jumal-mcp

MCP Tool

dyussekeyev/jumal-mcp

AI-powered malware static analysis orchestrator using Model Context Protocol (MCP). Automates file triage, PE analysis, YARA scanning, string extraction, and VirusTotal enrichment through an isolated Docker worker.

Install

$ npx loaditout add dyussekeyev/jumal-mcp

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "jumal-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "jumal-mcp"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

MCP-Jumal — Junior Malware Analyst

An MCP (Model Context Protocol) server for automated basic static malware analysis. It exposes analysis capabilities to LLM clients (e.g. Claude Desktop) while keeping all file processing isolated inside a Docker container.

Architecture

┌─────────────────────────────┐        ┌──────────────────────────────────┐
│        Host Machine         │        │        Docker Container           │
│                             │        │                                  │
│  LLM Client (Claude etc.)   │        │   Analysis Worker (FastAPI)      │
│         │  stdio            │        │                                  │
│         ▼                   │  HTTP  │  POST /api/v1/triage             │
│   bridge/bridge.py  ────────┼───────►│  POST /api/v1/pe-info            │
│   (FastMCP server)          │        │  POST /api/v1/yara               │
│                             │        │  POST /api/v1/strings            │
└─────────────────────────────┘        │                                  │
                                       │  Reads from /samples (read-only) │
                                       │  Reads from /rules   (read-only) │
                                       └──────────────────────────────────┘

Prerequisites

Docker and Docker Compose
Python 3.11+
Claude Desktop or another MCP-compatible client
(Optional) A VirusTotal API key for the check_virustotal tool

Quick Start

1. Clone the repository

git clone https://github.com/dyussekeyev/jumal-mcp.git
cd jumal-mcp

2. Prepare directories

mkdir -p malware_samples yara_rules
# Place malware samples in malware_samples/
# Place YARA rule files (*.yar or *.yara) in yara_rules/

3. Start the analysis worker

docker compose up -d

4. Install bridge d

Reviews

Loading reviews...

Quality Signals

Installs

Last updated28 days ago

Security: AREADME

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/19/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/dyussekeyev/jumal-mcp)](https://loaditout.ai/skills/dyussekeyev/jumal-mcp)

jumal-mcp

MCP Tool

dyussekeyev/jumal-mcp

Install

$ npx loaditout add dyussekeyev/jumal-mcp

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "jumal-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "jumal-mcp"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

MCP-Jumal — Junior Malware Analyst

Architecture

┌─────────────────────────────┐        ┌──────────────────────────────────┐
│        Host Machine         │        │        Docker Container           │
│                             │        │                                  │
│  LLM Client (Claude etc.)   │        │   Analysis Worker (FastAPI)      │
│         │  stdio            │        │                                  │
│         ▼                   │  HTTP  │  POST /api/v1/triage             │
│   bridge/bridge.py  ────────┼───────►│  POST /api/v1/pe-info            │
│   (FastMCP server)          │        │  POST /api/v1/yara               │
│                             │        │  POST /api/v1/strings            │
└─────────────────────────────┘        │                                  │
                                       │  Reads from /samples (read-only) │
                                       │  Reads from /rules   (read-only) │
                                       └──────────────────────────────────┘

Prerequisites

Docker and Docker Compose
Python 3.11+
Claude Desktop or another MCP-compatible client
(Optional) A VirusTotal API key for the check_virustotal tool

Quick Start

1. Clone the repository

git clone https://github.com/dyussekeyev/jumal-mcp.git
cd jumal-mcp

2. Prepare directories

mkdir -p malware_samples yara_rules
# Place malware samples in malware_samples/
# Place YARA rule files (*.yar or *.yara) in yara_rules/

3. Start the analysis worker

docker compose up -d

4. Install bridge d

Reviews

Loading reviews...

Quality Signals

Installs

Last updated28 days ago

Security: AREADME

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/19/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/dyussekeyev/jumal-mcp)](https://loaditout.ai/skills/dyussekeyev/jumal-mcp)

jumal-mcp

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge

jumal-mcp

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge