The EPSS MCP Project is a server that retrieves CVE details from the NVD API and fetches EPSS scores from the EPSS server. It provides comprehensive vulnerability information including descriptions, CWEs, CVSS scores, and EPSS percentiles in one unified interface.
git clone <repository-url>
cd epss-mcp-project
pip install -r requirements.txt
.env file in the project root and add your NVD API key:NVD_API_KEY=your-nvd-api-key
For automatic installation with Claude Desktop:
npx -y @smithery/cli install @jgamblin/EPSS-MCP --client claude
Start the MCP server with:
python epss_mcp.py
docker build -t epss_mcp .
docker run -p 8000:8000 epss_mcp
The server will be accessible at http://localhost:8000.
To get details for a specific CVE, use the following format:
GET /cve/<CVE-ID>
Replace <CVE-ID> with the actual CVE identifier (e.g., CVE-2022-1234).
settings.json file and add the following configuration:"mcp.servers": {
"EPSS_MCP": {
"type": "stdio",
"command": "python",
"args": [
"/path/to/EPSS-MCP/epss_mcp.py"
]
}
}
Update the path in the args array to match the location of epss_mcp.py on your machine.
Install the Microsoft Copilot Labs extension if not already installed.
The MCP server should now be listed and active in the extension.
When using the MCP server in Open-WebUI, you can configure the following system prompt:
You are a specialized AI Assistant focused on the Exploit Prediction Scoring System (EPSS). Your expertise lies in delivering and interpreting EPSS data, which includes daily updated probability scores (0-1) and percentiles for Common Vulnerabilities and Exposures (CVEs), indicating the likelihood of their exploitation in the wild within the next 30 days. You are to help cybersecurity professionals understand these predictions, compare them with other metrics like CVSS scores, and use this information to prioritize vulnerability remediation efforts effectively. Provide actionable, data-driven insights in a clear, technically accurate, professional, and solution-oriented manner.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"cursor-rules-mcp": {
"command": "npx",
"args": [
"-y",
"cursor-rules-mcp"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.