Talos Mcp Server

v1.0.0

A powerful MCP server built with NitroStack

Connection Setup

Add via Cursor Settings UI (Settings > Features > MCP > Add New MCP Server):

{
  "mcpServers": {
    // your other mcp servers
    "talos-mcp-server": {
      "url": "https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Connect remote tools directly via Claude's Web UI:

Add custom connector BETA
Connect Claude to your data and tools. Learn more about connectors or get started with pre-built ones.
Advanced settings
Only use connectors from developers you trust. Anthropic does not control which tools developers make available and cannot verify that they will work as intended or that they won't change.

Configure custom tools directly via ChatGPT's Web UI:

New App
PNG only. Best results at 256 x 256 px or larger. Max file size: 10 KB
Custom MCP servers introduce risk. Learn more
OpenAI hasn't reviewed this MCP server. Attackers may attempt to steal your data or trick the model into taking unintended actions, including destroying data.

Add the following configuration block under mcpServers in your Antigravity configuration file (~/.gemini/config/mcp_config.json):

{
  "mcpServers": {
    // your other mcp servers
    "talos-mcp-server": {
      "serverUrl": "https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Add the following configuration block to your Codex configuration file (~/.codex/config.toml):

[mcp_servers.talos-mcp-server]
url = "https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"

Connect directly using the Server-Sent Events endpoint:

https://mentora-6a-mentora-builders-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp
Available Tools
scan_website

Primary tool for a passive website security posture scan. Use when the user asks to scan, audit, review, grade, or check the security of a website/domain they own or are authorized to test. Checks HTTPS/TLS, security headers, cookies, exposed files, DNS/email security, and basic fingerprinting, then returns a graded report with remediation. Do not use this for "is this link safe/phishing" questions; use analyze_link_safety for suspicious links.

lookup_cves

Primary tool for public vulnerability/CVE lookup. Use when the user asks about CVEs, known vulnerabilities, exploit advisories, NVD records, or risk for a named software product/version such as nginx 1.18.0, Apache, OpenSSL, WordPress, or a CVE id. Do not use for academic papers; use find_research_papers or search_research.

analyze_auth_log

Primary tool for SSH/Linux/server authentication-log brute-force incident analysis. Use when the user mentions auth.log, login failures, failed password attempts, password guessing, brute force, suspicious SSH logins, attacking IPs, or wants IPs extracted from logs. Reports attacking IPs, attempt counts, targeted usernames, ML confidence, and anomaly flags.

search_research

Generic academic literature search across OpenAlex, Semantic Scholar, and CORE. Use for broad security research topics when no scan findings/report context is needed. If the user explicitly asks for papers/citations/studies/references about Talos scan findings, vulnerabilities, or a report, prefer find_research_papers because it accepts findings and target context.

find_research_papers

Primary tool for real academic papers and citations tied to security findings, vulnerability topics, or report evidence. Use when the user says research papers, papers, citations, studies, academic literature, references, arXiv, Semantic Scholar, OpenAlex, CORE, IEEE-style evidence, or asks for papers about found bugs/findings like HSTS, CSP, X-Frame-Options, clickjacking, MIME sniffing, Referrer-Policy, SQL injection, XSS, brute force, or phishing. Prefer this over search_research whenever findings, target, product, or report context exists.

analyze_link_safety

Primary tool for suspicious-link and phishing safety checks. Use whenever the user asks "is this link safe", "is this phishing", "check this URL", "can I open this", "is this scam/malware", "detect phishing link", "should I enter credentials/payment", or shares a suspicious URL. Detects phishing, social engineering, brand impersonation, malware, unwanted software, scams, risky downloads, shorteners, suspicious redirects, typosquatting, homograph/punycode, unsafe HTTP, private-network redirects, and provider threat-intel matches. Do not substitute scan_website, lookup_ip, or run_security_tool for link-safety decisions.

generate_blocklist

Primary tool for defensive firewall/blocklist rule generation after an incident or auth-log analysis. Use when the user asks to block attacking IPs, generate fail2ban/iptables/ufw/Windows Firewall rules, or create a deny list. This only returns rules for review and never applies them.

send_alert

Send a short security alert through configured Gmail/SMTP email or Slack channels. Use only when the user explicitly asks to alert, notify, send an alert, or warn someone. For emailing a full generated report, prefer send_report_email. For emailing arbitrary text or summary, use send_email.

