开源MCP工具
经 AI Skill Hub 精选评估,开源MCP工具 获评「推荐使用」。这款MCP工具在功能完整性、社区活跃度和易用性方面表现出色,AI 评分 7.5 分,适合有一定技术背景的用户使用。
📚 深度解析
通过安装 开源MCP工具,你的 AI 助手将获得额外的工具调用能力,可以用自然语言直接操控该工具的功能,无需学习复杂的命令行语法。MCP 工具的核心价值在于"一次配置,永久增强"——配置完成后,每次与 AI 对话时都可以无缝调用这些工具。
在技术实现上,MCP 工具通过标准的 JSON-RPC 协议与 AI 客户端通信,工具的功能以"工具列表"的形式暴露给 AI 模型,AI 可以按需调用。开源MCP工具 提供了结构化的工具调用接口,使 AI 模型能够精确地理解和使用每个功能点,显著降低 AI 在工具使用上的错误率。
与传统的 API 集成相比,MCP 工具的优势在于无需编写代码——用户只需在配置文件中添加几行 JSON,即可让 AI 获得全新能力。AI Skill Hub 将 开源MCP工具 评为 AI 评分 7.5 分,属于同类工具中的优质选择。
📋 工具概览
开源MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
📖 中文文档
开源MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
- 通过标准 MCP 协议与 Claude、Cursor 等主流 AI 客户端深度集成
- 提供结构化工具调用接口,显著降低 AI 集成复杂度
- 支持 Claude Desktop 和 Claude Code 无缝接入,开箱即用
- 可与其他 MCP 工具组合叠加,构建完整 AI 工作站
- 轻量无侵入设计,不影响现有系统架构
- 在 Claude Desktop 对话中直接调用本地工具,实现 AI 与系统的深度联动
- 通过自然语言驱动复杂的多步骤自动化任务,代替繁琐手动操作
- 将多个 MCP 工具组合使用,构建个人专属 AI 工作站
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/soctalk/soctalk
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"--mcp--": {
"command": "npx",
"args": ["-y", "soctalk"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
- 确认已安装 Node.js(v18 或以上版本)
- 打开 Claude Desktop 或 Claude Code 的 MCP 配置文件
- 按「交给 Agent 安装 → Claude Desktop」标签中的 JSON 配置填入 mcpServers 字段
- 保存配置文件并重启 Claude 客户端
- 重启后,在对话中即可使用本工具
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 开源MCP工具 执行以下任务... Claude: [自动调用 开源MCP工具 MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"__mcp__": {
"command": "npx",
"args": ["-y", "soctalk"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
SocTalk
LLM-powered SOC agent that autonomously triages, investigates, and escalates security alerts.
Integrates with Wazuh SIEM, Cortex, TheHive, and MISP via MCP servers, plus a real-time dashboard.
SocTalk runs as a single-host SOC tool or as a multi-tenant platform for MSPs and MSSPs.
The single-host path uses Docker Compose. One SocTalk instance, one Wazuh, one dashboard. Setup is under "Quick Start: Single-tenant Compose" below.
The multi-tenant platform is the MSSP-facing shape of SocTalk. A shared control plane holds tenant-scoped state in Postgres and provisions per-tenant SOC stacks in their own Kubernetes namespaces. Design and install guides live in docs/multi-tenant/; "Multi-tenant deployment" below summarizes the shape.
Features
- Supervisor + specialized workers for routing/enrichment across Wazuh, Cortex, MISP, TheHive
- Two-tier LLM (fast router + reasoning verdict) with Anthropic or OpenAI-compatible providers
- Continuous Wazuh polling with correlation and prioritization
- Human-in-the-loop approvals (dashboard/Slack/CLI)
- Event sourcing + CQRS for auditability and replay
- Real-time dashboard (SvelteKit + SSE)
- Configurable integrations via Settings UI (secrets remain env-only)
Multi-tenant deployment
Multi-tenant SocTalk is an MSSP-deployed control plane. It provisions and operates dedicated OSS SOC stacks per customer tenant on k3s or k8s. Tenant state lives in Postgres under Row-Level Security. Each tenant's SOC stack runs in its own Kubernetes namespace, with its own LLM credentials and branding.
Two charts ship. soctalk-system is the control plane. soctalk-tenant is the per-customer SOC stack the controller renders and applies.
