logo mlab Mlab.sh
v1.7.3
Help Center
Guides & documentation
MCP Integration
Connect AI assistants to mlab
Developer API
REST API reference
Pricing
Plans & quotas
Vuln Search
CVE & vulnerability lookup
Terms · Privacy · Sales
What is it?
Self-hosted IR platform
Pricing
Plans & pricing
Documentation
Get started in minutes
Announcements
Latest releases & updates
What is it?
DORA-compliant TPRM platform
Pricing
Plans & pricing
Documentation
Deploy in minutes
Announcements
Latest releases & updates
MCP Integration

Connect your AI assistant to mlab.sh

mlab.sh exposes a Model Context Protocol (MCP) server that lets Claude and other AI assistants query threat intelligence, run scans, and manage your account directly from a conversation.

Official support: Claude only. This MCP integration has been tested and is officially supported on Claude (claude.ai web and Claude Desktop). Other MCP-compatible clients may work but are neither tested nor guaranteed — use them at your own discretion and expect no dedicated support for third-party clients.

Endpoint & transports

The MCP server is available at a single URL and supports two transports:

Streamable HTTP POST https://mlab.sh/mcp
SSE GET https://mlab.sh/mcp
Authentication: All requests require a Bearer token in the Authorization header. Tokens start with mcp_ and can be created in Account → Settings → MCP Tokens or via OAuth from any compatible AI client (e.g. Claude.ai).

Recommended Claude.ai web connector

Claude.ai supports remote MCP connectors via OAuth 2.0. No token to copy — authorization is handled automatically.

1
Open Claude.ai → Settings → Integrations → Add connector (or the connector icon in the chat input bar).
2
Enter the MCP server URL:
https://mlab.sh/mcp
3
Claude.ai will redirect you to mlab.sh to authorize the connection. Click Authorize — done.

Claude Desktop (local)

Claude Desktop uses a stdio bridge (mcp-remote) to connect to remote HTTP servers. Requires Node.js.

1
Create an MCP token in Account → Settings → MCP Tokens.
2
Open your Claude Desktop config file:
# macOS
~/Library/Application Support/Claude/claude_desktop_config.json

# Windows
%APPDATA%\Claude\claude_desktop_config.json
3
Add the following entry (replace mcp_xxx with your token):
{
  "mcpServers": {
    "mlab": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mlab.sh/mcp",
        "--header",
        "Authorization: Bearer mcp_xxx"
      ]
    }
  }
}
4
Restart Claude Desktop. The mlab tools will appear in the tool picker.

Available tools

Tool Description Parameters
detect_ioc Auto-detect IOC type and enrich IPs with geolocation & reputation value
scan_ip Look up threat intelligence for an IPv4 or IPv6 address ip
start_domain_scan Launch a domain scan (returns cached results instantly if available) domain
get_domain_scan_results Poll scan results — DNS, subdomains, SSL, security.txt, robots.txt domain
get_scan_history Recent scan history, optionally filtered by type type? limit?
get_bookmarks List saved bookmarks (IPs, domains, hashes) limit?
add_bookmark Save an IOC to bookmarks value
remove_bookmark Remove an IOC from bookmarks value
get_scan_limits Remaining daily quotas for IP, domain and file scans
get_account_info Current user, organization and subscription plan

Token management

MCP tokens are personal and scoped to your user account. You can create up to 5 active tokens. Tokens can be revoked at any time from Account → Settings.

Tokens issued via OAuth (e.g. from Claude.ai) are also listed there, labeled OAuth: <client name>.

 Back to Help Center