic Scholar, and CORE. Use for broad security research topics when no scan findings/report context is needed. If the user explicitly asks for papers/citations/studies/references about Talos scan findings, vulnerabilities, or a report, prefer find_research_papers because it accepts findings and target context.
Primary tool for real academic papers and citations tied to security findings, vulnerability topics, or report evidence. Use when the user says research papers, papers, citations, studies, academic literature, references, arXiv, Semantic Scholar, OpenAlex, CORE, IEEE-style evidence, or asks for papers about found bugs/findings like HSTS, CSP, X-Frame-Options, clickjacking, MIME sniffing, Referrer-Policy, SQL injection, XSS, brute force, or phishing. Prefer this over search_research whenever findings, target, product, or report context exists.
Primary tool for suspicious-link and phishing safety checks. Use whenever the user asks "is this link safe", "is this phishing", "check this URL", "can I open this", "is this scam/malware", "detect phishing link", "should I enter credentials/payment", or shares a suspicious URL. Detects phishing, social engineering, brand impersonation, malware, unwanted software, scams, risky downloads, shorteners, suspicious redirects, typosquatting, homograph/punycode, unsafe HTTP, private-network redirects, and provider threat-intel matches. Do not substitute scan_website, lookup_ip, or run_security_tool for link-safety decisions.
Primary tool for defensive firewall/blocklist rule generation after an incident or auth-log analysis. Use when the user asks to block attacking IPs, generate fail2ban/iptables/ufw/Windows Firewall rules, or create a deny list. This only returns rules for review and never applies them.
Send a short security alert through configured Gmail/SMTP email or Slack channels. Use only when the user explicitly asks to alert, notify, send an alert, or warn someone. For emailing a full generated report, prefer send_report_email. For emailing arbitrary text or summary, use send_email.
Send arbitrary text, summaries, or notes by email using the configured Gmail SMTP sender. Use when the user explicitly says send/email/forward/share this information or provides an email recipient for a non-report message. If the user wants the latest generated Talos report emailed, prefer send_report_email. Never call this just because a report was generated.
Primary tool for creating a consolidated Talos security report. Use when the user asks for a full report, security report, summary report, audit report, executive report, or combined scan/CVE/research/auth-log report. It can run website scanning, CVE lookup, research, and optional auth-log analysis. By default this ONLY returns and saves the report. Do not email, forward, or send it unless the user explicitly asks for email/send/forward/share, or send_email is true.
Primary tool for emailing a generated Talos security report. Use when the user explicitly asks to email/send/forward/share the latest report or a report by id. Do not use for short alerts; use send_alert. Do not use for arbitrary non-report text; use send_email.
Primary tool for MCP/Talos runtime health checks. Use when the user asks to test tools, verify the MCP server, check whether Talos tools work, run diagnostics, or validate the hosted deployment. Does not send email unless include_email is explicitly true.
Primary tool for checking an existing password or passphrase. Use when the user asks whether a password is strong, weak, breached, cracked, safe to use, or wants entropy/crack-time analysis. Do not use generate_password unless the user asks to create a new password.
Primary tool for creating a new strong random password. Use when the user asks to generate, make, create, or suggest a password. Do not use check_password_strength unless the user supplied an existing password to evaluate.
Primary tool for hashing plain text with MD5, SHA-1, SHA-256, or SHA-512. Use when the user asks to hash, digest, checksum, or compute SHA/MD5 of provided text. For identifying an unknown hash string, use list_security_tools with search="hash identify" and then run_security_tool.
Primary tool for decoding a JSON Web Token. Use when the user provides a JWT or asks to decode JWT/header/payload/claims. It does not verify signatures. Do not use the generic run_security_tool jwt_decode unless this dedicated tool is unavailable.
Primary tool for IP or host investigation. Use when the user asks for geolocation, ISP, ASN, reverse DNS, reputation, proxy/VPN/datacenter clues, or context for an attacking IP. For checking whether a URL is phishing or safe to open, use analyze_link_safety instead.
Primary tool for Talos self-defense status. Use when the user asks what attacks Talos has seen, which IPs are blocked, recent attack events, attack counts, attack type breakdown, or the app security posture.
Discover specialized built-in Talos security tools for tasks not covered by a dedicated MCP tool. Use this before run_security_tool when the user asks for DNS lookup, WHOIS, port scan, base64/URL encode/decode, hash identification, robots.txt, raw HTTP headers, security headers, or another toolbox-style task. Prefer dedicated MCP tools first for website scans, link safety, CVEs, auth logs, reports, email, passwords, JWT decode, hashing text, IP lookup, and research papers.
Run a specialized built-in Talos security toolbox tool by exact name after discovering it with list_security_tools. Use for toolbox tasks such as DNS lookup, WHOIS, port scan, base64/URL encode/decode, hash identification, robots.txt, raw HTTP headers, and security headers. Do not use this generic runner when a dedicated MCP tool fits: scan_website, analyze_link_safety, lookup_cves, analyze_auth_log, generate_security_report, send_email, send_report_email, send_alert, check_password_strength, generate_password, hash_text, decode_jwt, lookup_ip, search_research, or find_research_papers. Defensive use only on authorized systems.
Primary tool for searching the local uploaded resource library. Use when the user refers to my book, uploaded PDF, local resources, course material, notes, documents, or wants answers grounded in Talos bundled books. Returns matching page snippets with citations. If a snippet is not enough, call get_resource_page.
Fetch the full text of one cited page from the local resource library. Use after search_resources or list_resources when the user needs exact page content, more context, or a full cited passage.
List books and documents available in the local Talos resource library. Use when the user asks what resources/books are available or before get_resource_page when a book_id is unknown.