context1337
mcp
Warn
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Pass
- Code scan — Scanned 6 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool is an MCP server that transforms the "AboutSecurity" repository into a searchable API. It allows AI assistants to query security payloads, exploitation skills, and tools using natural language.
Security Assessment
Risk: Low
The automated code scan reviewed 6 files and found no dangerous patterns, hardcoded secrets, or excessive permission requests. The tool requires you to manually clone an external GitHub repository and run a build script, which is standard behavior but always warrants a quick manual review of the build scripts before execution. During operation, it runs a local web server. The server exposes an API key environment variable (`ABOUTSECURITY_API_KEY`) for authentication, which is a secure and standard practice. No obvious malicious network activity or unauthorized shell execution was detected.
Quality Assessment
The project is very new and has low community visibility, currently sitting at only 5 GitHub stars. However, it is under active development, with the most recent code push happening today. A major drawback is the absence of a license file, meaning the legal terms of use and distribution are undefined, which could be an issue for enterprise integration. Still, the documentation is excellent and provides clear, comprehensive instructions for various platforms.
Verdict
Safe to use, but review the build scripts manually first and be aware of the missing software license.
This tool is an MCP server that transforms the "AboutSecurity" repository into a searchable API. It allows AI assistants to query security payloads, exploitation skills, and tools using natural language.
Security Assessment
Risk: Low
The automated code scan reviewed 6 files and found no dangerous patterns, hardcoded secrets, or excessive permission requests. The tool requires you to manually clone an external GitHub repository and run a build script, which is standard behavior but always warrants a quick manual review of the build scripts before execution. During operation, it runs a local web server. The server exposes an API key environment variable (`ABOUTSECURITY_API_KEY`) for authentication, which is a secure and standard practice. No obvious malicious network activity or unauthorized shell execution was detected.
Quality Assessment
The project is very new and has low community visibility, currently sitting at only 5 GitHub stars. However, it is under active development, with the most recent code push happening today. A major drawback is the absence of a license file, meaning the legal terms of use and distribution are undefined, which could be an issue for enterprise integration. Still, the documentation is excellent and provides clear, comprehensive instructions for various platforms.
Verdict
Safe to use, but review the build scripts manually first and be aware of the missing software license.
aboutSecurity project skill finder / dict finder / exp finder, auto suggest and team knowledge base.
README.md
中文文档 | English
context1337 — AboutSecurity MCP Server
Standalone MCP resource service that turns AboutSecurity from a file repo into a consumable API. Like context7, but for security.
Quick Start
Docker (recommended)
# Default: clones AboutSecurity from GitHub automatically
make docker
# Use local AboutSecurity repo (skip git clone, faster rebuild)
make docker-local
# or specify path:
make docker-local ABOUTSECURITY_LOCAL=../AboutSecurity
# Pin to a specific branch/tag
make docker-ref ABOUTSECURITY_REF=dev
docker run -p 8088:8088 -e ABOUTSECURITY_API_KEY=your-key context1337:latest
Local Development (recommended for first-time users)
Only requires Go 1.25+ (gotip) and Python 3 installed on your machine.
git clone https://github.com/wgpsec/context1337.git
cd context1337
# One command does everything:
# 1. Clones AboutSecurity repo (if not already present)
# 2. Installs Python dependencies (jieba, pyyaml)
# 3. Builds FTS5 search index (builtin.db)
# 4. Compiles Go binary
# 5. Symlinks data directories
# 6. Starts the server
make run
# Build & run (requires data/ populated with builtin.db or AboutSecurity content)
make build
./absec serve --port 8088 --data-dir ./data # default: --tool-mode lite
The server will be available at http://localhost:8088.
MCP Client Configuration
Claude Code (CLI)
# Add as user-level MCP server (available in all projects)
claude mcp add aboutsecurity --transport http --scope user http://localhost:8088/mcp
# Or project-level only (run from within your project directory)
claude mcp add aboutsecurity --transport http http://localhost:8088/mcp
If you set ABOUTSECURITY_API_KEY on the server, add the auth header:
claude mcp add aboutsecurity --transport http --header "Authorization: Bearer your-api-key" --scope user http://localhost:8088/mcp
After adding, restart Claude Code and run /mcp to verify the connection shows connected.