Full design and operations material lives in docs/multi-tenant/, including the security model, chart audit, RLS hygiene, ingress, sizing, and the install, runbook, and upgrade guides.
Docker Compose
cp .env.example .env
docker compose up -d --build postgres api frontendOpen: - Dashboard: http://localhost:5173 - API (OpenAPI): http://localhost:8000/docs - Health: http://localhost:8000/health
Start the orchestrator (for end-to-end flow):
docker compose up -d --build orchestrator
docker compose logs -f orchestratorThe orchestrator image bundles MCP server binaries at /opt/mcp-servers/*.
Quick Start: Single-tenant Compose
The single-host path. Use it for evaluation, lab work, or running SocTalk as the SOC tool for a single team.
run specific techniques (examples)
docker compose exec linux-ep /opt/scripts/run-attack.sh T1110.001 # brute-force auth log spam docker compose exec linux-ep /opt/scripts/run-attack.sh T1059.SHELL # reverse-shell command traces docker compose exec linux-ep /opt/scripts/run-attack.sh MALWARE # ransomware-like artifacts ```
How it triggers suspicious actions: - Writes attack traces to syslog/auth logs (e.g., failed SSH logins, reverse-shell commands). - Creates or modifies temporary artifacts under /tmp/attack-artifacts to trip FIM rules. - Periodic/random technique execution keeps alert volume flowing (configurable via env/cron in the container).
Use only in a lab: the container runs privileged and intentionally generates noisy behavior.
Usage Examples
```bash
Configuration
Copy .env.example to .env and set what you need.
LLM provider (mutually exclusive) - SOCTALK_LLM_PROVIDER=anthropic + ANTHROPIC_API_KEY - SOCTALK_LLM_PROVIDER=openai + OPENAI_API_KEY (OpenAI-compatible) - Optional: ANTHROPIC_BASE_URL, OPENAI_BASE_URL/OPENAI_API_BASE, OPENAI_ORGANIZATION - Models/params: SOCTALK_FAST_MODEL, SOCTALK_REASONING_MODEL, SOCTALK_LLM_TEMPERATURE, SOCTALK_LLM_MAX_TOKENS
Integrations (MCP) - Toggles: WAZUH_ENABLED, CORTEX_ENABLED, THEHIVE_ENABLED, MISP_ENABLED - URLs/non-secrets (UI-editable): WAZUH_URL, CORTEX_URL/CORTEX_ENDPOINT, THEHIVE_URL, THEHIVE_ORGANISATION, MISP_URL, *_VERIFY_SSL - Secrets (env-only): WAZUH_API_USER/WAZUH_API_PASSWORD, CORTEX_API_KEY, THEHIVE_API_KEY/THEHIVE_API_TOKEN, MISP_API_KEY
Notifications - SLACK_ENABLED, SLACK_CHANNEL, SLACK_NOTIFY_ON_ESCALATION, SLACK_NOTIFY_ON_VERDICT - Secret (env-only): SLACK_WEBHOOK_URL
MCP server binaries
The orchestrator requires MCP server binaries to communicate with external tools.
Docker (automatic)
The orchestrator image downloads pre-built binaries from GitHub releases at build time and installs them to /opt/mcp-servers/*.
Local development
Build from source or download binaries manually, then set paths in .env.
Build from source (requires Rust):
git clone https://github.com/gbrigandi/mcp-server-wazuh && cd mcp-server-wazuh && cargo build --releaseSet paths to your builds:
WAZUH_MCP_SERVER_PATH=../mcp-server-wazuh/target/release/mcp-server-wazuh
CORTEX_MCP_SERVER_PATH=../mcp-server-cortex/target/release/mcp-server-cortex
THEHIVE_MCP_SERVER_PATH=../mcp-server-thehive/target/release/mcp-server-thehive
MISP_MCP_SERVER_PATH=../mcp-server-misp/target/release/mcp-server-mispAlternatively, set MCP_SERVERS_BASE_PATH to a directory containing all four binaries.
