CyberAgent
What is CyberAgent
MCP-CyberAgent is an MCP-compliant AI security assistant that integrates with real-world cybersecurity tools like VirusTotal, Nmap, Shodan, and PowerShell. It operates locally, providing users with an AI-powered malware scanning solution that allows for automated hash extraction from running startup applications.
Use cases
MCP-CyberAgent enables users to scan for malware in running processes, discover open network ports, gather threat intelligence from Shodan about public IP addresses, check their external IP, and test the latency and reachability of hosts using ICMP pinging. It serves both personal and organizational security needs.
How to use
Users can interact with MCP-CyberAgent through natural language prompts after setting it up with Claude Desktop. Commands like ‘Scan running processes with VirusTotal’ or ‘What does Shodan know about 1.1.1.1?’ can be used to initiate various scans and checks. Proper API keys must be configured in the environment to enable full functionality.
Key features
Key features include seamless integration with VirusTotal for malware scanning, Nmap for port scanning, Shodan for threat intelligence, as well as local execution of PowerShell scripts for hash extraction. Its natural language capabilities simplify user interaction, requiring no advanced technical knowledge.
Where to use
MCP-CyberAgent can be utilized in personal environments for individual cybersecurity needs or within organizations as a tool for network security assessments and malware detection, providing essential insights without the need for cloud services or network exposure.
Overview
What is CyberAgent
MCP-CyberAgent is an MCP-compliant AI security assistant that integrates with real-world cybersecurity tools like VirusTotal, Nmap, Shodan, and PowerShell. It operates locally, providing users with an AI-powered malware scanning solution that allows for automated hash extraction from running startup applications.
Use cases
MCP-CyberAgent enables users to scan for malware in running processes, discover open network ports, gather threat intelligence from Shodan about public IP addresses, check their external IP, and test the latency and reachability of hosts using ICMP pinging. It serves both personal and organizational security needs.
How to use
Users can interact with MCP-CyberAgent through natural language prompts after setting it up with Claude Desktop. Commands like ‘Scan running processes with VirusTotal’ or ‘What does Shodan know about 1.1.1.1?’ can be used to initiate various scans and checks. Proper API keys must be configured in the environment to enable full functionality.
Key features
Key features include seamless integration with VirusTotal for malware scanning, Nmap for port scanning, Shodan for threat intelligence, as well as local execution of PowerShell scripts for hash extraction. Its natural language capabilities simplify user interaction, requiring no advanced technical knowledge.
Where to use
MCP-CyberAgent can be utilized in personal environments for individual cybersecurity needs or within organizations as a tool for network security assessments and malware detection, providing essential insights without the need for cloud services or network exposure.
Content
MCP-CyberAgent 🛡️
MCP-CyberAgent is an MCP-compliant AI security assistant that connects Claude Desktop (or any MCP client) with real-world cybersecurity tools like VirusTotal, Nmap, Shodan, and PowerShell.
🔬 In this project, I’ve integrated automated hash extraction from running startup applications — enabling Claude to act like a personalized
AI-powered Malware Scanner.
It supports natural language interaction to:
- Scan for malware using VirusTotal
- Discover active network services
- Gather threat intelligence from Shodan
- Test network health and connectivity
All this runs locally in your environment — no cloud integration required. And it’s completely free.
🎥 Demo
https://github.com/user-attachments/assets/469d2800-8c06-461f-8336-6a1751b851cc
⚙️ Tools & Prompts
🔬 VirusTotal Integration
Using PowerShell, MCP-CyberAgent extracts SHA256 hashes from startup applications and checks them against VirusTotal’s threat database.
🧠 Try asking Claude:
"Scan running processes with VirusTotal"
"Check for malware in startup applications"
🌐 Nmap Port Scanner
Scan open ports, services, and protocols on any IP using Claude.
🧠 Try:
"Check what ports are open on 127.0.0.1"
🌍 Shodan IP Intelligence
Get real-time internet-facing service information for any public IP address using Shodan.
🧠 Try:
"What does Shodan know about 1.1.1.1?"
🌐 Get Public IP
Query your external/public IP address.
🧠 Try:
"What is my IP?"
🏓 Ping Checker
Test latency and host reachability via ICMP.
🧠 Try:
"Ping 8.8.8.8"
"Check if google.com is online"
✅ Requirements
- Python 3.10+
- Windows PowerShell (for startup hash scanning)
- Claude Desktop or 5ire
- API Keys:
- VirusTotal
- Shodan (free key is enough)
Install dependencies:
pip install -r requirements.txt
## 🔧 Setup Guide
### 📁 Project Layout
MCP-CyberAgent/
├── bridge_mcp_cyberagent.py
├── modules/
│ ├── virustotal_module.py
│ ├── nmap_module.py
│ ├── shodan_module.py
│ └── sysinfo.ps1
├── configs/
│ └── api_keys.env
├── README.md
└── requirements.txt
### ✅ Installation 1. **Clone the repository:** ```bash git clone https://github.com/JithukrishnanV/MCP-CyberAgent cd MCP-CyberAgent
-
Create a virtual environment (optional but recommended):
python -m venv .venv .venv\Scripts\activate -
Install dependencies:
pip install -r requirements.txt -
Add your API keys in
configs/api_keys.env:VT_API_KEY=your_virustotal_api_key SHODAN_API_KEY=your_shodan_api_key -
Edit Claude Desktop config:
Claude Desktop
To set up Claude Desktop as a Ghidra MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following: -
Launch Claude and select the MCP-CyberAgent from the MCP tab.
🔗 Resources
- 🧠 Claude MCP Docs
- 🔍 VirusTotal
- 🌐 Shodan
- 🛰️ Nmap
- 📚 Python SDK for MCP
- 🛠️ ping3
- 🌍 ipify - Get Public IP