Search and audit NIST vulnerability data using keywords and risk filters.
This MCP tool appears to query and audit NIST NVD vulnerability data. Based on the materials, it is listed in an official registry, open source, and recently maintained, with no clear high-risk red flags; however, it does require an API key and local execution, so it should be used with standard least-privilege precautions.
It requires NVD_API_KEY, which is a sensitive credential for accessing the NVD service; if leaked, it could enable quota abuse or expose account usage patterns. NVD_REQUEST_TIMEOUT_MS and MCP_LOG_LEVEL are configuration values rather than highly sensitive secrets.
Its stated purpose is to search and audit NIST NVD/CISA KEV-related vulnerability data, so outbound network requests are expected by function; however, the specific hosts are not listed in the provided materials. There is no evidence here that it sends user data to unrelated or unknown endpoints.
The system flags it as executes-code, meaning the MCP tool runs code/processes locally; this is a normal property of MCP tools. The materials do not show it requesting system privileges beyond what its vulnerability-query use case would normally require.
Based on the provided materials, data access likely centers on handling query inputs, returning vulnerability results, and reading environment-variable configuration; without a README or permission details, local file read/write scope is not fully transparent. There is currently no evidence of broad data access disproportionate to its stated function.
It comes from an official registry and has an auditable open-source repository with updates within the past year, both of which are positive risk-reducing signals. Although the license is not stated and community stars are low, indicating some transparency/adoption limitations, these do not amount to high-risk red flags.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "io.github.cyanheads/nist-nvd-mcp-server" MCP server from askskill: Run: claude mcp add 'io-github-cyanheads-nist-nvd-mcp-server' -- npx -y @cyanheads/nist-nvd-mcp-server
Search CVEs and CPEs, check software vulnerabilities, and retrieve full security details.
Query unified vulnerability intelligence for triage, audits, and threat monitoring.
Query vulnerability intelligence, risk scores, and attack-surface data for security decisions.
Research cybersecurity issues with CVE lookup, IP geolocation, and hash checks.
Search vulnerability intelligence, assess exploit risk, and check malicious IP reputation.
Query and analyze NIST cybersecurity frameworks and controls for security and compliance.