Summary
Connects Claude to the Huntress cybersecurity platform for managing security operations through MCP. Exposes tools across seven domains: agents, organizations, incidents (with remediations and escalations), billing reports, security signals, and user memberships. Uses decision tree navigation starting with huntress_navigate to load domain specific tools on demand. Supports full CRUD operations for organizations and memberships, incident resolution workflows, and signal monitoring. Ships as an MCPB bundle for one click setup in Claude Desktop, or runs containerized via Docker with HTTP transport. Built with rate limiting to respect the 60 requests per minute API constraint.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Huntress MCP Server
A Model Context Protocol (MCP) server that provides AI assistants with structured access to Huntress cybersecurity platform data and operations.
Note: This project is maintained by Wyre Technology.
Quick Start
Claude Desktop — download, open, done:
- Download
huntress-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Huntress credentials when prompted (API Key, API Secret)
No terminal, no JSON editing, no Node.js install required.
Claude Code (CLI):
claude mcp add huntress-mcp \
-e HUNTRESS_API_KEY=your-api-key \
-e HUNTRESS_API_SECRET=your-api-secret \
-- npx -y github:wyre-technology/huntress-mcp
See Installation for Docker and from-source methods.
Features
- 🔌 MCP Protocol Compliance: Full support for MCP resources and tools
- 🛡️ Comprehensive Security Coverage: Tools spanning agents, organizations, incidents, escalations, billing, signals, and users
- 🔍 Decision-Tree Navigation: Start with
huntress_navigateto explore domains, then dynamically load domain-specific tools - 📝 CRUD Operations: Create, read, update, delete operations for organizations, memberships, incidents, and more
- 🔒 Secure Authentication: HTTP Basic Auth with Huntress API credentials
- 🌐 Dual Transport: Supports both stdio (local) and HTTP Streamable (remote/Docker) transports
- 📦 MCPB Packaging: One-click installation via MCP Bundle for desktop clients
- 🐳 Docker Ready: Containerized deployment with HTTP transport and health checks
- ⚡ Rate Limiting: Built-in rate limiter respects Huntress API limits (60 req/min)
- 📊 Structured Logging: Comprehensive logging with configurable levels
Table of Contents
Installation
Option 1: MCPB Bundle (Claude Desktop)
The simplest method — no terminal, no JSON editing, no Node.js install required.
- Download
huntress-mcp.mcpbfrom the latest release - Open the file (double-click or drag into Claude Desktop)
- Enter your Huntress credentials when prompted (API Key, API Secret)
For Claude Code (CLI), one command:
claude mcp add huntress-mcp \
-e HUNTRESS_API_KEY=your-api-key \
-e HUNTRESS_API_SECRET=your-api-secret \
-- npx -y github:wyre-technology/huntress-mcp
Option 2: Docker
docker compose up
Or pull the pre-built image:
docker run -d \
-e HUNTRESS_API_KEY=your-key \
-e HUNTRESS_API_SECRET=your-secret \
-p 8080:8080 \
ghcr.io/wyre-technology/huntress-mcp:latest
Option 3: From Source
git clone https://github.com/wyre-technology/huntress-mcp.git
cd huntress-mcp
npm ci
npm run build
Configuration
| Variable | Description | Default |
|---|---|---|
HUNTRESS_API_KEY | API public key | — |
HUNTRESS_API_SECRET | API secret key | — |
MCP_TRANSPORT | Transport mode (stdio or http) | stdio |
MCP_HTTP_PORT | HTTP server port | 8080 |
AUTH_MODE | Auth mode (env or gateway) | env |
LOG_LEVEL | Log level (debug, info, warn, error) | info |
Domains
The server uses decision-tree navigation. Start with huntress_navigate to pick a domain:
| Domain | Tools |
|---|---|
| accounts | Get account info, get current actor |
| agents | List agents, get agent by ID |
| organizations | List, get, create, update, delete organizations |
| incidents | Incident reports (list/get/resolve), remediations (list/get/approve/reject), escalations (list/get/resolve) |
| billing | Billing reports, summary reports |
| signals | List/get security signals |
| users | Membership CRUD (list/get/create/update/delete) |
Docker Deployment
See docker-compose.yml for full configuration. Copy .env.example to .env and fill in your credentials:
cp .env.example .env
# Edit .env with your Huntress API credentials
docker compose up -d
Development
npm ci
npm run build # Build the project
npm run dev # Watch mode
npm run test # Run tests
npm run lint # Type-check
npm run clean # Remove dist/
Testing
npm test # Run test suite
npm run test:watch # Watch mode
Contributing
See CONTRIBUTING.md for guidelines.
License
Apache 2.0 — Copyright WYRE Technology
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
HUNTRESS_API_KEY*secretHuntress API key (public identifier portion of the API credential)
HUNTRESS_API_SECRET*secretHuntress API secret
MCP_TRANSPORTdefault: stdioTransport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.
AUTH_MODEdefault: envCredential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.
LOG_LEVELdefault: infoLog verbosity: debug, info, warn, error
Registryactive
Packageghcr.io/wyre-technology/huntress-mcp:v1.2.7
TransportSTDIO
AuthRequired
UpdatedMay 22, 2026