Configuring MCP server with AI assistants
Overview
The MCP (Model Context Protocol) server enables AI assistants to connect to Spectra Intelligence APIs for malware reporting, IOC triage, and reputation lookups. The following steps describe how to configure the MCP server integration with Claude Code or other MCP-compatible AI assistants.
Official marketplace integrations for ChatGPT and Claude.ai are currently in the submission phase and will be available in the near future. For immediate access, refer to the Manual configuration section below.
Prerequisites
- A Spectra Intelligence account with the TCA-0050 API permission. Contact ReversingLabs support to request access.
- An MCP client configured to connect to the Spectra Intelligence MCP server.
ChatGPT app
Spectra Intelligence MCP is released as an official ChatGPT app available in the ChatGPT app store.
If you are part of a team or organization on openai.com, you may need to request access to the app from your administrator.
Claude.ai connector
Spectra Intelligence MCP is listed in the Claude MCP server directory. Find it by searching for Spectra Intelligence in the MCP server list.
Example: Claude Code (CLI)
While logged into your Anthropic account, prompt Claude to "List available MCP servers". That should show the Spectra Intelligence connector as one of the available options.
Once you have confirmed that the server is available, you can use the /mcp command to select it in the list, which initializes the authorization flow.
Manual configuration and other MCP clients
If your MCP client does not have an official connector, you can configure the MCP server manually.
Configuration parameters
- MCP server URL (no trailing slash):
https://mcp.reversinglabs.com/mcp - OpenID client ID:
ai-assistant - OpenID client secret: not required, leave empty
- OAuth scope (if explicitly requested):
mcp-server-access
Example: Windsurf configuration
Windsurf uses a JSON file to configure MCP servers. To locate the configuration file, follow the official Windsurf instructions.
Paste the following section into the configuration file:
{
"mcpServers": {
"spectra-intelligence": {
"disabled": false,
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://mcp.reversinglabs.com/mcp",
"--static-oauth-client-info",
"{ \"client_id\": \"ai-assistant\" }"
]
}
}
}
Example: MCP Inspector
If you encounter any issues with the MCP server, use the MCP Inspector to debug the connection.
npx \
@modelcontextprotocol/inspector \
npx mcp-remote@latest \
https://mcp.reversinglabs.com/mcp \
--static-oauth-client-info \
'{\"client_id\":\"ai-assistant\"}'
Available tools
Once connected, AI assistants can invoke the following tools to query Spectra Intelligence. Each entry lists the tool's parameters and an example request.
get_file_reputation
Return file reputation with full analysis and generated LLM prompt.
Parameters:
hash: MD5, SHA1, or SHA256 hash of a sample.
Example:
{
"hash": "d41d8cd98f00b204e9800998ecf8427e"
}
bulk_file_reputation
Analyze multiple file hashes with batch processing.
Parameters:
hashes: List of MD5, SHA1, or SHA256 sample hashes to analyze.batch_size: Positive integer for hashes per API call (max 25).
Example:
{
"hashes": [
"d41d8cd98f00b204e9800998ecf8427e",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"batch_size": 25
}
get_network_reputation
Evaluate a network indicator (domain, IP, or full URL) and return reputation results including GeoIP, business context, and an automated verdict with a risk score.
Parameters:
indicator: IP address, domain, or URL to analyze.
Example:
{
"indicator": "example.com"
}
advanced_search
Search ReversingLabs malware intelligence (Threat Hunting Engine) using a query string. For more details, see Advanced search (TCA-0320).
Parameters:
query: Search query string withfield:valuesyntax.limit: Maximum results per page (1-500, default: 100).page: Page number for pagination (default: 1).time_range: Limit search to specific time range, for example, 7days, 6months, 1year, 2years, 3years (default: 7days).sort_by: Sort results by field, for example, sha1, firstseen, threatname (default: None).sort_order: Sort order, for example, asc or desc (default: desc).
Example:
{
"query": "classification:malicious sampletype:PE",
"limit": 100,
"page": 1,
"time_range": "7days",
"sort_by": "firstseen",
"sort_order": "desc"
}
enhanced_threat_analysis
Comprehensive threat intelligence with AI-powered insights, combining multiple analysis engines for comprehensive threat assessment.
Parameters:
hash: File hash for analysis.context: Optional context about the sample origin.skip_campaign_analysis: Skip campaign attribution analysis (boolean).
Example:
{
"hash": "d41d8cd98f00b204e9800998ecf8427e",
"context": "Suspicious email attachment",
"skip_campaign_analysis": false
}