Claude Desktop
Edit your Claude Desktop config file (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"aboutsecurity": {
"url": "http://localhost:8088/mcp",
"headers": {
"Authorization": "Bearer your-api-key"
}
}
}
}
Cursor
{
"mcpServers": {
"aboutsecurity": {
"serverUrl": "http://localhost:8088/mcp"
}
}
}
Usage Examples
Once connected, just ask your AI assistant naturally:
Search across all types
- "Search for SQL injection resources" →
search_security(query="SQL injection")finds skills, payloads, and tools - "What XSS payloads are available?" →
search_security(query="XSS", type="payload") - "List all scanning tools" →
search_security(type="tool", category="scan") - "Show me all exploit skills" →
search_security(type="skill", category="exploit")
Get detailed knowledge
- "Explain the SQL injection skill in detail" →
get_security_detail(name="sql-injection", type="skill", depth="full")includes references - "Show me the nmap tool configuration" →
get_security_detail(name="nmap", type="tool")returns YAML config
Read data files
- "Show the top 100 passwords dictionary" →
read_security_file(path="Auth/password/Top100.txt", type="dict") - "Get XSS event handler payloads" →
read_security_file(path="XSS/events.txt", type="payload")
Search vulnerabilities
- "Find critical Apache vulnerabilities" →
search_security(query="Apache", type="vuln", severity="CRITICAL") - "List all middleware vulnerabilities" →
search_security(type="vuln", category="middleware") - "Get the Log4j RCE vulnerability details" →
get_security_detail(name="CVE-2021-44228", type="vuln", depth="full")
The AI will automatically call the right MCP tools to find relevant security knowledge.
Available MCP Tools
Default mode is lite (3 tools). Use --tool-mode full for 15 per-type tools. If the AI model fails to invoke tools proactively, switch to full mode — the 15 fine-grained, domain-specific tools improve trigger rates.
Lite mode (default, 3 tools)
| Tool | Description |
|---|---|
search_security |
Search or list all resource types (skill, dict, payload, tool). To search vulnerabilities, specify type="vuln" explicitly (excluded from default search). Vuln supports severity and product filters. |
get_security_detail |
Get full detail for a skill (with depth control + references), tool (YAML config), or vulnerability (brief/full with PoC) |
read_security_file |
Read dictionary or payload file content with line-level pagination |
Full mode (15 tools)
| Tool | Description |
|---|---|
search_skill |
Search penetration testing skills by keyword |
search_dicts |
Search password dictionaries by keyword |
search_payload |
Search attack payloads by keyword |
search_tools |
Search security tool configs by keyword |
search_vuln |
Search vulnerability database by keyword with severity and product filters |
list_skills |
Browse all skills |
list_dicts |
Browse all dictionaries |
list_payloads |
Browse all payloads |
list_tools |
Browse all tools |
list_vulns |
List vulnerabilities with pagination (default 50), category/severity/product filters |
get_skill |
Get skill detail (with depth + references) |
get_tool |
Get tool YAML config |
get_dict |
Read dictionary file with line pagination |
get_payload |
Read payload file with line pagination |
get_vuln |
Get vulnerability detail by name (CVE/CNVD ID), brief or full depth with PoC |
Makefile Targets
| Target | Description |
|---|---|
make run |
Build + index + start server (first run auto-clones data) |
make build |
Compile Go binary only |
make index |
Build FTS5 search index only |
make test |
Run unit tests |
make test-integration |
Run integration tests |
make docker |
Build Docker image (clones AboutSecurity from GitHub) |
make docker-local |
Build Docker image using local AboutSecurity repo |
make docker-ref |
Build Docker image pinned to a specific branch/tag |
make clean |
Remove binary, databases, and symlinks |
make clean-benchmark |
Remove benchmark logs |
REST API
| Endpoint | Description |
|---|---|
GET /api/health |
Health check + resource count |
GET /api/stats |
Resource statistics by type/source |
Environment Variables
| Variable | Default | Description |
|---|---|---|
ABOUTSECURITY_PORT |
8088 |
HTTP listen port |
ABOUTSECURITY_DATA_DIR |
./data |
Data directory root |
ABOUTSECURITY_API_KEY |
(empty=no auth) | API key for Bearer auth |
ABOUTSECURITY_TOOL_MODE |
lite |
Tool registration mode: lite (3 tools) or full (15 tools) |
Architecture
Build time: AboutSecurity/ → Python+jieba → builtin.db (FTS5 index)
Startup: cp builtin.db → runtime.db, scan team/ → INSERT
Runtime: MCP Streamable HTTP + REST API, pure Go tokenizer for new content
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found