Polling + thresholds - SOCTALK_POLLING_INTERVAL, SOCTALK_MAX_ALERTS_PER_POLL, SOCTALK_BATCH_SIZE, SOCTALK_CORRELATION_WINDOW - SOCTALK_AUTO_CLOSE_THRESHOLD, SOCTALK_ESCALATION_THRESHOLD, SOCTALK_CRITICAL_SEVERITY
Database / persistence - Enable: SOCTALK_DB_ENABLED=true - URL: SOCTALK_DATABASE_URL - Run migrations: alembic upgrade head
Settings UI - Non-secret prefs stored in DB and override env defaults (see Preferences below). - SETTINGS_READONLY=true disables edits/resets (recommended for production).
Auth (optional) - AUTH_MODE=none|static|proxy - Static users: AUTH_USERS (pbkdf2_sha256 recommended) - Session: AUTH_SESSION_SECRET, AUTH_SESSION_TTL_SECONDS, AUTH_COOKIE_SECURE
Logging - SOCTALK_LOG_LEVEL, SOCTALK_LOG_FORMAT, RUST_LOG (for MCP servers)
Preferences (Settings UI)
The dashboard Settings page shows where a value comes from (Env vs Override) and lets you edit non-secret preferences. Secrets stay in the environment. Changes apply when the orchestrator restarts and reloads settings.
LLM - llm_provider: anthropic or openai (requires matching env API key; keys are mutually exclusive). - llm_fast_model, llm_reasoning_model, llm_temperature (0–2), llm_max_tokens. - llm_anthropic_base_url (optional), llm_openai_base_url (optional), llm_openai_organization (optional).
Wazuh - wazuh_enabled, wazuh_url, wazuh_verify_ssl (env-only secrets for credentials).
Cortex - cortex_enabled, cortex_url, cortex_verify_ssl (env-only CORTEX_API_KEY).
TheHive - thehive_enabled, thehive_url, thehive_organisation, thehive_verify_ssl (env-only API key/token).
MISP - misp_enabled, misp_url, misp_verify_ssl (env-only API key).
Slack - slack_enabled, slack_channel, slack_notify_on_escalation, slack_notify_on_verdict (env-only webhook URL).
Run with a specific env file
soctalk --config .env
API quick checks:
高质量的MCP工具,集成多种安全技术
- 需要让 Claude / Cursor 操作本地工具的 AI 工程师
- 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
- Python 依赖冲突:建议用 venv / uv 隔离环境
- 云端托管:可放在 Vercel / Railway / Fly.io 等 PaaS 平台
⚡ 核心功能
- 通过标准 MCP 协议与 Claude、Cursor 等主流 AI 客户端深度集成
- 提供结构化工具调用接口,显著降低 AI 集成复杂度
- 支持 Claude Desktop 和 Claude Code 无缝接入,开箱即用
- 可与其他 MCP 工具组合叠加,构建完整 AI 工作站
- 轻量无侵入设计,不影响现有系统架构
- 需要让 Claude / Cursor 操作本地工具的 AI 工程师
- 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
- Python 依赖冲突:建议用 venv / uv 隔离环境
👥 适合人群
🎯 使用场景
- 在 Claude Desktop 对话中直接调用本地工具,实现 AI 与系统的深度联动
- 通过自然语言驱动复杂的多步骤自动化任务,代替繁琐手动操作
- 将多个 MCP 工具组合使用,构建个人专属 AI 工作站
⚖️ 优点与不足
- +Apache-2.0 协议,可免费商用
- +标准化 MCP 协议,生态互联性强
- +与 Claude 官方生态无缝对接
- +即插即用,配置简单快捷
- −依赖 Claude 客户端,非 Claude 用户无法使用
- −MCP 协议仍在持续演进,接口可能变更
- −需要一定的配置步骤
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ Apache 2.0 — 宽松开源协议,可商用,需保留版权声明和 NOTICE 文件,含专利授权条款。
❓ 常见问题 FAQ
AI Skill Hub 点评:开源MCP工具 的核心功能完整,质量良好。对于Claude Desktop / Claude Code 用户来说,这是一个值得纳入个人工具库的选择。建议先在非生产环境试用,再逐步推广。
| 原始名称 | soctalk |
| 原始描述 | 开源MCP工具:AI-powered SOC automation agent using LangGraph with Wazuh, Cortex, TheHive & MI。⭐42 · Python |
| Topics | AIMCPPython |
| GitHub | https://github.com/soctalk/soctalk |
| License | Apache-2.0 |
| 语言 | Python |
收录时间:2026-05-28 · 更新时间:2026-05-30 · License:Apache-2.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。