Configuring MCP server with AI assistants
This page covers Spectra Intelligence MCP integration. For Spectra Analyze MCP configuration, see Configuring MCP Server with AI assistants in the Spectra Analyze documentation.
Overview
The MCP (Model Context Protocol) server enables AI assistants to connect to Spectra Intelligence APIs for malware reporting, IOC triage, and reputation lookups. The following steps describe how to configure the MCP server integration with Claude Code or other MCP-compatible AI assistants.
Official marketplace integrations for Claude.ai are currently in the submission phase and will be available in the near future. For immediate access, refer to the Manual configuration section below.
Prerequisites
- A Spectra Intelligence account with the TCA-0050 API permission. Contact ReversingLabs support to request access.
- An MCP client.
Manual configuration and other MCP clients
If your MCP client does not have an official connector, you can configure the MCP server manually.
Configuration parameters
- MCP server URL (no trailing slash):
https://mcp.reversinglabs.com/mcp - OpenID client ID:
ai-assistant - OpenID client secret: not required, leave empty
- OAuth scope (if explicitly requested):
mcp-server-access
Example: Claude Code (CLI)
- Add the Spectra Intelligence MCP to a list of MCP servers
claude mcp add --client-id ai-assistant -t http spectra-intelligence https://mcp.reversinglabs.com/mcp
- Start claude code
- Use the
/mcpcommand to connect to the configuredspectra-intelligenceMCP server - Authenticate as required by the OAuth flow
- Once completed you can use the tools exposed by the server via Claude Code
Example: Claude Desktop
- Open Claude Desktop settings
- Navigate to the
Developertab in the left sidebar - Click
Edit Config, this opens the configuration json file - Copy the
spectra-intelligenceobject into themcpServerssection of your configuration
{
"mcpServers": {
"spectra-intelligence": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://mcp.reversinglabs.com/mcp",
"--static-oauth-client-info",
"{ \"client_id\": \"ai-assistant\" }"
]
}
}
}
Available tools
Once connected, AI assistants can invoke the following tools to query Spectra Intelligence. Each entry lists the tool's parameters and an example request.
get_file_reputation
Return file reputation with full analysis and generated LLM prompt.
Parameters:
hash: MD5, SHA1, or SHA256 hash of a sample.
Example:
{
"hash": "d41d8cd98f00b204e9800998ecf8427e"
}
bulk_file_reputation
Analyze multiple file hashes with batch processing.
Parameters:
hashes: List of MD5, SHA1, or SHA256 sample hashes to analyze.batch_size: Positive integer for hashes per API call (max 25).
Example:
{
"hashes": [
"d41d8cd98f00b204e9800998ecf8427e",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"batch_size": 25
}
get_network_reputation
Evaluate a network indicator (domain, IP, or full URL) and return reputation results including GeoIP, business context, and an automated verdict with a risk score.
Parameters:
indicator: IP address, domain, or URL to analyze.
Example:
{
"indicator": "example.com"
}
advanced_search
Search ReversingLabs malware intelligence (Threat Hunting Engine) using a query string. For more details, see Advanced search (TCA-0320).
Parameters:
query: Search query string withfield:valuesyntax.limit: Maximum results per page (1-500, default: 100).page: Page number for pagination (default: 1).time_range: Limit search to specific time range, for example, 7days, 6months, 1year, 2years, 3years (default: 7days).sort_by: Sort results by field, for example, sha1, firstseen, threatname (default: None).sort_order: Sort order, for example, asc or desc (default: desc).
Example:
{
"query": "classification:malicious sampletype:PE",
"limit": 100,
"page": 1,
"time_range": "7days",
"sort_by": "firstseen",
"sort_order": "desc"
}
enhanced_threat_analysis
Comprehensive threat intelligence with AI-powered insights, combining multiple analysis engines for comprehensive threat assessment.
Parameters:
hash: File hash for analysis.context: Optional context about the sample origin.skip_campaign_analysis: Skip campaign attribution analysis (boolean).
Example:
{
"hash": "d41d8cd98f00b204e9800998ecf8427e",
"context": "Suspicious email attachment",
"skip_campaign_analysis": false
}