send_email

Send arbitrary text, summaries, or notes by email using the configured Gmail SMTP sender. Use when the user explicitly says send/email/forward/share this information or provides an email recipient for a non-report message. If the user wants the latest generated Talos report emailed, prefer send_report_email. Never call this just because a report was generated.

generate_security_report

Primary tool for creating a consolidated Talos security report. Use when the user asks for a full report, security report, summary report, audit report, executive report, or combined scan/CVE/research/auth-log report. It can run website scanning, CVE lookup, research, and optional auth-log analysis. By default this ONLY returns and saves the report. Do not email, forward, or send it unless the user explicitly asks for email/send/forward/share, or send_email is true.

send_report_email

Primary tool for emailing a generated Talos security report. Use when the user explicitly asks to email/send/forward/share the latest report or a report by id. Do not use for short alerts; use send_alert. Do not use for arbitrary non-report text; use send_email.

self_test_all_tools

Primary tool for MCP/Talos runtime health checks. Use when the user asks to test tools, verify the MCP server, check whether Talos tools work, run diagnostics, or validate the hosted deployment. Does not send email unless include_email is explicitly true.

check_password_strength

Primary tool for checking an existing password or passphrase. Use when the user asks whether a password is strong, weak, breached, cracked, safe to use, or wants entropy/crack-time analysis. Do not use generate_password unless the user asks to create a new password.

generate_password

Primary tool for creating a new strong random password. Use when the user asks to generate, make, create, or suggest a password. Do not use check_password_strength unless the user supplied an existing password to evaluate.

hash_text

Primary tool for hashing plain text with MD5, SHA-1, SHA-256, or SHA-512. Use when the user asks to hash, digest, checksum, or compute SHA/MD5 of provided text. For identifying an unknown hash string, use list_security_tools with search="hash identify" and then run_security_tool.

decode_jwt

Primary tool for decoding a JSON Web Token. Use when the user provides a JWT or asks to decode JWT/header/payload/claims. It does not verify signatures. Do not use the generic run_security_tool jwt_decode unless this dedicated tool is unavailable.

lookup_ip

Primary tool for IP or host investigation. Use when the user asks for geolocation, ISP, ASN, reverse DNS, reputation, proxy/VPN/datacenter clues, or context for an attacking IP. For checking whether a URL is phishing or safe to open, use analyze_link_safety instead.

get_defense_status

Primary tool for Talos self-defense status. Use when the user asks what attacks Talos has seen, which IPs are blocked, recent attack events, attack counts, attack type breakdown, or the app security posture.

list_security_tools

Discover specialized built-in Talos security tools for tasks not covered by a dedicated MCP tool. Use this before run_security_tool when the user asks for DNS lookup, WHOIS, port scan, base64/URL encode/decode, hash identification, robots.txt, raw HTTP headers, security headers, or another toolbox-style task. Prefer dedicated MCP tools first for website scans, link safety, CVEs, auth logs, reports, email, passwords, JWT decode, hashing text, IP lookup, and research papers.

run_security_tool

Run a specialized built-in Talos security toolbox tool by exact name after discovering it with list_security_tools. Use for toolbox tasks such as DNS lookup, WHOIS, port scan, base64/URL encode/decode, hash identification, robots.txt, raw HTTP headers, and security headers. Do not use this generic runner when a dedicated MCP tool fits: scan_website, analyze_link_safety, lookup_cves, analyze_auth_log, generate_security_report, send_email, send_report_email, send_alert, check_password_strength, generate_password, hash_text, decode_jwt, lookup_ip, search_research, or find_research_papers. Defensive use only on authorized systems.

search_resources

Primary tool for searching the local uploaded resource library. Use when the user refers to my book, uploaded PDF, local resources, course material, notes, documents, or wants answers grounded in Talos bundled books. Returns matching page snippets with citations. If a snippet is not enough, call get_resource_page.

get_resource_page

Fetch the full text of one cited page from the local resource library. Use after search_resources or list_resources when the user needs exact page content, more context, or a full cited passage.

list_resources

List books and documents available in the local Talos resource library. Use when the user asks what resources/books are available or before get_resource_page when a book_id is unknown.