Ironscales

authSTDIOregistry active

Summary

Connects Claude to Ironscales email security for phishing investigation and incident response. You get five main domains: allowlist management for controlling email filtering, email investigation and classification tools, incident triage and management, remediation actions including quarantine operations, and security statistics. Requires an Ironscales API key and company ID. If you're running an MSP shop and need to let Claude help with phishing ticket triage, email threat hunting, or bulk remediation decisions, this bridges the gap. Part of Wyre Technology's broader MSP tooling ecosystem. Works via stdio or HTTP transport, ships as an npm package or Docker container.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Ironscales MCP Server

A Model Context Protocol (MCP) server for Ironscales email security. Enables AI assistants to investigate phishing incidents, manage email classification, execute remediations, and view security statistics.

This is a Model Context Protocol (MCP) server that connects Claude (or any MCP-compatible AI) to your Ironscales environment.

Part of the MSP Claude Plugins ecosystem — a growing suite of AI integrations for the MSP stack. Built by MSPs, for MSPs.

Installation

npm install @wyre-technology/ironscales-mcp

Configuration

Set the following environment variables:

Variable	Required	Description
`IRONSCALES_API_KEY`	Yes	Your Ironscales API key
`IRONSCALES_COMPANY_ID`	Yes	Your Ironscales company ID
`MCP_TRANSPORT`	No	Transport mode: stdio (default) or http

Usage

Running with Claude Desktop

Add to your Claude Desktop claude_desktop_config.json:

{
  "mcpServers": {
    "ironscales-mcp": {
      "command": "npx",
      "args": ["@wyre-technology/ironscales-mcp"],
      "env": {
        "IRONSCALES_API_KEY": "your-ironscales-api-key"
        "IRONSCALES_COMPANY_ID": "your-ironscales-company-id"
      }
    }
  }
}

Running with Claude Code (CLI)

claude mcp add ironscales-mcp \
  -e IRONSCALES_API_KEY=your-value \
  -e IRONSCALES_COMPANY_ID=your-value \
  -- npx -y @wyre-technology/ironscales-mcp

Docker

docker build -t ironscales-mcp .
docker run \
  -e IRONSCALES_API_KEY=your-value \
  -e IRONSCALES_COMPANY_ID=your-value \
  -p 8080:8080 ironscales-mcp

Available Domains

Allowlist

Manage email allowlists and blocklists

Email

Email investigation and classification

Incidents

Phishing incident management and triage

Remediation

Execute email remediations and quarantine

Stats

Security statistics and reporting

Development

# Clone the repository
git clone https://github.com/wyre-technology/ironscales-mcp.git
cd ironscales-mcp

# Install dependencies
npm install

# Build
npm run build

# Run tests
npm test

Contributing

Contributions are welcome! Please see CONTRIBUTING.md if present, or open an issue to discuss changes.

License

Licensed under the Apache License, Version 2.0. See LICENSE for details.

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Configuration

IRONSCALES_API_KEY*secret

Ironscales API key

IRONSCALES_COMPANY_ID*

Ironscales company (tenant) identifier

MCP_TRANSPORTdefault: stdio

Transport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.

AUTH_MODEdefault: env

Credential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.

LOG_LEVELdefault: info

Log verbosity: debug, info, warn, error

Categories

Monitoring & Observability Data & Analytics

Registryactive

Packageghcr.io/wyre-technology/ironscales-mcp:v1.1.4

TransportSTDIO

AuthRequired

UpdatedMay 22, 2026

View on GitHub

Ironscales MCP Server

This is a Model Context Protocol (MCP) server that connects Claude (or any MCP-compatible AI) to your Ironscales environment.

Part of the MSP Claude Plugins ecosystem — a growing suite of AI integrations for the MSP stack. Built by MSPs, for MSPs.

Variable

Required

Description

IRONSCALES_API_KEY

Yes

Your Ironscales API key

IRONSCALES_COMPANY_ID

Yes

Your Ironscales company ID

MCP_TRANSPORT

Transport mode: stdio (default) or http

Usage

Running with Claude Desktop

Add to your Claude Desktop claude_desktop_config.json:

{ "mcpServers": { "ironscales-mcp": { "command": "npx", "args": ["@wyre-technology/ironscales-mcp"], "env": { "IRONSCALES_API_KEY": "your-ironscales-api-key" "IRONSCALES_COMPANY_ID": "your-ironscales-company-id" } } } }

Running with Claude Code (CLI)

claude mcp add ironscales-mcp \ -e IRONSCALES_API_KEY=your-value \ -e IRONSCALES_COMPANY_ID=your-value \ -- npx -y @wyre-technology/ironscales-mcp

Docker

docker build -t ironscales-mcp . docker run \ -e IRONSCALES_API_KEY=your-value \ -e IRONSCALES_COMPANY_ID=your-value \ -p 8080:8080 ironscales-mcp

Configuration

IRONSCALES_API_KEY*secret

Ironscales API key

IRONSCALES_COMPANY_ID*

Ironscales company (tenant) identifier

MCP_TRANSPORTdefault: stdio

Transport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.

AUTH_MODEdefault: env

Credential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.

LOG_LEVELdefault: info

Log verbosity: debug, info, warn, error

Ironscales

Ironscales MCP Server

Installation

Configuration

Usage

Running with Claude Desktop

Running with Claude Code (CLI)

Docker

Available Domains

Allowlist

Email

Incidents

Remediation

Stats

Development

Contributing

License

Configuration

Ironscales

Ironscales MCP Server

Installation

Configuration

Usage

Running with Claude Desktop

Running with Claude Code (CLI)

Docker

Available Domains

Allowlist

Email

Incidents

Remediation

Stats

Development

Contributing

License

Configuration

Related Monitoring & Observability MCP Servers

Related Monitoring & Observability MCP Servers